• India was the second most cyberattacked country in the APAC, only behind Japan.
• 7% of all attacks, which X-Force (IBM’s proprietary security product) observed in Asia, were targeted towards India.
• Finance and insurance industries were the most targeted industries (60%), closely followed by manufacturing and professional services.
• Ransomware topped the attack type list in India, making up roughly 40% of the attacks.
• India has been considering a digital currency of its own for some time now, however, X-Force observed that digital currency mining and server access attacks hit many Indian companies last year.
• In 2020, most of the attacks on Indian companies occurred between May to July.

Talking about the findings from the study, Sudeep Das, Security Software Technical Sales Leader, IBM Technology Sales, India/South Asia, said “The 2020 threat landscape in India was largely shaped by the pandemic. As the pandemic’s timeline of events and progress unfolded, so did the attack trends. Ransomware was the top attack type in India with a 40% share in the overall threat landscape which although is not surprising yet, beyond expectation. We also witnessed cybercriminals using relief efforts and public health information as spam lures including targeted attacks on critical components of the vaccine supply chain.”

Related News:

IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

When asked what Indian organizations expect in 2021 and how they can overcome threats, Das added, “All these issues will remain in 2021 as well.  Hence, organizations need to harden their cloud environments with a zero-trust approach to their security strategy and leverage AI to monitor, detect and contextualize dynamic behaviors and movements across hybrid cloud environments, to verify the legitimacy (or lack of) of a threat and automate a response.

Furthermore, we need to use Confidential Computing for a higher level of isolation for secure enclaves of data. It encrypts data during processing, whereas before, data had to be decrypted just before being processed, leaving it potentially vulnerable. In other words, even if cloud environments are compromised, the data would be futile/inaccessible to a malicious actor with technologies like Confidential Computing.”

Other Findings

The findings in this report are based on data analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services and additional data provided by Quad9 and Intezer. Some of the key findings from the global level analysis include:

• Accelerated use of Linux Malware: An increase of 40% in Linux-related malware families was observed in 2020.
• Shift in Top Spoofed Brands: Amid a year of social distancing and remote work, brands offering collaboration tools such as Google, Dropbox, and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020. Adidas was another surprising entrant to this list at the No.7 spot.
• Ransomware became a profitable business model: Ransomware was the cause of nearly one in four attacks that IBM’s X-Force responded to in 2020. The majority of them exercised double extortion tactics. Using this model, X-Force found that Sodinokibi operators – the most observed ransomware group in 2020 – had a very profitable year. The report estimates that the group made over $123 million in the past year, with approximately two-thirds of its victims paying a ransom.

To download the complete report, click here.

Related News:

Rushing to the Cloud to Support Remote Workers Poses New Security Risks: IBM Study

The post India Becomes the Second Most Cyberattacked Country in APAC in 2020 appeared first on CISO MAG | Cyber Security Magazine.

How CDRThief Malware Spreads

To pilfer the call metadata, CDRThief malware queries MySQL databases used by the softswitch. The malware authors encrypt all suspicious-looking strings with XXTEA and the key fhu84ygf8643 to hide its malicious capabilities. The malware then reads credentials from Linknat VOS2009 and VOS3000 configuration files and obtains access to the data stored in the MySQL database. CDRThief also uses multiple functions to communicate with C&C servers.

“We can say that the malware’s primary focus is on collecting data from the database. Unlike other backdoors, Linux/CDRThief does not have support for shell command execution or exfiltrating specific files from the compromised softswitch’s disk. However, these functions could be introduced in an updated version. The malware can be deployed to any location on the disk under any file name. It is unknown what type of persistence is used for starting the malicious binary at each boot. However, it should be noted that once the malware is started, it attempts to launch a legitimate binary present on the Linknat VOS2009/VOS3000 platform,” the researchers said.

While the goal of this malware’s creators is unknown, the researchers stated the CDRThief malware is primarily used for cyber espionage. “Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud (IRSF),” the researchers added.

The post New Threat Alert! CDRThief Malware Targets Linux VoIP Softswitches appeared first on CISO MAG | Cyber Security Magazine.