Moneycontrol PRO
Open App

Digital India, ransomware, and the rise of cyber threats in the country

India’s rise as a digital power not only requires digital awareness among the burgeoning set of internet users, it also demands the strengthening of the IT infrastructure with regards to security.

September 11, 2017 / 11:00 AM IST

Sunil Gupta

India is making a quantum leap into the digital realm by integrating the entire nation in the digital fabric.

Today, digital services have facilitated the simplification of a number of day-to-day processes, including banking, verifications, entertainment, availing government-led services and researching about any desired product or service online.

Surely, digital technologies, as they are very beneficial, have been a boon for the entire country in one way or the other. But sadly, they are as beneficial for cyber attackers waiting to steal sensitive financial details or compromise the data of a user.

Let us, then, highlight the rise of Digital India and the potential susceptibilities to cyber threats that it needs to counter to ensure its smooth rise on the global digital arena.


India – An Emerging Digital Dream

By 2016, more than 3.3 billion people were live on the internet. India single-handedly contributed about 460 million individuals to this figure.

Scrolling the timeline a bit further, 730 million people will be streaming the internet in India by 2020. This extraordinary increase in internet penetration reveals the true scope of digital services.

Over the years, the nation has performed exceptionally well with regards to its advances in the digital domain. This includes initiatives such as Digital India, Aadhaar card, digital locker, digital life certificates, and digitisation of other government-led services such as MNREGA.

Other initiatives such as BharatNet, which seeks to make high-speed internet available in more than 200,000 villages in India, are also building the much desired digital infrastructure and adding considerable thrust to India’s digital foray.

However,, the increasing number of first-time internet users in India is also posing a big challenge. Snce first-time users are least aware about digital technologies and potential threats, they are more likely to fall victim to the most basic malicious tricks.

This includes debit card frauds, malicious programme downloads, social engineering, phishing, etc. As the digital literacy increases, so must the awareness around the vulnerabilities in this domain.

India’s rise as a digital power not only requires digital awareness among the burgeoning set of internet users, it also demands the strengthening of the IT infrastructure with regards to security.

Last year, 32 lakh debit cards were made redundant due to a third-party system installed in ATM machines. A malicious code was laced into the payment switch through which the cyberattacker retrieved financial data of victims. It was a one-of-its-kind code which was specifically designed in a way so that it wipes off its trail completely.

This inherent characteristic makes such malicious programs virtually untraceable if they are not active during the cyber security assessment.

As India strengthens its IT infrastructure, it heavily relies on third-party systems for across-the-board operations.

Since a thorough line-by-line assessment of codes and programs is not possible, this poses a significant threat.

The Aadhaar card’s data collection and storage, for instance, relies heavily on third-party systems. This data comprises sensitive user-centric information including addresses as well as iris and fingerprint scans. A subsequent breach on Aadhaar card systems can have wide-ranging implications.

It must also be duly noted that modern cyber threats far outweigh their predecessors in their level of sophistication.

Emerging technologies and our increasing reliance on them is making it impossible to address the new threats with conventional methods.

Recently, the WannaCry Ransomware grabbed headlines by affecting about 400,000 systems in about 150 countries despite a timely resolution. India ranked third among the most affected nations and had about 48,000 systems affected by the ransomware attack.

What is fascinating about the WannaCry Ransomware attack is that it leveraged a network infection vector ‘EternalBlue’ to download and place a backdoor implant ‘DoublePulsar’ on the system.

Neither the backdoor implant nor the network infection vector were known barely two months before the attack.

Also, apart from the general malicious email-based propagation, WannaCry Ransomware was capable of discovering vulnerable devices using their IP addresses and sent SMB (Server Message Block) requests to linked devices.

This acted as a signalling beacon for other potential targets and propagated the malware to all connected systems, making it grow at an exponential rate.

This highlights the need to have a proactive approach rather than the oft-opted reactive approach in the cyber security realm.

It is also a high time for enterprises to look for next gen cyber security solutions such as Managed Detection and Response (MDR) that deliver advanced threat detection, deep threat analytics, global threat intelligence, faster incident mitigation, and collaborative breach response on a 24x7 basis.

With increased instances of wide-ranging digital perils including network compromises, ransomware attacks, cyber espionage, and data breaches, it is important for India, a fast-emerging digital nation, to timely address the core issues in the very dynamic digital landscape.

It will pave the way for India’s smooth transformation to a completely redefined digital friendly nation.

The writer is President & COO, Paladion Network
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

first published: Sep 11, 2017 10:59 am
ISO 27001 - BSI Assurance Mark