The Maharashtra Cyber Department is in the process of issuing a State-wide advisory outlining steps to prevent potential targets from falling prey after the New Delhi-based Computer Emergency Response Team (CERT) said it has received intelligence inputs about a massive cyber attack on several countries, including India. The CERT is the country’s central cyber security agency.
Maharashtra Cyber Police officers confirmed to The Hindu that the attack would be similar to the Distributed Denial of Service (DDOS) attack that hit the State last year. In July 2016, The Hindu had reported how small and medium Internet Service Providers were under attack from unknown parties, who were pinging their servers incessantly to the point where the servers crashed, denying service to their clients and causing loss of revenue.
According to sources, the imminent DDOS attack, which is believed to be on a much larger scale, is being readied using malware known by two names, Reaper and IoTroop, and is currently taking over thousands of machines connected to the internet to be used for a synchronised attack on the target servers.
Maharashtra IG (Cyber) Brijesh Singh said, “Mirai had acquired five lakh devices. The Reaper malware has already affected two million devices worldwide, and is acquiring 10,000 devices per day. It seems to be targeting CCTV camera systems and Digital Video Recorders connected to the internet.”
A Cyber Police officer said, “It’s difficult to say at this point exactly who the targets are, but we have enough information to indicate that machines connected to the internet, including cell phones, laptops, CCTV cameras and other devices, are susceptible. A large number of such machines are being hacked and turned into bots as we speak. Our cyber intelligence network indicates a lot of abnormal behaviour on the internet, consistent with hacking of devices.”
A bot, or robot, is an automated programme. In this kind of cyber attack, hackers use malware to infect devices to turn them into bots that do their bidding. Sources said the perpetrators of Reaper are currently creating a huge network of bots, called a botnet in cyberspeak.
In October 2016, a malware known as Mirai had executed multiple DDOs attacks on servers of Dyn, a leading domain name service provider, affecting several popular websites including Twitter, Netflix and Reddit. Cyber Police officers said Reaper is amassing bots on a much larger scale than Mirai. “Once the botnet is ready as per the perpetrators’ requirements, they simply have to command the bots to ping servers of the target all at once, resulting in a server crash. Depending on the size of the company or industry targeted, it will result in massive losses of revenue.”
A possible way to execute the attack would be that the bots are pre-programmed to strike on a particular day. This possibility is also being probed, officers said.
Superintendent of Police Balsing Rajput, Maharashtra Cyber Police, confirmed that intelligence inputs about Reaper have been received. “We are working on the information and will soon be coming out with an advisory regarding the same.”