Dire State Of Cybersecurity In 2021

Hackers are on ransom-spree. From fuel pipelines in the west to stock exchanges in the east, they are making their presence felt everywhere.  Last week, one of the largest fuel supply companies— Colonial pipeline which spans over 8,000 kms  was shut down after a breach. The company had to pay the hackers handsomely to resume their operations. Colonial Pipeline’s CEO admitted that his organisation paid the group of hackers a $4.4 million ransom as the company executives were unable to assess how badly their networks had been hacked or how long it would take to repair the pipeline. The particular case has come out in the open, many go unnoticed – thereby requiring an urgent fix.

Ransomware viruses are encoded in a file sent to a targeted user.  The hackers then try to do a trade-off by giving access back for some money. The ransomware attacks have increased by almost 37% during the pandemic. Moreover, Common Vulnerabilities & Exposure (CVE) saw a phenomenal jump of over 356% from just 57 in 2019 to 260 in the first quarter of 2021, as per Ransomware Spotlight Report 2021. 

Major cyber-attacks in India

• May 2021 – The Air-India data breach of more than 4.5 million passengers after a sophisticated cyber-attack on SITA – the Switzerland based company providing passenger services system. The attack was carried out on its servers based in the US.
• March 2021 – Ransomware attack on Pimpri-Chinchwad Municipal Corporation, Smart City project in Pune district, managed by Tech Mahindra.
• In October 2020 – Haldiram’s popular food major faced the ransomware attack, and attackers demanded $7,50,000 for access.
• November 2020 – Indian Computer Emergency Response Team (CERT-In) issued a warning against the spread of ransomware virus ‘Egregor’ capable of stealing vital corporate data.

Several other ransomware attacks, including WannaCry, Petya, Mirai Botnet and Pegasus, have impacted private and public organisations on an immense scale. “If we go by the “Pegasus attack” by the NSO group of Israel, which was a topic of hot debate among large sections of our society, your phone can be compromised with even a missed call which is a shocking but cruel reality. This is called ‘Zero Interface Vulnerability’, said Pukhraj Singh, Cyber Intelligence Analyst.

“There is baseband software in our mobile phones, which is just like a chip. This chip acts as an interface between the hardware and software. Whatever communication we receive on our phones is converted into data by the interface. The moment this interface is compromised, you are hacked. Even formatting your phone will not work, but you have to change your handset altogether. The same was also discussed in a Blackhat Conference.”

This is why organisations are seeking state-of-the-art solutions like machine learning and AI to thwart these attacks. Companies like DarkTrace claim that their algorithms can detect the threats in real time.

What can AI do

Cyber AI from Darktrace is capable of neutralising ransomware without relying on rules or signatures. The tool is capable of identifying even the most sophisticated strains of ransomwares, while giving a response within seconds. It works by studying the organization’s ‘patterns of existence,’ which include people, machines, and servers, and detecting ransomware attacks as soon as they deviate from the standard.

Researchers Subash Poudyal and Dipankar Dasgupta from the Department of Computer Science, University of Memphis, have proposed an AI-powered ransomware detection framework. They have designed a ransomware analysis tool – AIRaD (AI-Powered Ransomware Detection), using the techniques of reverse engineering, static and dynamic analysis, and machine learning. The researchers are in the process of development, and they are planning to make it an open-source tool.

Whereas,…