HOME
NEWS

Targeting countries for cyberattacks: A Real-Life Case Study


By VARINDIA - 2022-11-24
Targeting countries for cyberattacks: A Real-Life Case Study

By Manish Alshi, Head, Channels & Emerging Technologies, Check Point Software Technologies, India & SAARC

 

According to Check Point research, the second-most targeted industry in the world is the government sector. In the third quarter of this year, governments were on the receiving end of 1,564 weekly attacks on average, representing a 20% increase YoY.

 

This tracks what is seen in the headlines. The Center for Strategic and International Studies has documented every significant cyberattack against a government since 2006.

 

The list the Center keeps is incredibly comprehensive and remarkable to look at. Nearly every major country is involved in one way or the other; they range from phishing emails, malware, account takeovers and more. These are large-scale attacks, often aimed at key infrastructure.

 

Here in India, according to Check Point Software’s Threat Intelligence Report, an organization in India is being attacked on average 1798 times per week in the last 6 months, compared to 1126 attacks per organization globally, with the Government and Military sector being the third most heavily attacked weekly by sector with 3,354 weekly attacks per organization in the last six months.

 

And these are expected to increase in the coming years. A few months ago, during the uproar due to the inappropriate comments made against Prophet Muhammad, over 70 cyberattacks were made on Indian websites, both government and private. Launched by hacktivist group, DragonForce Malaysia, the attacks targeted the Indian embassy in Israel, the National Institute of Agriculture Research and even educational institutions such as the Delhi Public School, Bhavans and other colleges across the country.

 

In this attack brief, researchers at Avanan, a Check Point Software Company, will discuss how hackers target the government sector in a small nation located in the Western Hemisphere. Sharing such cases will hopefully help organizational ministries to learn from such attacks and how best to prepare and prevent future ones.

 

Attack Profile

The country highlighted in this brief is a small nation in the Western Hemisphere, with a population under 100,000.

The government as a whole–meaning all its employees across all its departments– sees a daily average of 93 phishing attacks–about 651 a week. On a yearly basis, that comes out to about 34,000 phishing attacks in total. Of these attacks, 5% will make it past default security. That’s 1,700 phishing attacks per year that make it to end users, across the entirety of the government.

However, some departments are hit far more often than others. By far, the Bureau of Standards–responsible for things like ensuring standardization across measurements, safety and more–is the most attacked department and its leaders are the most attacked people.

Why this department was targeted more than others is not clear. In fact, some of the departments that were targeted the least were Foreign Affairs and the Attorney General’s office.

By far, hackers tended to use the same methodology. In this case, financial attacks were the most-used attack method. Credential harvesting was a distant second.

Email Example #1

This is one of the many emails from threat actors that targeted leaders at the Bureau of Standards. This email starts with a .htm file claiming that there is a voicemail transcription. We see .htm files often to send malicious documents, and in this case, it’s no different. The idea of this email is to get the user to click on the voicemail link. Though office phones aren’t as popular as they once were, voicemails are still connected to email, so this is not a surprising email to see. Clicking on it, the end-user assumes, will bring them to an important voicemail.

 

Email Example #2

As analyzed by Check Point, this file is indeed malicious. It’s a Trojan that would work to take over the user’s computer. With high confidence, Check Point deemed this a critical risk.

Email Example #3

This email seems much more basic, but it’s not. This is a variation of a typical Business Email Compromise attack. There’s no malicious link or attachment, no payload. Just text. That makes it incredibly difficult for security services and end-users to identify and block. If the user was to follow up on this message, it would create a string of replies that would eventually lead to the threat actor asking for payment of some kind.

 

Techniques

Cyberwar. Hacktivism. Nation-states and groups acting like nation-states. The average country is playing in the middle of an unprecedented cyber battlefield. Some countries are more aggressive than others, but all countries are targeted in one form or another.

Besides the potential for political destabilization, or to gain a potential strategic advantage, these attacks are also valuable because governments hold an incredible amount of personal data. From identification numbers to health information, criminal history and tax information, governments the world over are a repository of personal information.

This combination of information and political calculation makes governments an incredibly attractive and valuable target.

In this profile of attacks on a country, threat actors have focused on financial-based attacks that tend to target the standards bureau. However, we see most departments attacked, and in a variety of different attack types.

Every government will have a different attack profile–that will depend on its size, geopolitical considerations and more. But this is a good, general guide of what countries experience. That will allow them to tailor their defenses accordingly.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA