CHENNAI: There has been a 31 per cent increase in ransomware attacks — which involve malware that encrypt files and hold the owner to ransom to access their data — in India amid the pandemic in 2020, according to a report by Chennai-based Cyber Security Works (CSW), a leader in Attack Surface Management (ASM) and an official CVE Numbering Authority (CNA), along with RiskSense.
According to the report, the National Highways Authority of India (NHAI), Apollo Tyres, India Bulls, and Delhi Medical Council were victims of ransomware attacks in the past year, and their data has been exposed on the dark web. It has been learnt that NHAI was attacked by Maze Ransomware on June 29, 2020, and over 43 GB of data was stolen. Right after the attack, on July 2, the threat actors posted about 2 GB of the data on the dark web to prove it had been stolen.
On August 2, the Maze Ransomware gang dumped over 43 GB of the data on the dark web. The data included sensitive documents about staff, a passport copy of the former chairman of NHAI, details of employees’ families, and internal audit reports. Other high-profile data breaches in India impacted critical infrastructure over a variety of sectors including pharma, telecom, e-commerce, and public sector entities. Dr Reddy’s, Big Basket, Airtel, Jawaharlal Nehru Port Trust (JNPT) and Juspay had their sensitive and personal information exposed on the dark web.
A military veteran and cybersecurity enthusiast, on condition of anonymity, said India’s ranking in the cybersecurity index had fallen, as per the World Economic Forum’s 2019 report, due to Aadhaar breaches, but added that India is more aware of cyber threats than other nations. “It was found that the number of vulnerabilities associated with ransomware quadrupled from 57 in our 2019 research to 223 in 2020. Software-as-a-service (SaaS) applications emerged as a new target for ransomware, and had the highest count of vulnerabilities that were seen trending with active exploits,” said the report.
This has a lot to do with work-from-home culture, wherein people work from remote, rather than secure, networks. Until a few years ago, only groups with knowledge about security and with coding expertise could launch and mount complex cyber attacks. No longer is that a requirement now that ransomware as a service (RaaS) has become almost mainstream. RaaS has enabled just about anybody to launch ransomware attacks without getting creative with code or having extensive security expertise.
Work-from-home culture adds to risk
Software-as-a-service (SaaS) applications emerged as a new target for ransomware, and had the highest count of vulnerabilities, the report said. This has a lot to do with work-from-home culture, wherein people work from remote, rather than secure, networks
(For the full story, visit www.newindianexpress.com)