Security News

Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector.

Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting a wide range of critical infrastructure targets in India, including power plants, electricity distribution centers and Indian seaports. Despite these overlaps with known APT actors, Recorded Future said it will contrinue to track the group as a distinct actor because there isn't enough evidence to firmly attribute the activity to a singular group.

After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies. India's Internet Freedom Foundation has slammed this traceability requirement, claiming it will be impossible to implement strong end-to-end encryption as a result, and thus could harm privacy.

The malware strains named Hornbill and SunBird have been delivered as fake Android apps by the Confucius advanced persistent threat group, a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013. A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan's military and nuclear authorities, in addition to Kashmir's election officials.

Authorities in India determined that a major power outage that occurred last month in Mumbai, the country's largest city, may have been caused by hackers, according to reports. It took two hours to restore power just for essential services, and up to 12 hours to restore power in some of the affected areas.

Indian Prime Minister Narendra Modi has called on the nation's technology industry to start designing products for the world, and for youth to create new digital defences. In a speech to the Bengaluru Tech Summit, a major Indian tech event, Modi opened by saying: "Today, I am glad to say that Digital India is no longer being seen as any regular Government initiative. Digital India has become a way of life."

India's Securities and Exchange Board appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry's move to working from home. SEBI appears not to have made its document public, but India's National Stock Exchange - the nation's largest - plus the Bombay Stock Exchange and Multi Commodity Exchange of India all late last week published the same 14-point security guidelines that say SEBI has called for market participants to implement a security baseline on the computers their staff use when working from home.

The USA and India have struck a new defence pact that will see the two nations share high-quality spatial data and satellite images. Doing so means that India can, in theory, be more precise should it act in neighbouring trouble spots.

India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware. Though malware hit fewer numbers, it remains a more critical issue in India - reports almost 2x times Malware issues than the global average.

The nations of the Five Eyes security alliance - Australia, Canada, New Zealand, the USA and the UK - plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. Which is why the seven signatories to the Statement "Urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content".