Asia-Pacific region faced the brunt of cyberattacks in 2022

(Mains GS 3 : Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security)

Context:

• According to a report by IBM, The Asia-Pacific region continued to be the most attacked region in 2022 for the second consecutive year, accounting for 31% of all incidents remediated worldwide.

Statistics of  cyber attack:

• Manufacturing sector topped the list of industries attacked in the region with 48% of cases. It was followed by finance and insurance with 18% of cases.
• Spear phishing by attachment was found to be the top infection vector at 40%, with deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers accounting for 31% of cases, followed by ransomware at 13%, the X-Force Threat Intelligence Index found.
• Majority of these backdoor attempts observed globally were failed ransomware attempts, where defenders were able to detect the backdoor before ransomware was deployed.

Through ransomware:

• Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the files.
• Extortion was witnessed as the most common impact from cyberattacks, which was primarily achieved through ransomware or business email compromise with thread hijacking witnessing significant rise.
• Attackers using compromised email accounts to reply within ongoing conversations posing as the original participant witnessed a monthly increase of 100% in 2022 when compared to 2021 data, the report shared.
• And though the use of legacy exploits declined by 10% from 2018-2022, findings in the report indicate that legacy exploits enabled older malware infections like WannaCry and Conficker continue to be deployed by cybercriminals. 

Agencies to deal with cyber-attacks:

• The Indian Computer Emergency Response Team (CERT-In) set up in 2004, is the national nodal agency that collects, analyses and circulates inputs on cyber-attacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any significant cyber security event. 
• The National Cyber Security Coordinator, under the National Security Council Secretariat, coordinates with different agencies at the national level on cybersecurity issues, while the National Critical Information Infrastructure Protection Centre has been set up for the protection of national critical information infrastructure. 
• According to the government, the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious software programmes and to provide free tools to remove the same, while the National Cyber Coordination Centre works on creating awareness about existing and potential threats.

Recommended best practices:

• The Indian Computer Emergency Response Team (CERT-In) recommended maintaining regular offline data backups which need to be encrypted, immutable and should cover the entire organisation’s data infrastructure.
• Regularly check data and code/scripts integrity with all accounts should have strong and unique passwords with account lockout policy and multi-factor authentication for all services to the extent possible.
• Organizations need to have a separate administrative network from business processes with physical controls and Virtual Local Area Networks, no unnecessary access to administrative shares; a host-based firewall should be installed to only allow connections to such shares via server message block from a limited set of administrator machines.
• Further a disable remote desktop connections having the least-privileged accounts for remote desktop usage and a proper Remote Desktop Protocol logging and configuration, and anti-virus software should be updated; users must not open attachments or URL links (even ostensibly benign) in unsolicited e-mails and use secure web browsers, etc.

Conclusion:

• Businesses in Asia-Pacific including India will continue to face growing numbers and sophistication of cyber threats as bad actors take advantage of economic and geopolitical disruptions. 
• Hence, it is imperative that business leaders take immediate action to prepare and secure against these malicious threats