Photo Credit: Pexels
India was the second most attacked country in Asia Pacific and it made up for 7 percent of all attacks observed in Asia in 2020, according to IBM. The company has released its annual X-Force Threat report, detailing the most types of cyberattacks conducted last year and the industries that were impacted the most. Sudeep Das, Security Software Technical Sales Leader, IBM Technology Sales, India and South Asia, spoke to Gadgets 360 on how companies should harden their cloud-based data security with technologies like confidential computing, and more.
Das says that ransomware was the top attack type in India with a 40 percent share in the overall threat landscape. Ransomware is a tactic used by hackers to extort money out of victims by encrypting, stealing and then threatening to leak data, if the ransom isn't paid. The report reveals that the most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22 percent of all ransomware incidents that X-Force observed globally. It is estimated that Sodinokibi stole approximately 21.6TB of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43 percent had their data leaked – which X-Force estimates resulted in the group making over $123 million in the past year.
In India, Das says that Finance and Insurance sector was the top attacked industry with 60 percent of all attacks, followed by manufacturing and professional services. “Further, digital currency mining and server access attacks hit Indian companies last year. We also witnessed cyber criminals using relief efforts and public health information as spam lures including targeted attacks on critical components of the vaccine supply chain,” he says.
In 2020, most of the attacks on companies in India that IBM observed spanned from May to July – the time when the pandemic was reaching its peak in the country and businesses were scrambling to get online. The report highlights how cloud-based attacks have been on a rise as many businesses sought to accelerate their cloud adoption in the wake of the disruption caused by COVID-19. Das says, “Companies should harden their cloud environments with a zero-trust approach to their security strategy and leverage AI to monitor, detect and contextualize dynamic behaviours and movements across hybrid cloud environments, to verify the legitimacy (or lack of) of a threat and automate a response.”
Das also stressed on the use of confidential computing. “It encrypts data during processing, whereas before, data had to be decrypted just before being processed, leaving it potentially vulnerable. In other words, even if cloud environments are compromised, the data would be futile/inaccessible to a malicious actor with technologies like confidential computing,” Das says.
With confidential computing, Das says that organisations can help reduce the risk of exploitability from a malicious actor, even if they're able to access their sensitive environments. He adds that companies must also enable selective access to information and data to its employees, and outline a strong definition around who gets access to which data within the organisation.
The IBM report highlights that cloud environments can become a prime attack vector for threat actors in the future. However, there is no escaping it. Companies no option but to build stronger defences. “Practically, there is no alternative — companies have to be online and hence they would be exposed to the cloud based attacks – they will have to build their defences against such attacks. The primary course of action is to identify the controls that we need to put in place — ensure security hygiene around Identity and Data Security that would be targeted both by cloud based attacks as well as from within through misconfiguration, disgruntled employees and so on,” he says.
Globally, cybercriminals opted to disguise themselves as brands that consumers trust to steal users' financial information, harvest user credentials, or infect victims' devices with malware. The report says that brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020.
YouTube and Facebook also topped the list. Surprisingly, making an inaugural debut as the seventh most commonly impersonated brand in 2020 was Adidas, likely driven by demand for the Yeezy and Superstar sneaker lines.