Over the last year, attacks on India’s defence sector increased by 39 per cent. In May 2024, the Pakistani-based advanced persistent threat group Transparent Tribe (APT36) was discovered to have targeted the Indian government, defence and aerospace sectors.

Two months before this attack, unidentified threat actors breached multiple government entities in India, including agencies responsible for electronic communications, IT governance, and national defence. This was similar to the attack on the Indian Air Force in January of this year.

Indian government and defence organisations are increasingly becoming vulnerable to cyberattacks. While the government and defence sectors have taken numerous measures to curb attacks, threats persist. This can be attributed to three factors: spear phishing, inertia in continuous threat monitoring, and a reactive approach to cybersecurity.

Security breaches in defence sectors can have debilitating impacts on national security as they could lead to compromises of command and control, weapons, and detection and defence systems. Securing these capabilities is crucial to India’s national interest and the protection of the country’s cyberspace.

OT security for defence organisationsOperational technology plays a major role in many aspects of the defence sector — be it military organisations or the state-backed defence manufacturing sector. Strengthening the cyber defences of these systems is non-negotiable. OT controls and monitors devices, such as robots and support equipment, which assist the defence wings in the continuous operation of equipment and devices.

Unlike traditional IT systems, OT is directly involved in the monitoring and direct control of physical processes and systems improving efficiency and enhancing the safety of defence systems. For military installations, OT plays a crucial role in automating and enhancing operations in domains such as energy management, logistics support, infrastructure, and, of course, weapon systems. Therefore, the underlying security of these systems is paramount.

The Indian defence sector uses its proprietary technologies to minimise the risk of exposure. However, it also means that integrating preventive security solutions can be a challenging prospect. An ideal solution would be using a platform that seamlessly integrates with existing technologies. This integration must ensure a comprehensive security posture — one that addresses the vulnerabilities of OT environments without hampering efficiency or reliable performance.

This industry needs a preventive security framework that offers comprehensive asset discovery, continuous monitoring and detection of threats, in-depth network traffic analysis for early detection, providing support for effective incident response and forensic analysis for swift action and in-depth investigation of security incidents. Such tools can provide comprehensive reporting to support compliance with relevant regulations and standards, providing clear visibility into security posture and compliance status.

Identifying the most common attack vectorsSpearphishing was used to gain initial access in the cyberattack against the Indian Air Force in January this year. In fact, phishing and spear phishing emerged as the costliest root causes of breaches in India, costing organisations USD 2.28 million, according to IBM.

Clicking on malware designed to deceive users, either inside of an email or on a malicious website, is a common and successful method of attack. However, this method is best mitigated with a robust cybersecurity awareness program. Security training is an invaluable tool in educating users on best practices — especially in identifying phishing emails, avoiding malicious browser plugins, extensions, and keeping applications up-to-date. An educated user base reduces the likelihood of this type of attack being successful.

Another common attack path is unpatched applications. External-facing assets like email clients and web browsers that remain unpatched may contain vulnerabilities that allow a compromised user’s device to be vulnerable to several attacks. Malicious or poorly coded extensions may allow attackers to gain unauthorised access to sensitive information or even inject malicious code.

Defence organisations in India should practise safe email and web browsing habits, keep software up-to-date, and utilise anti-virus and anti-phishing software. A preventive approach would involve using AI-powered technologies that minimise the attack surface associated with web browsers and email systems.Periodic scanning is no longer an acceptable defence tactic, given the nature and proliferation of cyber threats.

Point-in-time scanning leads to uncertainty and gaps. Indian defence organisations need robust preventive security solutions that aid in identifying blindspots, and understanding risk-relationships between users, and critical assets. Such an approach protects high-security systems from cyber intrusions and maintains smooth functioning and the safety and integrity of high-security areas, which are crucial to India’s national security.

Note: The author, Jamie Brown, is the Senior Director, Global Government Affairs at Tenable, a globally leading cybersecurity company based in Columbia, Maryland, US. Views expressed are personal

Link to article – 

Pakistan-sponsored hackers targeting GoI, defence, aerospace sectors, attacks up 40% from last year