Cyber Attacks: Definitely a Fact & Not Fiction

As reliance on the Internet is growing with an increasing number of organizations utilizing the Internet for conducting their business, it becomes evident that some bad actors are also realizing the power of technology and abusing it for their personal gains and motives. The Internet has taken the traditional criminal activities to a new level and has given birth to cyber crimes, cyber espionage and cyber warfare to name a few. It has become easy to find and attack your target easily over the Internet without having to move your location physically. While most of this sounds like sci-fi stories to common man, it is unfortunately the truth. There have been many major incidents in the past few years that have yet changed the way we look at security. Here are some of the most popular ones.

Stuxnet, a malware that targeted Siemens Supervisory Control And Data Acquisition (SCADA) systems was found to be actively infecting Iran's nuclear power plants. It was regarded as one of the most sophisticated and targeted malware to have been written till now. The origin of Stuxnet is still a mystery with speculations of US and Israel being involved in the making of the malware are rife. The way it worked was to infect a Windows PC and then look for specific industrial software applications installed on the system. It subverted one of its DLL libraries that handle the communication between the Windows machine and the Siemens PLC device. It also infected the PLC device and manipulated the rotation frequency of motors and also masked the actual frequency from the users to avoid any mitigation from scientists and to keep on working clandestinely. It was later discovered before it could do too much damage and was analyzed by a lot of researchers around the world, some of whom regarded it as a start of the cyber weapons era. It was also detected across India, though there haven't been any cases of mishap, caused by the malware reported by the authorities. There were however speculations that Stuxnet caused the failure of ISRO's INSAT 4B satellite but ISRO ruled out the possibility.

Ghostnet, an international cyber espionage ring, researched extensively by Information Warfare Monitor and Shadow Server Foundation was a botnet that infected more than 100 countries and targeted mostly govt. and media organizations including Dalai Lama's Tibetan exile centers in India. The primary infection mechanism was through emails with malicious attachments being sent to employees, which when opened dropped the malware on the system. The command and control server i.e. where all the infected machines connect and receive commands and act accordingly, was detected to be from remote parts of China. However, there is no evidence till date that relates these activities to the Chinese government. In India some of the detected emails came from a dead and compromised NIC email account which sent out the emails with malicious pdf documents to targeted govt. employees. Once it infected the systems it scanned the system for documents and communicated with the command and control server and sent all the interesting documents it found on the system to the C & C server. A lot of confidential documents were stolen by the ghostnet. The actual purpose and source of the attack still remains a mystery.

Recently, starting in December 2011, a supposedly Indian group who went by the name of Lords of Dharamaraja claimed that they had hacked into Indian military intelligence systems and had stolen top secret government documents and source code of a well known software company. Along with the claim, they also posted top secret documents online for anyone to download and read. The documents contained information on Indian military intelligence having backdoor access to mobile devices for surveillance purposes. Many mobile manufacturers were asked to provide access in exchange for doing business in India. The group also released the software company's source code online and according to a pastebin conversation posted by Yama Tough (the group leader), they were negotiating a deal, with someone who claimed to be the software company's employee, to not release the source code in return for some amount of money.

These attacks suggest that the threat is only going to grow given the ease with which targets are being attacked, and that organizations should now wake up to such threats. We are not living in a world with curious/harmless hackers wanting to hack systems only for fun, but a world where attacks are clearly driven by financial and intelligence motives.

The term being associated with these targeted and sophisticated attacks is Advanced Persistent Threats (APT) and it has become the new buzz word just like the cloud band-wagon. However, the important thing to remember is that targeted attacks against your organization are possible and not mere fantasies, so one should be security aware and should clearly define and protect their assets based on the critical nature of these assets, be it physical systems, design documents, financial data or anything that bears great importance to the business.