SPONSORED CONTENT
×

Sponsored Content is a "Paid For" Press Release distribution arrangement. Purely a Commercial Arrangement, brands and advertisers pay to be featured and to get this content published.

The Editorial/Content team at Business Standard has not contributed to writing/editing this article.

To get your brand featured in this Section write to assist@bsmail.in

Indian Data Centers Network faced enormous cyber attacks from April to December: An IETE, CyberPeace Foundation and Autobot Infosec Report

March 24, 2022 23:31 IST | ANI Press Release
Tennis player James Blake
Image: Report Statistics

You would like to read

New Delhi [India], March 24 (ANI/NewsVoir): The vulnerable exposed systems that are unmonitored and facing the internet, are the most attacked system for the attackers nowadays.

As per the research done by The Institution of Electronics and Telecommunication Engineers (IETE) and CyberPeace Foundation (CPF) along with Autobot Infosec Private Limited, nearly 51 million attack events have been recorded between April to December 2021 on the Data Centers Network based Threat Intelligence sensors network specifically simulated in India.

The Institution of Electronics and Telecommunication Engineers (IETE) and CyberPeace Foundation (CPF) along with Autobot Infosec Private Limited have jointly deployed Threat Intelligence sensor networks to capture and examine the behavioral techniques of threat actors.

The study is a part of CyberPeace Foundation's e-Kawach programme to implement a comprehensive public network and threat intelligence sensors across the country in order to capture internet traffic and analyze the real time Cyber attacks that a location or an organization faces. A credible intelligence on real time threats empower organizations or a Country to build CyberSecurity policies.

The objective for this research was to examine the different types of signatures that can be used as exhibitors of compromise on the simulated Data center network by collecting information which can mitigate the future attacks on real networks.

"By deploying the simulated network we can collect data on patterns of attack, the different types of attack vector for the different protocols and the recent trends of malicious activity." spokesperson, CyberPeace Foundation added.

Trends noticed by the research

Data collection for the current study started from April, 2021 to December, 2021. It was found that during the aforementioned time span the deployed network instance captured a total number of 50,477,393 attack events from a total number of 40937 Unique IP addresses globally. Mostly Attacked destination protocols were:

HTTPS (44.277%)

SSH (23.743%)

HTTP (19.305%)

SMTP (6.621%)

Image: Attacks Statistics

The study also found a total number of 26166 usernames that were used to log into the networks by attackers while a total number of 80282 passwords were found that were used to log into the networks by attackers.

During the threat analysis the Researchers also identified that after compromising the environment, attackers tried to run multiple terminal commands and also tried to download malicious payloads on the system.

Researchers found a total number of 131388 unique terminal commands were run in the system while a total number of 1262 unique payloads have been identified that were injected to the environment. The payloads include the malicious files like botnet, trojan etc.

The Advisory

Do not expose services like SSH, HTTP, HTTPS, SMTP, SMB, MSSQL, MYSQL unnecessarily to the internet.

Maintain strong Password Policy:

Use a strong password for all devices and online accounts.

Passwords should be at least 8-13 characters long.

Passwords should contain at least one upper case (A-Z), numeric character (0-9) and a special character (!@% & ....).

Do not use the same password for all your online accounts. All the passwords should be different for different accounts.

Try avoiding a password that consists in the dictionary.

Network firewalls should always be patched with latest security updates.

Add the attacker IP addresses mentioned in the report to the blacklist of the firewall solution in order to block inbound connections from the respective IP addresses.

This story is provided by NewsVoir. ANI will not be responsible in any way for the content of this article. (ANI/NewsVoir)

DISCLAIMER


(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

 

Dear Reader,


Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Indian Data Centers Network faced enormous cyber attacks from April to December: An IETE, CyberPeace Foundation and Autobot Infosec Report

New Delhi [India], March 24 (ANI/NewsVoir): The vulnerable exposed systems that are unmonitored and facing the internet, are the most attacked system for the attackers nowadays.

As per the research done by The Institution of Electronics and Telecommunication Engineers (IETE) and CyberPeace Foundation (CPF) along with Autobot Infosec Private Limited, nearly 51 million attack events have been recorded between April to December 2021 on the Data Centers Network based Threat Intelligence sensors network specifically simulated in India.

The Institution of Electronics and Telecommunication Engineers (IETE) and CyberPeace Foundation (CPF) along with Autobot Infosec Private Limited have jointly deployed Threat Intelligence sensor networks to capture and examine the behavioral techniques of threat actors.

The study is a part of CyberPeace Foundation's e-Kawach programme to implement a comprehensive public network and threat intelligence sensors across the country in order to capture internet traffic and analyze the real time Cyber attacks that a location or an organization faces. A credible intelligence on real time threats empower organizations or a Country to build CyberSecurity policies.

The objective for this research was to examine the different types of signatures that can be used as exhibitors of compromise on the simulated Data center network by collecting information which can mitigate the future attacks on real networks.

"By deploying the simulated network we can collect data on patterns of attack, the different types of attack vector for the different protocols and the recent trends of malicious activity." spokesperson, CyberPeace Foundation added.

Trends noticed by the research

Data collection for the current study started from April, 2021 to December, 2021. It was found that during the aforementioned time span the deployed network instance captured a total number of 50,477,393 attack events from a total number of 40937 Unique IP addresses globally. Mostly Attacked destination protocols were:

HTTPS (44.277%)

SSH (23.743%)

HTTP (19.305%)

SMTP (6.621%)

Image: Attacks Statistics

The study also found a total number of 26166 usernames that were used to log into the networks by attackers while a total number of 80282 passwords were found that were used to log into the networks by attackers.

During the threat analysis the Researchers also identified that after compromising the environment, attackers tried to run multiple terminal commands and also tried to download malicious payloads on the system.

Researchers found a total number of 131388 unique terminal commands were run in the system while a total number of 1262 unique payloads have been identified that were injected to the environment. The payloads include the malicious files like botnet, trojan etc.

The Advisory

Do not expose services like SSH, HTTP, HTTPS, SMTP, SMB, MSSQL, MYSQL unnecessarily to the internet.

Maintain strong Password Policy:

Use a strong password for all devices and online accounts.

Passwords should be at least 8-13 characters long.

Passwords should contain at least one upper case (A-Z), numeric character (0-9) and a special character (!@% & ....).

Do not use the same password for all your online accounts. All the passwords should be different for different accounts.

Try avoiding a password that consists in the dictionary.

Network firewalls should always be patched with latest security updates.

Add the attacker IP addresses mentioned in the report to the blacklist of the firewall solution in order to block inbound connections from the respective IP addresses.

This story is provided by NewsVoir. ANI will not be responsible in any way for the content of this article. (ANI/NewsVoir)

DISCLAIMER


(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

image
Business Standard
177 22