Group IB report highlights cyberspace weaponisation in 2019. India is at it too


Group IB report highlights cyberspace weaponisation in 2019. India is at it tooIt is nearly 2020 and the fear of a global digital dystopia is increasingly becoming real.

A newly released report from Singapore-based threat-intelligence firm Group IB underlines what has been brewing in cybersecurity over the last few years — the dominance of the nation state as the primary threat actor.

“The leading and most frightening trend of 2019 was the use of cyber-weapons in military operations,” the report says.

It says that there were 38 groups of state-sponsored attackers that were active over the last one year, with seven of these being new cyber-espionage groups whose activities were discovered this year.

Two of these groups, the report says, were sponsored by the Indian state and are called BITTER and Sidewinder. Both of these groups were primarily active in the Apac region, but further details remain unpublished.

Talking to The Economic Times, the founder and chief executive Ilya Sachkov stressed the need for multilateral dialogue and cooperation to address the growing weaponisation of cyberspace.

The report says that the use of cyberweapons and its real-world impact has become all too real with three incidents in particular — the cyber sabotage of the Simon Bolivar Hydroelectric plant and the resultant blackout in Venezuela in March; the US cyberattack on the Iranian Revolutionary Guards in June; and the Israeli missile strike on a building in the Gaza Strip, allegedly used by Hamas hackers to carry out cyberattacks.

The report also highlights an increased volume of attacks targeting the telecommunications and energy sectors. It also talks about Lazarus, a North Korean sponsored group, hitherto known for its attacks on financial services companies, targeting an Indian energy facility (likely the Kudankulam Nuclear Power plant, although the report doesn’t specify it), indicating their “military’s growing interest in this type of attack”.

The US, Russia, North Korea, Pakistan, China, Vietnam, Iran, UAE, Turkey, and South America were the other regions from where state-sponsored attacks are believed to have originated.

Group IB is forecasting the situation to worsen further with possible attack scenarios, including cutting connectivity in a country completely and attacks on domain-name registrars. Things could get especially bad for the telecommunication sector, with the advent of 5G and the increase in the number of connected devices.

Group IB CTO and co-founder of Dmitry Volkov says the findings of the reports must make everyone in cybersecurity review their threat models. “Attribution is never easy, but it is always possible to attribute attacks based on the knowledge you have,” he added.

The report is the result of Group IB’s own threat intelligence, combined with threat intelligence from other cybersecurity companies.