Data breaches forced govt and firms to focus on cyber security
Mega cyber attacks such as "WannaCrypt" and "Petya" this year forced governments and enterprises globally, including in India, to focus and invest more on bolstering their security networks. In the first major attack of the year, the world reeled under "WannaCrypt" that locked files on computers. Hundreds of thousands of computers were infected with the malware in May. The primary reason for this attack being successful was not the software but human error. On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16year-old Windows XP operating system.
Once the patch for the vulnerability was released, hacker group "Shadow Brokers" exploited this loophole and wreaked havoc in 150 countries. Those who installed the update were saved, while several who did not, fell prey to the attack. Soon after the "WanaCrypt" attack, tens of thousands of computers globally were affected by the "Adylkuzz attack" that shut down SMB networking to prevent further infections with other malware (including the WannaCrypt worm). While Europe and major parts of the world struggled with another big ransomware attack called "Petya", India also bore the brunt. Some Indian servers were down owing to the Petya attack. The Shipping Ministry said operations at one of the container terminals at Mumbai's Jawaharlal Nehru Port Trust (JNPT) was affected by Petya. Companies like Genesis BM, a public relations firm, had to shut down systems in India after their international servers were attacked.
The month of May saw another cyber attack when a malware called "Judy" hit over 36.5 million Androidbased phones, making its way through Google Play Store. In August, the "Locky" ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours. It scrambled the contents of millions of computers and demanded payment to unlock it. A group of hackers leaked the "Game of Thrones" script, along with 1.5TB of HBO data that included other popular TV shows. The hacking group demanded approximately $6.5 million worth of Bitcoins from HBO. A group of hackers also penetrated Equifax -- one of the largest credit bureaus in the world - and stole personal data of 145 million people. Accountancy firm Deloitte was also targeted by a sophisticated hack that compromised the confidential emails and plans of some of its bluechip clients and the attack went unnoticed for months.
In November, Yahoo admitted that it was attacked in 2013 wherein criminals had information about all three billion accounts. In another massive attack, hackers stole the personal data of 57 million customers and drivers from Uber Technologies. The breach was concealed for more than a year. Most companies fall victim to cyber attackers either because of unpatched software with known vulnerabilities or because of the human factor like people falling victim to phishing emails, Finlandbased cyber security firm FSecure said. Later in the year, the enterprise cyber security company FireEye said Chinese advanced persistent threat (APT) groups that have allegedly been creating cyber havoc internationally will shift their focus in 2018 to countries like India and Hong Kong and groups seen as a threat to Beijing's influence over global markets.
Slowly becoming aware of emerging cyber threats, organisations worldwide will spend $96.3 billion on security in 2018 -- an increase of eight per cent from 2017, according to a Gartner forecast. More than 60 per cent of organisations globally will invest in multiple data security tools by 2020 -- up from 35 per cent today, it added. "Cyber attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years," the market research firm said.
To ward off future attacks, the Indian government set up NIC-CERT centre to monitor, detect and prevent cyber attacks on government networks. NIC-CERT will work in close coordination and collaboration with sectoral CERTs and CERTIn. Prime Minister Modi inaugurated the fifth edition of the Global Conference on Cyber Space (GCCS) in New Delhi in November that witnessed top global security experts deliberating on ways to fight cybersecurity. Noting that virtual currencies like Bitcoin have no "intrinsic value", the Indian government on Friday sounded the alarm on the phenomenon of cryptocurrencies, comparing them with the notorious Ponzi schemes floated to dupe gullible investors. A Finance Ministry statement said that as virtual currencies (VCs) were not backed by assets, their prices are entirely a "matter of mere speculation". "Consumers need to be alert and extremely cautious as to avoid getting trapped in such Ponzi schemes."
Named after an Italian immigrant to the US, Ponzi schemes operate by enticing a gullible group with the promise of very high returns in a short time, but is based on paying off the early investors from the cash from newer ones. The whole structure collapses when the cash outflow exceeds the inflow.
"VCs don't have any intrinsic value and are not backed by any kind of assets, " the statement said. "The price of bitcoin and other VCs, therefore, is entirely a matter of mere speculation resulting in spurt and volatility in their prices There is a real and heightened risk of investment bubble of the type seen in Ponzi schemes," it added. Noting that VCs are stored in digital format, the ministry said this makes them vulnerable to mishaps like hacking, loss of password and malware attack "which may also result in permanent loss of money".
"As transactions of VCs are encrypted they are also likely being used to carry out illegal/subversive activities, such as, terror funding, smuggling, drug trafficking and other moneylaundering acts," it said. It clarified that VCs are not legal tender and do not have any regulatory permission or protection in India. "VCs are neither currencies nor coins. The Government or Reserve Bank of India (RBI) has not authorised any VCs as a medium of exchange. Further, the government or any other regulator in India has not given license to any agency for working as exchange or any other kind of intermediary for any VC," the statement said.
The government also recalled that the Reserve Bank of India had cautioned potential investors about the risks in investing in cryptocurrencies like bitcoins on three earlier occasions -- in December 2013, February 2017 and December 2017. According to Indian investigation agencies, with the demand and price of cryptocurrencies on the rise, cyber criminals have found innovative ways to dupe those looking to invest. Bitcoins in India, have been trading at more than Rs 10 lakh each, while people are investing amounts ranging from Rs 3,000 to several lakhs of rupees. Bitcoin values in New York, for instance, have soared nearly 1,600 per cent over the past year and currently range upwards of $15,000. Meanwhile, cryptocurrency dealer Pluto Exchange on Thursday announced the launch of India's first mobile application for transacting in virtual currencies, enabling transactions via mobile numbers.