Business houses and individuals are facing sophisticated malware attacks around the world. This is true about not only big business companies but even small and medium business houses. Cyber criminals are also targeting individuals for sensitive personal and financial information. Ransomware attacks are increasing and they are targeting stakeholders ranging from big hospitals, banks and individual computer users.
Even at the organisational level, the directors and top management are lethargic towards cyber security of the organisation. For instance, the directors of Indian companies are not at all paying attention to cyber security issues. As the Indian government is not pushy at all regarding ensuring cyber security in companies and at the level of Indian cyberspace, these directors are escaping their legal liabilities even if a cyber breach occurs. There are no cyber security breach disclosure norms in India and this makes the directors and top management indifferent toward cyber security related legal obligations in India.
India has no dedicated cyber security law though it is absolutely required due to projects like Digital India and Aadhaar. Cyber criminals are targeting banking sector of India with ease and stealing big amount of money. The Reserve Bank of India (RBI) had even declared that it would open up an IT subsidiary that wold take care of cyber security issues of banks in India. However, till May 2016 there is no sign of such an IT subsidiary. Similarly, the Indian government has appointed Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India but much has to be done after this stage.
In the present cyber security environment, malware have emerged as undefeatable and uncontrollable. Cyber security product and services providers have no other option left but to innovate so that sophisticated malware can be detected at the earliest stage. Anonymity tools and use of Dynamic DNS, Fast Flux and Bullet Proof Servers has further complicated the problems for law enforcement agencies world over. Instead of strengthening the cyber security capabilities, law enforcement agencies around the world are barking the wrong tree. They are trying to kill encryption and compromise the cyber security by demanding backdoor in the security products. FBI of US has even gone to the extent of acquiring long arm jurisdiction through US Supreme Court that would allow it to target global computers. This would clearly violate civil liberties and cyber laws of various nations.
Cyber criminals have unlimited resources at their disposal these days. Many of them are even supported by state actors and this allows them to make customised malware that cannot be detected and eliminated by traditional anti virus and security products. As a result the contemporary cyber security products and services are ineffective in preventing such malware from causing damage.
World has already faced sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc. These malware were unique as they were detected much after they infected the targeted systems. Some of these systems remained infected for many years and this facilitated targeted cyber espionage and customised infection of these systems.
The financial sector has its own share of cyber security problems and challenges. Malware targeting financial sector are also in circulation for long. These include Carbanak, Vskimmer Trojan, Malware Dump Memory Grabber, etc that cause tremendous financial loss world over. It is not just the financial loss but also loss of faith and goodwill that banks and other financial institutions have to face.
Perry4Law Organisation (P4LO) has provided the “Cyber Security Trends In India 2016” that have predicted that use of botnet and malware would increase in the year 2016. The trends has also predicted that critical infrastructure, cloud computing and e-health would also be on the receiving end. We have already witnessed an increased use of ransomware and malware for targeting hospitals and health industry. Similarly, big corporations are also frequently targeted and their data are encrypted by the cyber criminals. This data is then decrypted only after the ransom is paid by the corporation to the cyber criminal.
The year 2016 would witness an increased use of malware for various purposes like cyber terrorism, cyber warfare and cyber espionage. It is for us to develop both offensive and defensive cyber security capabilities and a robust cyber security infrastructure so that the impact of these malware can be minimised if not eliminated.