Cyberattacks hit local govts and tech sector most in 2019

The revocation of Article 370 in Kashmir in August last year and putting the state under lockdown had a major impact on multiple sectors and political and economic reverberations.

Meanwhile, in cyberspace, the impact was felt in an uptick in cyber intrusion activity in the subcontinent. These are the findings by global cybersecurity firm CrowdStrike in its 2020 Global Threat Report.

In the report, the company says that it saw renewed activity from Quilted Tiger after a one-year hiatus. A Kashmir-themed lure was observed delivering the adversary’s bespoke BadNews malware.

Meanwhile, another adversary malware, Viceroy Tiger made alterations to its bespoke BackConfig malware, updating the download mechanism, persistence mechanism and data obfuscation.

CrowdStrike Intelligence also detected intermittent use of malicious Android malware, including the tool, KnSpy, with July activity targeting users in the region.

Another major source of attacks was Mythic Leopard that was seen all year around, primarily targetting government sector entities.

Going beyond India, the report says that cyber attacks were seen on a wide range of industries, with the telecommunications industry being targeted with increased frequency by threat actors, such as China and North Korea.

According to CrowdStrike organisations should pursue the “1-10-60 rule” in order to effectively thwart cyber threats. 1-10-60 guidelines are the following: detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes.

Organizations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, ultimately minimizing organizational impact.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands.

As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said Adam Meyers, vice president of Intelligence at CrowdStrike.

Another interesting trend was that malware-free tactics accelerated, surpassing
the volume of malware attacks.

In 2019, 51% of attacks used malware-free techniques compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.

The industries at the top of the target list for enterprise ransomware (Big Game Hunting) were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.