India can be potential target for cyber-attacks

New Malware

Hyderabad: India is the IT and outsourcing capital of the world and most global organisations have their processing back bones and call centres operating out of India and this and the geo-politics make India a large potential target for planned and targeted cyber-attacks including ransomware, Wannacry is just the tip of the iceberg and organisations need to reassess the security programme and strengthen detection, prevention and response capabilities to counter such attacks.

As cyber-security threats continue to evolve, ransomware is fast becoming the number one cyber security challenge for businesses, irrespective of their size, location or industry they operate in. Wannacry is an awakening call, to enterprises and individuals of the need for better Cyber Security. It also raises awareness to alarming levels and demonstrates the impact that a ransomware can bring to enterprises and clearly demonstrates the shift towards financial gain by attackers. The alarming sophistication of ransomware, marks a paradigm shift in the cyber-crime ecosystem.

Organisations’ cyber security programme needs to evolve to keep pace with evolving threat landscape and should have ability to timely patch systems and detect such suspicious communications. Unfortunately, current state of cyber security at enterprises are not mature enough to timely detect, prevent and respond to these threats.

Kartik Shahani, Integrated Security Leader, IBM ISA, “This ransomware onslaught is a resounding reminder of security basics and hygiene that is required for organisational networks. The incident could have been avoided if critical patches were applied in time throughout companies across all industries. Enterprises constantly struggle to stay on top of regular patching cycles as this can impact day-to-day operations in some cases. IBM has a global incident response and intelligence services (IRIS) team to work with affected clients and those using IBM’s BigFix security patching or QRadar Network protection technologies have been better protected from this attack.”

“IBM’s Managed Security Services team has raised the AlertCon to level 3, which brings a higher level of focus and resources for our clients. We are also leveraging Watson for Cyber Security to analyse the data and derive insights to prevent future incidents. Companies will need to have an incident response plan in place to quickly recover and also ensure that employees, suppliers and others who work with them receives regular security training,” he added.

Shree Parthasarathy, partner – Deloitte Touche Tohmatsu India LLP, said, “The world is experiencing one of the most widespread ransomware attack with more than 2,00,000 individuals across 10,000 organisations in 150 countries affected in last three days. The current attack was carried out by a ransomware dubbed as “WanaCrypt0r 2.0” or WannaCry. Ransomeware, is a type malware designed to prevent access to a system until a sum of money is paid, usually as Bitcoins.

In the aftermath of the attack organisations are scrambling to determine if they have been impacted and if so what is the damage. There are many organisations that are doing nothing, as they do not have the skills or resources to conduct such a review and are like the ostrich with its head buried in the sand, which is hoping that the storm will go away.

Altaf Halde, Managing Director of Kaspersky Lab (South Asia), said, “On May 15, a security researcher from Google posted an artifact on Twitter potentially pointing at a connection between the WannaCry ransomware attacks that recently hit thousands of organizations and private users around the world, and the malware attributed to the infamous Lazarus hacking group, responsible for a series of devastating attacks against government organizations, media and financial institutions. The largest operations linked to the Lazarus group include: the attacks against Sony Pictures in 2014, the Central Bank of Bangladesh cyber heist in 2016 and a subsequent series of similar attacks continued in 2017.”

The Google researcher pointed at a WannaCry malware sample which appeared in the wild in February 2017, two months before the recent wave of attacks. Kaspersky Lab’ GReAT researchers analysed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the Lazarus group in 2015 attacks.

According to Kaspersky Lab researchers, the similarity of course could be a false flag operation. However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday. This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign.