[ad_1]
a The 30-year-old IT system that runs all of India’s Institute of Medical Sciences was hit by a massive cyber hack last week. The hack points to cyber signals by nation-states – China as a top contender.
The headlines fixed the hackers’ ransom demand – Rs 200 crore in cryptocurrency – as the main motive, but the scale and tactics used in the hack suggest other motives. While we don’t know the identity of the hacker yet, initial investigations claim that ‘foreign actors’ are behind the attack. The investigation named two Chinese ransomware groups – Emperor Dragonfly and Bronze Starlight (DEV-0401). Analyzing the previous activities of Bronze Starlight, the group may be involved in espionage, using ransomware as a smokescreen.
It is more likely that a state-sponsored entity rather than a private group carried out the cyber attack. The critical importance of AIIMS, New Delhi, data cannot be emphasized enough considering that it contains the medical records of top politicians and government officials.
The AIIMS hack was not the only cyber intrusion last week. We should consider the possibility of coordinated advertising on the Internet.
Also Read: ‘Foreign hacking, ransomware, espionage’ — angle under investigation in AIIMS cyber attack
National flag
There was an attempt to hack Safdarjung Hospital, also in New Delhi, but it was foiled. In Tamil Nadu’s Tiruppur district, patient records of Sree Saran Medical Center were targeted and the information was sold on the dark web. An exploit (security code that targets software flaws) was used by hackers in Sree Saran Medical Center’s third-party IT solution provided by Three Cube Labs. The hacking attempt was noticed on November 22.
Using a Protonmail account instead of a more secure medium suggests that the AIIMS hack was a messaging tool rather than a ransom play.
The Belfer Center’s 2022 National Cyber Power Index describes China as the second most complete cyber superpower, after the United States. The index includes several capabilities, including cyber surveillance, defense intelligence collection, information control, and other measures.
China is an Internet superpower that will launch a state-sponsored attack or attack. Hits backed by mercenaries in the coordinated manner we are seeing now.
In 2015, the US blamed China for hacking and collecting the data of 4 million federal employees from the US Office of Personnel Management (OPM). There is no smoking gun that could link the hack to Chinese state actors, but the evidence points to China – which is now widely accepted among security experts. The OPM hack gave Beijing access to the personal information of federal employees, including those with the highest security clearances.
The well-known hack of Juniper Networks, the company’s virtual private network (VPN), was traced to a backdoor installed by the US National Security Agency in the double elliptic curve system. The backdoor was the NSA’s data collection effort for data transfer through Juniper’s VPN service, but Chinese hackers used the same backdoor to hack the Juniper Network.
A state’s cyber capabilities can be used against it to hack using the same vulnerabilities used for passive espionage activities. The People’s Liberation Army’s Strategic Support Force conducts operations in the ‘Three Wars’ style in conjunction Against emotions, people’s opinions, and the law.
Also read: Tata Power hit by cyber attack, company says critical operating systems are working
Targeting critical infrastructure
The AIIMS hack and ransom demands have created a perception that the data of most top medical institutes is vulnerable.
We’re looking at a distributed network of state-sponsored, state-sponsored, and state-managed Internet service providers that provide resources for China’s intelligence agencies far beyond their officially hired employees.
“Even within MSS, there are sub-units in every major Chinese region and city that often take the lead in overseas operations. Collectively, these local partners employ more than 100,000 people—perhaps ten times more than MSS headquarters,” Alex Joske wrote in his book. Spies and Lies: How China’s Greatest Secret Operation Fooled the World
In the context of China’s Special Persistent Threat Operation (APT), Taiwan’s T5 team has Notice the rise of the “APT+InfoOp model”, which combines information operations with data penetration and Leakage of confidential information. The purpose is to send a message to the other side about the Internet’s ability to cause disruptive damage and influence public opinion.
In the cyber domain, the use of cyber attacks is part of the signal when the nation state wants to keep the escalation below a certain threshold.
Gone are the days when Chinese cyber espionage campaigns and cyber attacks targeted Tibetans in Dharamsala. We live in a new world where APTs target India’s critical infrastructure. The intrusion of malware into the Mumbai electricity grid last year was a wake-up call that India ignored. It is a type of cyber signal that states can now use to send messages of resolution to enemies during conflicts.
India’s lax response to attacks on critical infrastructure like AIIMS is a result of a lack of clear guidance on which entity should respond in such a situation: the Indian Army or a government agency?
Cyber hacks are not always the result of successful network intrusions but lax cyber security practices that allow APT to infiltrate. The humans responsible for protecting the network from making mistakes are the weakest points that APTs seek to exploit.
Hacking efforts in recent years have seen private cyber operators post information online, which is then purchased on the open market. Hackers have not leaked samples of information, unlike the case of the breach into the database of the Shanghai police. The data was left unprotected for more than a year, and hackers later attempted to steal the ransom. The breach was the result of poorly maintained IT systems and revealed that the Chinese government’s data management is not always secure.
Fight against cyber attacks
The new concept of centralized cyber event monitoring must respond to almost daily cyber attacks.
Taiwan has been at the forefront of the fight against cyber-attacks and may have a playbook to offer
Between September 2019 and August 2020, Taiwan was the target of more than 1.4 billion cyber attacks, according to a report by Japan’s National Institute of Defense Studies.
AIIMS hacking is not very sophisticated and can be stopped by regularly upgrading IT systems and fixing vulnerabilities.
A Chinese APT group, or even a state-sponsored institution, may be behind the AIIMS hack, but that doesn’t change the fact that India’s network is old and in need of a major upgrade. The new mantra of cyber hygiene is like continuous training and updating IT systems to prevent hack attempts.
In the cyber domain, the moral dimension of international relations seems fickle. A new cyber security strategy must be comprehensive enough to protect critical infrastructure like AIIMS and the power grid.
[ad_2]
Source link