While everything around the globe is being digitised more than ever, it has also resulted in an increased amount of malware attacks on all types of systems. This in turn triggers system lockouts, data theft, and other security-related concerns undreamt of. Meanwhile, a global provider of cyber security solutions – Checkpoint, recently published its latest Global Threat Index for January 2022. The report not only mentions what type of viruses are the top ones that have affected various industries but also state the topmost industries in India that are attacked by Malware. So here are the top 10 industries that are affected/attacked by malware in India:
1Education and Research
The education domain is one of the most Malware vulnerable industries in India, with the sector accounting for more than 30 per cent of cyber threats targeting enterprises in the country between July and September 2019 as per a report from Seqrite, the enterprise arm of IT security firm Quick Heal Technologies.
Back in August of 2021, Checkpoint reported that India experienced the highest volume of attacks with an average of 5,196 attacks weekly per education or research organization. This marked a 29 percent increase from the first half of 2021. This sector requires a lot of attention as many have faced issues during the pandemic period, be it organisations or end consumers.
As meetings and classes were being held via Zoom Meetings and Google Meet, some of the meetings were hijacked by hackers. Moreover, a lot of people, even when they had their mics and cameras off, were audible and visible to others. The more worrying breaches are those which involve student safety. Educational institutions are entrusted with the responsibility to safeguard their students, many of whom are minors, but a weak cybersecurity infrastructure can put them at risk.
2Healthcare
Healthcare is the second industry in the list of top 10 industries attacked by malware in India. Back in 2019, US-based cyber security firm FireEye said that hackers broke into a leading India-based healthcare website, thereby stealing 68 lakh records containing patient and doctor information. Between October 1, 2018 and March 31, 2019, FireEye Threat Intelligence observed multiple healthcare-associated databases for sale on underground forums, many for under $2,000.
These hackers are not only those who ask for ransom after a hack but are also from the neighbouring countries of India which worsens the relations between the two nations. FireEye said that it continued to witness a concerted focus on acquiring healthcare research by multiple Chinese advanced persistent threat (APT) groups.
“In particular, it is likely that an area of unique interest in cancer-related research, reflective of China’s growing concern over increasing cancer and mortality rates, and the accompanying national health care costs,” the cyber security agency said at the time of the hack.
Dr Reddy’s Laboratories and Lupin reported incidents of cybercrime in 2020 that affected multiple internal IT systems. It resulted in data leak of lakhs of patients and then making it accessible online. Out of all the industries, Ransomware affects Healthcare the most as it can heavily damage the reputation of the firm, ultimately affecting there ability to deliver care as well.
3Utilities
The utilities industry can be considered one of the major elements in running a nation and hackers find ways to manipulate and fill these industries with Malware as well and the instance in India where this industry was attacked by Malware was last year when a US-based cybersecurity company Recorded Future said that Chinese cybercriminals targeted the Indian power sector in mid-2020 when the standoff between China and India was at its peak.
10 distinct Indian power sector organisations, including 4 of the 5 Regional Load Despatch Centres (RLDC)… have been identified as targets in a concerted campaign against India’s critical infrastructure,” said the report. Chidambaranar and Mumbai ports were also identified as targets.
The report said that such attacks are ideal for posturing and can deliver as a signalling message as a ‘show of force’. “In the lead-up to the May 2020 skirmishes, we observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organizations. The PlugX activity included the targeting of multiple Indian governments, public sector, and defence organizations from at least May 2020”, the report said.
Although the report did not mention any disruptions caused by the injected malware, it talked about a massive power outage in Mumbai on October 13, 2020 that was allegedly caused by the insertion of malware at a state load dispatch centre in Padgha.
Then in 2021, An alert by the Computer Emergency Response Team of India averted a hacking attempt of the power systems in Telangana’s TS Transco and TS Genco by a China-based group. The hackers were reportedly trying to steal data and disrupt power supply. This shows that the infrastructure can cause various other elements of an economy to fail and shut down. Because of this, hospitals had to switch to backup generators and no one could imagine the scale of destruction if the problem isn’t solved in time.
4Government/Military
The protectors of the nation – the Military industries have also been affected by Malware in India. In June 2021, a Chinese state-backed hacker group targeted Indian defence research and other Indian organisations.
In a report released on 16 June 2021, cybersecurity firm Recorded Future, said it found links between a “suspected” Chinese state-sponsored threat activity group and the People’s Liberation Army’s Unit 69010, a Chinese military intelligence unit.
“The unit (69010) also likely has multiple subordinate offices primarily responsible for monitoring military activity along China’s western border,” the report said. Within a span of six months, Recorded Future research detected RedFoxtrot (which is nicknamed the hacker group) targeting “3 Indian aerospace and defence contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region”, the report said. The report, however, did not mention the names of the targeted organisations.
“We are unable to provide a list of all the targeted organizations, however, a couple of Indian defence contractors were Walchandnagar Industries — a Mumbai-based Heavy Engineering Company engaged in India’s Nuclear and Space programmes, and Alpha Design Technologies (ADTL) which is licensed to develop, manufacture, and supply defence electronics, avionics, simulation, UAVs, AFV equipment and systems”, Recorded Future told ThePrint.
In fact, in April 2021, General Bipin Rawat, India’s highest-ranking armed forces official, told reporters that “China is capable of launching cyber attacks on us that can disrupt a large number of our systems”. “While we’re trying to create firewalls against cyber attacks, we’re quite sure that they [Chinese hackers] will break through these firewalls,” he added.
This wasn’t the first time when the Chinese were attacking the Indian defence/government systems. In 2008, Indian government officials told the Times of India that Chinese hackers were trying to break down servers on a daily basis — this included targets like the National Informatics Centre, the National Security Council and the Ministry of External Affairs. Such instances conclude that India still has to lot to work upon in comparison with the cyber capabilities of other developed nations.
5Insurance/Legal
Insurance companies are the ones that provide you compensation for your monetary loss but sometimes, the company themselves have to give up in front of some hacking groups. The Insurance industry is not as vulnerable but is still on a hacker’s radar because of the amount of clientele information they can get access to. They can then force the company to give a ransom amount in return for the data without any leaks.
There aren’t many instances that are out in the public because these companies are tight-lipped when it comes to revealing such sensitive information. This is because their reputation will be hit the hardest as it will be ironic that an insurance providing company got hacked. However, you may note that sometimes, when you punch in your information on a website offering policies or insurance, you start getting calls from various people regarding policies within a short period of time. Does this mean that hackers have access to that website’s data?
6Internet Service Providers (ISPs)
A hacker group or an individual hacking an ISP can result in a big amount of data leak. Moreover, if the hacker wants, he can easily consume the network bandwidth, thereby rendering the service unavailable for the user. This is again one of those industries in India which are attacked by Malware in a major way.
In October last year, it was reported that there has been a 30-fold increase in distributed denial-of-service (DoS) cyber attacks in India during the month, compared to the volume recorded in September 2020. Cyber-security analysts at Tata Communications found that while the attacks started with a few targeted Broadband providers in early October, the pattern evolved and by the end of the month, attacks targeted multiple broadbands
providers simultaneously.
Most of the attacks were designed to flood an Internet service provider (ISP) network with malicious traffic – consuming all available Bandwidth and rendering the network unavailable to legitimate users. “A deeper analysis of the data found that these attacks were focused on services that are used extensively during the festive season, including media streaming,
Internet phone services and online gaming,” the findings showed.
As more companies increase dependency on networks in the Pandemic era, this can be very harmful for both a country’s infrastructure and its economy. It can disrupt the flow of information and get access to sensitive data of a firm. Researchers have always been advised to develop a way of defending against such attacks and stay aware of the threat.
7Manufacturing
Manufacturing Industry is prone to Ransomware attacks and is at a high risk at all times. This is because it is seen as a high value target by hackers. For some manufacturing facilities, important files such as product designs, clientele information, etc are only stored locally and this increases the risk of a hack, leaving a manufacturing facility largely unable to defend itself against ransomware threats.
Over the years, manufacturers across India have invested heavily to secure themselves against physical intrusions and damages. However, ensuring robust digital security for their IT systems as well as the connected devices used in manufacturing processes has remained quite low on the list of priorities”, said Sanjay Katkar, Joint Managing Director and Chief Technology Officer at Quick Heal.
“Indian manufacturing sector is vulnerable to threats from cyber-criminals looking to make financial gains, corporate espionage by competitors looking to gain competitive advantage, and/or state-sponsored threat actors looking to cause widespread economic disruption”, Katkar added.
A very recent instance, which took place a couple of days ago involves Sports manufacturer Puma. As per reports sharing details of the attacks, the attackers managed to steal the personal information of thousands of Puma employees and their dependents from the Kronos Private Cloud (KPC).
Kronos discovered the breach on January 7, 2022, and notified Puma of the incident on January 10. It didn’t, however, mention the total number of Puma employees affected by the data breach in its notification to the firm. This information was provided to the Office of the Main Attorney General. As per the shared details, the ransomware attack LED to data theft of a whopping 6,632 Puma employees. The data reportedly also involves the Social Security numbers of the employees.
8Finance/Banking
The banking industry also faces attacks and can be the most devastating considering the most dangerous attack can wipe out your entire bank balance. One of the biggest instances was in 2018 where Cosmos Bank was the target. During the attack, hackers siphoned off Rs 94.42 crores. Hackers hacked into the bank’s ATM server and took all the card details and wiped off money from 28 countries and immediately withdrew the amount as soon as they were informed.
In the same year, Canara Bank ATM servers were targeted. According to sources, more than 300 user’s ATM details were hacked by attackers and wiped off 20 lakh rupees from various bank accounts.
One of other instances of such an hack took place in March of 2021 when Mobikwik faced criticism from all over the nation over an alleged data leak that is said to be the largest in the history as sensitive information of 3.5 million users was found to be on sale on dark web.
The claim came from independent security researcher Rajshekhar Rajaharia who first spotted the data in February 2021. “11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy (PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump,” he had said.
The data that was put on the dark web for sale included KYC details, addresses, phone numbers, Aadhar card data and other details of the users. Several users had reportedly spotted their personal details on the dark web link that was being circulated on the internet.
Another one of the instances was when researchers reported on September 22, 2021, that Android phone banking customers in India were being targeted with the Drinik banking Trojan malware. The malware stole users’ personal data and funds using phishing techniques. These were only a few instances out of the many. They show us that this requires to be solved on an urgent basis where financial institutions and banks have to work up on their security.
9Transportation
Transportation industry is also one of the top 10 industries to be attacked by malware in India and it can wreck a havoc too. In March last year, bodies including National Informatics Centre (NIC), National Highways Authority of India (NHAI), National Highways and Infrastructure Development Corporation Ltd (NHIDCL), Indian Roads Congress (IRC) and Indian Academy of Highway Engineers (IAHE), as well as the state public works departments and testing agencies, were requested to conduct the security audit of their entire IT system.
“The Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards the Indian transport sector with possible malicious intentions. The ministry has advised departments and organisations under the transport sector to strengthen the security posture of their infrastructure,” an official statement, dated March 21, 2021, from Ministry of Road Transport and Highways said.
Another one of the instances was when Air India, the national Airline of India experienced a data breach in February 2021 when a record of a total of 4.5 million global customers was hacked. It happened because its Data Management Service Provider, namely, SITA PSS was accessed in an unauthorised manner. The compromised records revealed data ranging from years 2011 to 2021. The company then intimated all of its users in a timely manner to update their passwords to avoid misuse.
These instances sure do sound haunting. Even more dangerous could be a ransomware attack on this industry that can build pressure on the firm to pay the ransom amount to quickly restore operations as other connected businesses outside also get affected, such as the disruption of supply chains of hundreds or thousands of other businesses.
10Software Vendor
Software Vendors, also known as a software publishers, is an organization specializing in making and selling software, as opposed to computer hardware, designed for mass or niche markets. These include Microsoft which sells Windows software programs, or Adobe who develops Photoshop and Adobe Premier.
These software vendors are also vulnerable to malware attacks and one of such instances in India was when Nucleus Software Exports, an Indian company that provides lending software to banks and retail stores, suffered a major ransomware attack that not only crippled some of its internal networks, but also its encrypted sensitive business information.
The incident took place in May 2021 when the ransomware, identified as BlackCocaine, but more commonly known as EpsilonRed was the malware in concern. This shows how the security systems need to be improved as a ransomware gang was capable of infiltrating a major financial software supplier.
So these were the top industries that continue to get attacked by hackers. It is sad to see such big companies getting affected by these attacks and with such instances, it becomes difficult to put trust and faith in these companies. It is high time for the country and the biggies to strengthen their security framework so that users can live worry free.