How have cyber threat actors evolved with digital dominance across sectors?

“With great power comes great responsibility” — Throughout history, this phrase has been used by various fictional and non-fictional legends like Albus Dumbledore and Winston Churchill. And while the context behind the words has had a subtle difference in multiple situations, the bottom line is that those with a powerful mantle should not shy away from taking responsibility. The same is true in the case of cyber evolution and digital dominance.

Prominent business tycoons worldwide have expressed concerns about regulations surrounding technologies like Artificial Intelligence. For example, in 2018, Elon Musk, the billionaire tech entrepreneur and Tesla CEO, stated that AI technology is more dangerous than nukes. While the statement created ripples in the fast-evolving digital space, it was an unsurprising remark that most experts already knew.

Cyberspace experts have forecasted that as the industry witnesses more advancements, there will also be a subsequent rise in the threats. Considering most organizations and users had to quickly adapt the digital route during the pandemic, cybercrimes, from theft to embezzlement and data hacking, are up by 600%.

Cybercriminals focus on sectors heavily dependent on technology but have limited cybersecurity measures in place. Digital transformation is at its peak today, millions of users are entering the digital space every day, but with inadequately equipped resources to deal with cyber threats, the cyberattack size has increased massively.

Sectors with most cases of cyberattacks

According to India Ransomware Report H1 – 2022 released by Cert-In, most attacks are observed in Datacentres/IT/ITeS sector, followed by Manufacturing and Finance sectors. Ransomware groups have also targeted critical infrastructure in H1 2022, including Oil& Gas, Transport, and Power. The benefits of technological advancements like 5G, Cloud Infrastructure, AI, ML, and Big Data are directly proportional to their threats.

1. Public Administration: Earlier this year, the Central Public Works Department (CPWD) issued an advisory to its employees as they faced a spate of targeted cyberattacks. This isn’t the first instance a government body has faced such threats, nor will it be the last. Globally also, such cyber realm is used for espionage and breaching military-related information like Russian state-sponsored hacking that stole military and communication infrastructure data.
2. Health and Pharmaceuticals: Google’s Threat Analysis Group reported that they detected 18 million malware and phishing Gmail messages daily related to COVID-19 in 2020. In addition, the Group identified more than 240 million spam messages related to the pandemic. Cybercriminals usually try to bank on users’ fear and con them to access sensitive information. Breaching healthcare institutions and stealing records of patients can be used to gain unauthorized access to exclusive medical programs, get prescription drugs, and whatnot, leading to massive backhanded financial gain.
3. Finance and Insurance: The fintech sector has evolved dramatically during the last few years. More and more users are onboarding financial platforms for convenient banking and payment processes. Most users lack awareness and therefore get trapped in even the most obvious traps. Financial institutions are also prone to corporate-espionage-backed hacking activities. Moreover, given that these financial institutions have started using cloud infrastructure increasingly, opportunities for threat actors have also grown.
4. Education and Research: While the hybrid mode of education has become a reality over the last couple of years, very few talk about the dangers the EdTech ecosystem faces today. Education platforms worldwide are still getting used to digital facts like cloud usage, online documentation, payment, etc. These institutions are increasingly suffering from data breaches. According to a data breach report, the education sphere is among the leading sectors on average data breach costs in 2021. Cybercriminals leak personally identifiable data of students, faculties, and their staff such as name, date of birth, email address, phone number, physical address, educational documents, Aadhaar number, driving license, and other prerequisite information on cyber forums.
5. E-commerce retailers: Recent media reports revealed that a hacker group, Keeper, breached 570 e-commerce stores across 55 countries, including India. They leaked information about more than 184,000 stolen credit cards and sold compromised payment cards. This led to the generation of more than USD 7 million. The report also predicted that the hacker group would likely continue attacking online merchants or e-commerce retailers worldwide. The retail sector witnessed an unprecedented increase in cloud load during the pandemic. And while the industry has always been susceptible to cyberattacks due to poor security standards, the danger has magnified manifold today.

What preventive measures can be taken? There are various ways organizations, public and private, can protect themselves and their customers against cyber threats.

1. Establish policies and procedures for protecting sensitive data and enforce non-compliance. Prepare a breach response plan that includes roles, responsibilities, timeframes, call trees, alternates, etc.
2. Conduct PII “amnesty” days (shred paper PII/eliminate PII from local and shared drives).

• Minimize PII
• Secure PII
• Safeguard PII Transfer
• Dispose of PII

3. Protect data at the endpoints (disable USB drives, restrict BYOD devices, and maintain least privilege mode).
4. Enforce logging (UALs on O365 and Firewall Logs).
5. Use Endpoint protection/monitoring tools

• (EDR, XDR tools).
• Managed Detection and Response (MDR).

6. Encrypt sensitive data. Then if data is lost or stolen, it’s much harder for a criminal to use.
7. Use two-factor authentication. It won’t reduce the risk of stolen passwords but can limit the damage done with lost or stolen credentials.
8. Use of OSINT/Threat Intelligence.
9. Consider investing in Backup as a service.
10. Access Management.
11. Control Vulnerabilities.

You are at risk, period.

Any company that has taken half-hearted or no cybersecurity measures is at risk of getting breached. Even if it’s small in size, still in the start-up phase, or not profitable, if you have sensitive data, hackers are already somewhere in your system. These threat actors can disable computers, steal data, breach network systems, and exploit any vulnerability. This scenario is problematic and demands urgent strengthening of our ability to adapt countermeasures. It is, therefore, critical for companies today to invest in cybersecurity.

It is recommended to rely on cybersecurity experts to ensure that the company’s digital security is ironclad. For example, various cybersecurity platforms are working vigorously against ransomware attacks. By leveraging best-in-class software and futuristic technologies combined with comprehensive insights from cybersecurity experts, these platforms can positively impact the defense of both public and private sectors with ease and efficiency. So, if you haven’t jumped on the cybersecurity bandwagon yet, it is time to get more effective in your efforts to combat data breaches and other cybercrimes.

(The author is Mr. Raj Sivaraju, President, APAC, Arete and the views expressed in this article are his own)