Keywords

1 Introduction

Cybersecurity threats and breaches are taking away the sleep of Security Officers of the companies. They are not sure what kinds of attack, when and where will strike their network. Whenever we think of cyber attacks we can broadly classify it into three factors the spectacularity factor, the vulnerability factor and the fear factor. The spectacularity factor can be related to the impact factor of the attack that has been achieved on the targeted system. The impact can be financial loss, publicity loss for an individual or for the whole organization. An example of this impact factor is a Denial of Service (DoS) attack against any online service delivery platform business, which will result in stoppage of online service delivery and in turn lead to loss of substantial income. The vulnerability factor on the other hand is related to attacks on security system and security infrastructure. The fear factor plays on the attacker intention to create a sense of fear to its victim. Ransomware attacks have been one of the best methods to play fear factor on the government, organization or individual. Once the ransom has been paid the attackers decide whether to release the system or keep on going. The fear is always there with the victim. Nowadays all ransomware attacker uses cryptocurrency so that it becomes hard to trace.

Due to pandemic scenario change in working environment has seen increase in the motivation of cyber attack and also the target of the attack like government, healthcare facility and even pandemic research institutes [1]. If we take a survey 80% of the organizations do not spend enough budget on Threat Analysis and Prevention hence an overview threat landscape should give them the wake up call to do so. Though there was a 8% decline in global IT spending, the global spending for cybersecurity was increased to around 54.7 Billion US Dollar and its estimated that the spending will go up to 60.2 Billion US dollar compared to mere 40.8 Billion dollars I 2018 [2].

In this paper, we will compare the cyber security landscape of past few years and then we will compare it with pandemic scenario. We will also see how the motivation of a cyber security attacks’ and its target have impacted our economy. We will also see major breaches that have happened in the Q1 2021 and its impact [3].

2 Comparison of Cyber Attack

As per a study conducted by AT&T most IT companies spend up to 10% of their IT budget on Cybersecurity [4]. This attracts hackers to attack the system. With the pandemic in employees working from home and login in to the company secure server it became a lucrative offer for all the hackers. What came was the never before seen threats to different sectors. If we compare the attack scenario of last three years, the per month attack has risen in 2020 and it is still on the rise. Figure 1 graphically shows the cyber attacks per month per year.

Fig. 1
figure 1

Comparison of Cyber Attacks 2018–2021

Full size image
Fig. 2
figure 2

What Motivates Hackers (2020–21)

Full size image

Questions arises here that what is the motivation behind these attacks. As we have discussed in the earlier section the motivation behind cyber attack can be classified under spectacularity factor, the vulnerability factor and the fear factor. The other factors are cyber espionage, cyber warfare and Hacktivism.

Cyber espionage is a form of cyber-attack that steals classified, sensitive data or intellectual property data. The reason behind such a cyber attack is to make sure the victim which can be an organization or government entity losses their advantage. This data can then be sold to the highest bidder in the dark web. Cyber warfare uses current computer technology to disrupt the digital or online activities of the state or organization, especially when there is a deliberate attack on computer system for government, energy, strategic and military purposes. If strategic and military systems are compromised it can lead to the death of large number of people hence they are called Cyber Warfare. Hacktivism on the other hand is the act of hacking, or breaking into a computer system, for politically or socially motivated purposes. Example of Hacktivism in recent times are the operation #OpGeorgeFloyd, born after George Floyd was killed by police in Minneapolis in May 2020, amassed 8535 tweets in just three weeks. Some major hacks and cyber espionage of 2020 were like on July 15, 2020, more than a dozen high-profile Twitter accounts were commandeered by hackers who sent out tweets from the accounts of now President-Elect Joe Biden, Elon Musk, Bill Gates, Michael Bloomberg, Jeff Bezos, and others [5].

3 Comparisons of Cyber Attack Types and Target Industries

Before the Covid19 turned our life upside down the Industry was looking for an increase of cyber attack in the factor of 5 to 10% from the year 2019 to 2020 but little did we know the Covid19 scenario will create a tsunami of cyber attacks which took the advantage of the Work from the Home scenario. As the organizations were not ready with the new normal the organizations were forced to adapt protection protocol, but not giving away precious data. In this paper we have taken into account the Top 10 attack types used by hackers and also its intended industry target of attacks. The following section graphically represents the same.

If we compare the different attack type’s attacks that was used to compromise the system in the year 2020 and 2021 (Till April 2021) as shown in Fig. 3, we will see Malware was the highest followed by account hijacking, targeted attack, and vulnerabilities and so on. But if you look at 2021 vulnerability attack is on the rise. This is due to the fact the attackers are trying to access the vulnerability not only at organizational level but also at individual level via which they can get access to organization.

Fig. 3
figure 3

Different Attack Type used

Full size image

As we have seen the amount of cyber attack is on the rise we have to also see which are the different industries affected the most. Figure 4 shows the various targeted area of attacks. As clear from the graphical representation Individual have been attacked considerable compared to other heads like Public Administration, Education, Financial, Social Welfare.

Fig. 4
figure 4

Major Targets of Attacks

Full size image

4 New Types of Threats in 2021

Threats are there but now the hackers have turned their attention to new types of attacks all due to the new normal. Due to the Work from Home scenario most of the organizations are trying to upload the data to the cloud so that the employees can login from anywhere and work. They do keep sensitive data on private network but the growth of cloud storage and work has risen considerably in the past one year. Due to this two major types of threats have become real. Cloud Misconfiguration threats.

4.1 Cloud-Native Threats

Cloud-native threats are action taken by malicious node via “Land” mechanism where attack is done taking into account the vulnerabilities in the cloud deployment by the organizations, without using an malware, Another mechanism is “Expand” where attacking of victim is achieved through the weakly or misconfigured or unprotected interfaces to locate classified and valuable data. Another method of attack is “Exfiltrate” where attack is done at data own storage location and is mostly done with the help of disgruntled employees. This is what is called an ‘on-premises’ attacks. Other methods by which a victim machine can be compromised is infecting the victim’s machine with malware and then infecting in the network. These threats happen due to the prevalence of operating systems with well-documented vulnerabilities. In the cloud, there may not be a Windows, macOS, Linux, or even Android operating system to compromise. Attackers go after errors in configuration of the cloud and use stolen credentials for direct access for further increasing the severity of the cyber attacks [6].

The cloud native threats can be classified in four categories:

  1. 1.

    Delivery and Exploitation is the cloud service is exploited to deliver a malware strain or a phishing page e.g. Abuse Google Apps Script to steal credit cards from websites.

  2. 2.

    Actions on Objective is the cloud service is exploited to steal data, or launch other attacks e.g. ShinyHunters leaks personal information of over 20 million BigBasket user records,

  3. 3.

    Command and Control is the cloud service exploits attack the command and control infrastructure of the organization e.g. 30,000 MacOS endpoints New Silver Sparrow adware targeting Apple M1 Processors Exploited Service: AWS S3, and

  4. 4.

    Data Exfiltration is the cloud service is used as a drop zone for the exfiltrated data e.g. Multiple Targets Cybercriminals Target QuickBooks Databases Exploited service: Google Cloud Storage

Table 1 shows the different categories and percentage of attack. Figure 5 shows the graphical representation.

Table 1 Cloud Native threats and Percentage
Full size table
Fig. 5
figure 5

Cloud threat Exploitation Categories

Full size image

4.2 Leaky Buckets: A List of Cloud Misconfiguration Threats

Companies have been storing various types of data on the cloud, Over the last few years there have been multiple examples of leaky cloud services, exposing million of user records. This has been possible due to the victims are unaware, with can compromise the privacy of, or even lead to different kinds of attacks on the cloud infrastructure. For example two Magecart campaigns carried out compromising the AWS S3 buckets hosting the targeted sites’ configuration files. And despite AWS S3 is the most common service to leak data, yet we use it [7, 8]. Figure 6 shows the leaky configurations percentage which leads to threats.

Fig. 6
figure 6

Leaky Cloud Services

Full size image

5 Data Breaches in Reported from India

Keeping the above number of threats that are looming above us, The Biggest Data Breaches that was there in India for the last 6 months is shown in Table 2:

Table 2 Data Breaches from India
Full size table

The details of some of the major breaches in India in past 6 months:

  1. 1.

    ShinyHunters leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.

  2. 2.

    Indian stock trading firm Upstox (Indian Stock Trading Firm) revealed that they might have given access to millions of customers’ personal information due to Misconfiguration in their Server.

  3. 3.

    Zee5, an Indian OTT platform with over 150 million users data due to a security breach 9 million records have been leaked.

  4. 4.

    Personal details of 2.5 million Airtel customers were leaked by a hacker group ‘Red Rabbit Team’

  5. 5.

    Database of 500,000 Indian citizens applied for Bihar Police Subordinate Services Commission (BPSSC) exam were discovered by CloudSEK.

  6. 6.

    The data of 35 million users from Juspay goes on sales in the dark web due to Cloud Misconfiguration

It is very clear from the description of the above breaches nothing is safe. In the last 6 months there have been around 46 major breaches, out of which 6 are from India amounting to 13% of all breaches [9].

6 Conclusions

The ‘New Normal’ has made us think of security of digital devices that we thought we would never do. People have moved from free anti-virus software to anti-virus from McAfee or Norton for individual machines to security software’s for organization. Software Vulnerability auditors are auditing the implementation to make sure it has been done correctly. But the hackers are always in the lookout to find the vulnerabilities. This paper gave a overview of type of vulnerabilities that have attacked the system in the last one and half year. In the interim, 15% may be “rubbed” with total data loss, resulting in a complete system reinstallation. To conclude, 5% of the devices will result in inoperability [10]. According to Data Breach Investigations Report, 60% of ransomware attacks are due to shareware software, which has been common in the new normal.