India is on the top list of countries targeted with web application attacks globally with more than 6.5 million instances being recorded by CDN firm Akamai in its Q2 2017, State of the Internet/Security report. On the top 10 list of countries targeted by Web attacks, India stood 8th while the US was the biggest target with more than 218.12 million individual web attacks.
On the other hand, India was also on the top 10 list of countries that originated a web attack, the report said. India stood 5th on the list with more than 11.8 million attacks originating from the country which translates to 3.3% of all originating web attacks globally. While the top three origins of web attack traffic were the US. (33%), China (10%), and Brazil (8%). When considering only the Asia Pacific region, India stood second in terms of originating country just behind China.
Bruno Goveas, Director, Business Development (APAC) Akamai, said during a MediaNama even in July that Web-based attacks are the most prevalent worldwide and in India. This is because hackers don’t want the victim to know that they are being breached, they want users to know only after it’s too late. Almost 31% of malicious IP addresses that attack the Akamai’s India customers are coming from outside the country, he pointed out.
Among web attacks, credential checking is the biggest problem, Goveas said. Other prevalent types of attacks (ranked as Per Akamai) include:
i) Web attackers
ii) Scanning tools
iii) Web Scrapers/Bots
iv)DoS Denial of Service) attacks
DDoS attacks targets and origination
On the other hand, India was also the 5th largest country that originated a DDoS (Distributed Denial of Service) attack accounting for 4% of global IP sources. At least 43,863 malicious IP addresses from India originated a DDoS attack in Q2 2017, according to Akamai’s report. Strangely, Egypt was on the top spot globally for originating a DDoS attack accounting for a staggering 44% of global DDoS attacks. The country was identified to have more than 590,000 malicious IP addresses that originated a DDoS process.
DDoS attacks are basically compromised PCs, laptops, and other devices that are infected with a Trojan virus which is then used to target a victim network or PCs. The originating devices are distributed and not present in one location. The attacker uses more than one device, sometimes in massive numbers, to take down a single system or a network belonging to a company, enterprise, or an individual. The Trojan virus is created specifically by a hacker/attacker and this is infected into devices connected to the Internet using emails, download links, extensions, etc. During the Mirai botnet attack in October last year, researchers found that at least 49,657 unique IPs across the world originated a DDoS attack.
When only one system or device is used for attacking, then it is termed as Denial of Serve (DoS) attack, since there is no distribution of IPs or devices on the source side. Here are some of the recent DoS/DDoS attacks reported in India:
- August 2017: State run-telco BSNL hurriedly issued an advisory notice to its broadband customers early this month, urging them to change their default router user name and password. The notice came after the telco’s broadband network in Karnataka circle suffered a malware attack which targeted 60,000 modems with default “admin-admin” username/password combination.
- July 2016: MTNL blocked a part of its broadband network that allows sending of emails through private email servers after ISPs in Mumbai came under a heavy DDoS attack last year, crippling internet speeds in the city. Hackers were found to be sending out bulk emails to users and nodes (connected devices) within the network using hijacked PCs.