Centre for Internet and Society

Sudhir Krishnaswamy

praskrishna — 2011-05-13T10:49:23Z

For more details visit http://editors.cis-india.org/home-images/krishnaswamy.jpg

Sudhir Krishnaswamy

praskrishna — 2012-01-28T08:23:11Z

For more details visit http://editors.cis-india.org/home-images/sudhir.jpg

Suckfly Attacks National Stock Exchange Tech Vendor, Among Others

praskrishna — 2016-05-29T08:07:00Z

A cyber espionage group attacked an Indian IT firm that provides support to India’s largest stock exchange. It’s one of many attacks in the recent past.

The blog post by Rohit Pathak was published in the Quint on May 21, 2016. Pranesh Prakash was quoted.

For 24 months now, several Indian government and private organisations have been victims of highly-targeted and sustained cyberattacks by Suckfly. Cyber security firm Symantec has been tracking Suckfly since April 2014 and believes it is a Chinese cyber-espionage group. According to Symantec, Suckfly uses stolen digital certificates to breach the internal networks of Indian organisations.

While Symantec has declined to name any of the victims, it says the high-profile targets include one of India’s largest financial institutions, an e-commerce company and its primary shipping vendor, a leading Indian IT company, two government organisations, and an American health care provider’s Indian business unit.

So far, the highest infection rate has been at a government organisation responsible for implementing network software across various ministries and departments of the Indian central government. Symantec’s investigation report says Suckfly uses custom malware called Backdoor.Nidiran to orchestrate the attacks. While Suckfly had used the same backdoor in its previous campaigns in other countries, in India the post-infection activity was significantly higher.

“We should be aware that this attack isn’t yet over. Suckfly has been targeting organisations since at least May 2014, and it very likely continues to have access to governmental and corporate servers in India thanks to the Nidiran backdoor,” says Pranesh Prakash, Policy Director, Centre for Internet and Society.

He added that, “Depending on what access Suckfly got, the damage could be anything from them having conducted fraudulent financial transactions to obtaining classified governmental secrets.”

It is as yet unclear what data has been exfiltrated by Suckfly, but the fact that no organisations have reported this to their customers shows that the current laws with regard to data security and data breaches are inadequate.

Pranesh Prakash, Policy Director, Centre for Internet and Society

In a detailed email exchange with Bloomberg Quint, Symantec’s security experts describe how Suckfly operates, its motives, and what Indian entities can do to protect themselves.

Suckfly’s Modus Operandi

In 2015, between 22 April and 4 May, Suckfly conducted a multistage attack on an Indian e-commerce company.

It first identified a user – an employee of the e-commerce company – to attempt its initial breach into the e-commerce company’s internal network.

Symantec says, “We don’t have hard evidence of how Suckfly obtained information on the targeted user, but we did find a large open-source presence on the initial target. The target’s job function, corporate email address, information on work-related projects, and publicly accessible personal blog could all be freely found online.’

Suckfly then exploited a vulnerability in the employee’s operating system (Windows) that allowed it to bypass the User Account Control and install the malware. It’s likely that Suckfly used a spear-phishing email to gain entry.

Having entered the employee’s system, Suckfly gained access to the employee’s account credentials and then used them to access the victim’s account and navigate the e-commerce company’s internal corporate network as though it were the employee.

Suckfly’s final step was to exfiltrate data off the victim’s network and onto Suckfly’s infrastructure.

Weekends Off

The attack took place over 13 days, but Symantec discovered that Suckfly was active only Monday to Friday. There was no activity from the group on weekends. This could be because the attackers’ hacktools are command line driven and can provide insight into when operators are behind keyboards actively working.

Suckfly’s Motives?

According to Symantec, “Suckfly targeted one of India’s largest e-commerce companies, a major Indian shipping company, one of India’s largest financial organizations, and an IT firm that provides support for India’s largest stock exchange. All of these targets are large corporations that play a major role in India’s economy. By targeting all of these organisations together, Suckfly could have had a much larger impact on India and its economy. While we don’t know the motivations behind the attacks, the targeted commercial organisations, along with the targeted government organisations, may point in this direction. Symantec’s research shows that Suckfly is well-equipped to carry out targeted attacks for years while staying off the radar of security organisations.”

Symantec refused to name the victims and when contacted, the National Stock Exchange (NSE) said its systems were secure and that it had not heard of any such attack on any of its tech vendors.

In the last two years, from 2013 to 2015, the total number of reported cyber breaches worldwide have increased 25%. India is amongst the most vulnerable – ranking third on the list of countries that have faced financial intrusion.

Smokescreen is a cybersecurity firm and CEO Sahir Hidayatullah claims virtually every large company in India has been compromised to varying degrees already.

Strategic economic advantage and intellectual property theft are the primary motivators for nation state attackers targeting energy, pharma, and manufacturing. Attacks against the financial sector are more commonly done by financially-motivated cybercriminals, however, nation state attackers have an interest here as well – being deeply embedded into critical systems affords opportunities for both mass data collection as well as the ability to cripple financial systems if required. All major governments aspire to have this offensive capability and are in various stages of having developed it already.Sahir Hidayatullah, CEO, Smokescreen

Over the last few months, our decoy detection network in India has seen an up-tick in targeted attacks specifically aimed at companies in banking, energy, pharmaceuticals and manufacturing. Manufacturing has seen the single largest increase in targeted attempts to compromise infrastructure. We have seen a large increase in ‘malware-less’ attacks including the use of stolen credentials on VPN systems.

More worrisome is that over the last year, we have conducted breach-readiness assessments for many of the large names in these verticals, and in every instance, the internal controls were unable to detect and respond to our simulated attacks in time. According to our assessment, none of them are prepared to withstand a targeted attack.

According to a 2015 survey conducted by PWC spanning 250 Indian companies, 72% of the respondents claimed they faced some sort of cyberattack over the last year. 63% claimed intrusions lead to financial losses and 55% claimed there was loss of sensitive information. But the worrying number is this – 78% have no cyber incident response plan. That’s good news for Suckfly and its comrades.

For more details visit http://editors.cis-india.org/internet-governance/news/the-quint-rohit-pathak-may-21-2016-suckly-attacks-national-stock-exchange-tech-vendor-among-others

Subodh Kulkarni

praskrishna — 2019-09-23T00:07:18Z

Subodh Kulkarni

For more details visit http://editors.cis-india.org/home-images/Subodh.jpg

Subodh

praskrishna — 2013-01-30T08:49:37Z

Subodh Saxena

For more details visit http://editors.cis-india.org/home-images/Subodh.png

Subodh

praskrishna — 2022-10-12T12:48:15Z

Subodh

For more details visit http://editors.cis-india.org/about/people/SubodhKulkarniphoto.JPG

Subject to technology: internet pornography, cyber-terrorism and the Indian state

praskrishna — 2011-11-04T09:36:19Z

This article by Nishant Shah was published by Routledge in Inter-Asia Cultural Studies, Volume 8, Number 3, 2007.

For more details visit http://editors.cis-india.org/internet-governance/net-pornography-cyber-terrorism-indian-state

Subhashish Panigrahi joins Open GLAM Working Group

praskrishna — 2014-05-27T09:40:40Z

Subhashish recently joined the OpenGLAM Working Group (a global network of people who work to open up cultural data and content.) as a member and OpenGLAM Local (a local affiliate of OKFN's OpenGLAM project) as an ambassador for India. Both the positions will be voluntary.

OpenGLAM Working Group

The OpenGLAM Working Group is a global network of people who work to open up cultural data and content. We run workshops and provide documentation for cultural institutions wanting to open up their data as well as organise events bringing together groups that are committed to building an open cultural commons. The Working Group Members act as a bridge between different organisations and initiatives, and the global network. We meet every month virtually to discuss relevant updates, pressing issues, and next steps to be taken. If you are interested in joining, please get in touch with openglam@okfn.org.

Read the full details on this page.

Open GLAM Local

OpenGLAM has established several local groups as well as OpenGLAM ambassadors to serve as the local point of contact in their area. They are closely connected to the Local Groups of the Open Knowledge Foundation and work on open culture in these local groups. Subhashish Panigrahi is the local contact in India.

For more details visit http://editors.cis-india.org/news/open-glam-working-group-members-subhashish-panigrahi

Subhashish Panigrahi

praskrishna — 2012-10-02T05:48:09Z

Subhashish

For more details visit http://editors.cis-india.org/home-images/Subhashish.jpg

Subhashish

praskrishna — 2015-02-05T14:24:51Z

Subhashish Panigrahi

For more details visit http://editors.cis-india.org/home-images/copy_of_Subhashish.jpg

Subhashish

praskrishna — 2014-08-13T00:43:33Z

Subhashish

For more details visit http://editors.cis-india.org/home-images/Subha.jpg

Subhash Bhatnagar

praskrishna — 2012-06-25T09:42:12Z

Prof. Subhash Bhatnagar

For more details visit http://editors.cis-india.org/home-images/Subhash.jpg

Subbiah Arunachalam

praskrishna — 2011-01-28T11:13:22Z

For more details visit http://editors.cis-india.org/home-images/arun.gif

Subbiah Arunachalam

praskrishna — 2012-12-14T05:32:33Z

Subbiah Arunachalam

For more details visit http://editors.cis-india.org/home-images/subbiah.png

Subbiah Arunachalam

praskrishna — 2014-10-23T05:08:54Z

Subbiah Arunachalam (known to friends as Arun) started his career as a research chemist, but found his calling in information science. In the past four decades, he has been a student of chemistry, a laboratory researcher (at the Central Electrochemical Research Institute and the Indian Institute of Science), an editor of scientific journals (at the Publications and Information Directorate of the Council for Scientific and Industrial Research and the Indian Academy of Sciences), the secretary of a scholarly academy of sciences (IASc), a teacher of information science (at the Indian National Scientific Documentation Centre), and a development researcher (at the M.S. Swaminathan Research Foundation and the Indian Institute of Technology Madras). While working with M.S. Swaminathan Research Foundation, he initiated the South-South Exchange Traveling Workshop to facilitate hands on cross-cultural learning for knowledge workers from Africa, Asia and Latin America engaged in ICT-enabled development.

Arun has been on the editorial boards of six international refereed journals including Journal of Information Science, Scientometrics, Journal of Community Informatics, and Current Contents; till recently he was a member of the international advisory board of IICD, The Hague, and a Trustee of the Voicing the Voiceless Foundation. Currently he is a trustee of the Electronic Publishing Trust for Development. Improving information access both for scientists and for the rural poor; scientometrics, ICT-enabled development and open access are among his current research interests.

For more details visit http://editors.cis-india.org/internet-governance/blog/subbiah-arunachalam