India’s connected machines become cyber weapons for hackers
Unpatched computers, prevalence of legacy software and misconfigured smart and connected devices in India have become a favourite among hackers who exploit the lack of security to create sophisticated weapons. These devices, according to experts, are becoming botnets being used to run distributed denial of service (DDoS) attacks not just in India but around the world.
A botnet comprises a swarm of connected machines, which are typically exploited by cyber attackers operating from a remote location. They install malware on these systems to get administrator access to them, and use them for various purposes. The users of such devices often have no clue about what their devices are being used for.
Such machines can be used to ping websites, services and servers, and a cluster of such machines is called a botnet, which overloads other networks with traffic and brings them down, in what is called a DDoS attack.
Such behavior from cybercriminals is not particularly new, but the volume of cyber attacks have increased due to a climate of cyber warfare – such as the ongoing Ukraine-Russia war. While India is not a direct participant in the conflict, hackers look at globally vulnerable devices to exploit them – and use this in their cyber warfare efforts on either end.
According to a report published by US-based cyber security firm A10 Networks last week, India hosts 10% of the world’s bot networks, the second highest in the world after China. Russian cyber security firm Kaspersky’s quarterly DDoS tracker also highlighted that 12.8% of global botnets found in Q4 2021 were in India.
Globally, target sectors for DDoS attackers include telecom firms, government infrastructure, healthcare providers and even big technology firms. A10 Networks’ report noted that state-run telco Bharat Sanchar Nigal Limited (BSNL) was the fourth most exploited company in the world, in terms of their cyber infrastructure being used for botnets.
The report said that 5% of the world’s botnets originated from devices with BSNL’s internet protocol (IP) addresses. An email sent to BSNL seeking clarification on the matter remained unanswered at press time.
According to Akshat Jain, co-founder and chief technology officer (CTO) of security firm Cyware, the lack of “adequate cybersecurity awareness or standards” amongst small companies and government organizations, along with the “use of old and outdated Windows machines” is leading to this growth in compromised devices.
“Internet of Things (IoT) devices are also highly exploited. In these devices, malware is typically spread through connected controllers, and follows a similar pattern for most IoT hardware since the devices are not as complicated as PCs. If their operating companies succeed in closing the connected ports that are exposed to the internet, as much as 90% of them could be protected from being used in botnets,” Jain added.
According to an ethical hacker, who requested anonymity, the growth of botnets in India is also a result of rapid digitisation. The hacker, and Jain, both noted that the pandemic led to years of digitisation happening in a matter of months, but the awareness of security or possible threats didn’t grow at the same pace.
“It’s not just that. If you think six or seven years ago, machines in India were sending signals in kilobytes, because we didn’t have fast internet connections. Today, we have a large number of devices connected to 4G networks, sending signals in megabytes, but still using pirated versions of Windows or other software,” the hacker said.
To be sure, the government has taken steps too. Jain said that the cyber security rules instituted, notified by India’s Ministry of Electronics and Information Technology (Meity) on April 28, could help.
It mandates that firms must notify the Indian Computer emergency Response Team (Cert-In) within six hours of learning about a cyber attack or data breach. “Such threat intelligence sharing can help widely control the spread of malware and apply patches regularly, which can reduce the number of devices that are being exploited by hackers,” Jain added.