With the global ransomware attack at issue, many experts have been warning India of its own vulnerabilities. While India was part of the many regions that were affected by the ransomware program, in the earlier stage only a handful of cases of WannaCry were recorded in the country. However, with every passing day, more instances can be seen reported.
While this in itself being a massive concern, the Q1 2017 State of the Internet Security report by Akamai Technologies reveals that India ranks second in the list of Global Web Application Attack Source Countries in the Asia Pacific region. India ranks 12 globally, with close to 6.7 million attacks recorded in the year. The United States remained the top source country for web application attacks, showing another significant year-over-year increase, up 57 percent from Q1 2016, that is 221 million. Further, India is the 8th most vulnerable country to Web Applications Attacks. ALSO READ: WannaCry ransomware affects over 20 systems in Kerala’s railway office
“If our analysis of Q1 tells us anything, it’s that risks to the Internet and to targeted industry sectors remain and continue to evolve” said Martin McKeay, senior security advocate and senior editor, State of the Internet / Security Report. “Use cases for botnets like Mirai have continued to advance and change, with attackers increasingly integrating Internet of Things vulnerabilities into the fabric of DDoS botnets and malware. It’s short sighted to think of Mirai as the only threat, though. With the release of the source code, any aspect of Mirai could be incorporated into other botnets. Even without adding Mirai’s capabilities, there is evidence that botnet families like BillGates, elknot, and XOR have been mutating to take advantage of the changing landscape.” ALSO READ: We ‘contained’ the WannCry ransomware attack: Bengal government
Akamai notes in its research that UDP fragment, DNS and NTP maintained their positions as the top three DDoS attack vectors, while reserved protocol floods and connection floods were also on the Q1 2017 attack vectors list. And the top three most frequent attack vectors per week were ACK, CHARGEN, and DNS. The research also notes a new reflection attack vector Connectionless Lightweight Directory Access Protocol (CLDAP), which has been observed producing DDoS attacks comparable to DNS reflection with most attacks exceeding 1 Gbps. DDoS and web application attacks are now threatening the daily operations of many online businesses. ALSO READ: WannaCry Ransomware attack tracker shows real-time map of affected devices worldwide
Mirai DNS Water Torture Attacks, a DNS query flood included in Mirai malware, targeted many in the financial services industry. The attacks can create denial of service outages by consuming the target domain’s resources in looking up randomly generated domain names in great numbers. The Reflection attacks, which continued to comprise the largest number of DDoS attack vectors and accounted for 57 percent of all mitigated attacks in Q1 2017, with Simple Service Discovery Protocol (SSDP) reflectors as the biggest source of attacks. ALSO READ: WannaCry Ransomware: 22-year-old ‘accidentally’ stops attacks, warns against more to come