Malware attacks in India

What is malware?

Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.”

• Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware.

Types of Malware

• Viruses are a subgroup of malware. A virus is malicious software attached to a document or file that supports macros to execute its code and spread from host to host. Once downloaded, the virus will lay dormant until the file is opened and in use. Viruses are designed to disrupt a system’s ability to operate. As a result, viruses can cause significant operational issues and data loss.
• Worms are a malicious software that rapidly replicates and spreads to any device within the network. Unlike viruses, worms do not need host programs to disseminate. A worm infects a device via a downloaded file or a network connection before it multiplies and disperses at an exponential rate. Like viruses, worms can severely disrupt the operations of a device and cause data loss.
• Trojan viruses are disguised as helpful software programs. But once the user downloads it, the Trojan virus can gain access to sensitive data and then modify, block, or delete the data. This can be extremely harmful to the performance of the device. Unlike normal viruses and worms, Trojan viruses are not designed to self-replicate.
• Spyware is malicious software that runs secretly on a computer and reports back to a remote user. Rather than simply disrupting a device’s operations, spyware targets sensitive information and can grant remote access to predators. Spyware is often used to steal financial or personal information. A specific type of spyware is a keylogger, which records your keystrokes to reveal passwords and personal information.
• Adware is malicious software used to collect data on your computer usage and provide appropriate advertisements to you. While adware is not always dangerous, in some cases adware can cause issues for your system. Adware can redirect your browser to unsafe sites, and it can even contain Trojan horses and spyware. Additionally, significant levels of adware can slow down your system noticeably. Because not all adware is malicious, it is important to have protection that constantly and intelligently scans these programs.
• Ransomware is malicious software that gains access to sensitive information within a system, encrypts that information so that the user cannot access it, and then demands a financial payout for the data to be released. Ransomware is commonly part of a phishing scam. By clicking a disguised link, the user downloads the ransomware. The attacker proceeds to encrypt specific information that can only be opened by a mathematical key they know. When the attacker receives payment, the data is unlocked.
• Fileless malware is a type of memory-resident malware. As the term suggests, it is malware that operates from a victim’s computer’s memory, not from files on the hard drive. Because there are no files to scan, it is harder to detect than traditional malware. It also makes forensics more difficult because the malware disappears when the victim computer is rebooted. In late 2017, the Cisco Talos threat intelligence team posted an example of fileless malware that they called DNSMessenger.

Issues of cyberattacks in India:

• India’s power sector facing cyberattacks, with at least 30 events reported daily. A majority of the attacks originate from China, Singapore, Russia and the Commonwealth of Independent States countries.
• The cyberattacks assume importance given the increased state of hostilities in the Indian subcontinent and India’s ambitious nuclear plans that include constructing a dozen new nuclear power reactors across the country, with a total power generation capacity of 9,000 MW.
• While nine reactors totalling 6,700 MW are under construction, the Indian government has also given in-principle approval for setting up nuclear power capacities totalling 25,248 MW at Jaitapur (Maharashtra), Kowada (Andhra Pradesh), Chhaya Mithi Virdi (Gujarat), Haripur (West Bengal), and Bhimpur (Madhya Pradesh).
• Minister of State for Atomic Energy and Space Jitendra Singh said that the cyber attack happened in the administrative block and not in the plant.

Malware in Kudankulam Nuclear Plant

• Malware was detected at state-run Nuclear Power Corp. of India Ltd’s (NPCIL) Kudankulam Nuclear Power Plant (KKNPP) in September.
• State-run NPCIL runs India’s fleet of 22 commercial nuclear power reactors with an installed capacity of 6,780 megawatts (MW).
• A malware infection was identified in NPCIL KKNPP Internet-connected system.

Ransomware attack in T.N Public Department

• A ransomware attack is said to have encrypted certain sensitive documents of the Tamil Nadu Public Department since Friday morning.
• Official sources said some of those files related to VIP visits, programmes and arrangements made for them.
• While the suspect has demanded a ransom of $1,950 in cryptocurrency for handing over the decryption code, cybersecurity experts of the Centre for Development of Advanced Computing (C-DAC) and the Computer Emergency Response Team are trying to retrieve the files.

Way forward:

• As such, there are growing concerns that the country’s power infrastructure could be the next target of terrorists looking to cripple its economy. The issue has assumed greater importance as India now has an integrated national power grid, with south India joining the national electricity grid