Subex has released the findings of its State of Internet of Things (IoT) Security Report for the second quarter (April-June 2019) of this calendar year in New Delhi. The report, based on threat intelligence data gathered from across 15 cities all over India, outlines key sectors being attacked, the methods of attack, malware, and variants deployed, key cities that are being attacked and studied by hackers, malware developers and hacktivist groups.
The report was released by Minister of State for Home, Krishna Reddy at a function in New Delhi.
Key findings of the report include:
• Mumbai, New Delhi, and Bengaluru are attracting the maximum number of cyberattacks
• Smart cities, financial services, and transportation sectors lead the sectoral rankings in terms of cyberattacks
• The number of cyberattacks registered a 22 percent jump in the quarter
• There has been a significant rise in reconnaissance attacks
• A range of sophisticated malware is being deployed by hackers to target critical infrastructure projects
• IoT projects are being targeted at the proof of concept stages itself and many malware samples isolated showed a tendency to persist and listen to the network traffic
The study identified over 2550 unique malware samples in the country which is the highest reported so far. Modular and military-grade malware is often used by specialist hackers and groups with budgets and access to research and development facilities or online shops that develop and sell such sophisticated malware. Increase in the number of attacks with a geopolitical motivation is also a trend the study has reported.
The high level of malware persistence reported is indicative of a larger trend. Hackers are becoming more patient and willing to wait to attack or steal data. Also, the newer malware variants being detected are stealthier and can evade detection for a longer duration of time than before the study found. Such malware operates by staying silent while keeping their footprint and signature below detection thresholds. They can also streamline their behavior to match network traffic and stay dormant until certain thresholds are breached.
“By releasing these findings we intend to increase awareness and provide decisionmakers and other stakeholders sufficient data points to frame appropriate interventions. We hope this report will serve its purpose and help India secure its infrastructure and connected components. Today, our honeypot network is active in 62 cities around the globe. The threat intelligence generated from these cities is crunched in our IoT lab in Bengaluru to generate actionable intelligence on the threat environment surrounding IoT deployments. The threat intelligence compiled points to a high level of hacker interest in projects in India and this is indeed a matter of concern,” said P Vinod Kumar, CEO, Subex.