As the world faces a barrage of cybercrimes, India must thoroughly probe and identify the source of the recent 'state-sponsored attacks'.
Digital background depicting innovative technologies in security systems, data protection Internet technologies 3d rendering. (iStock)
Somewhere deep inside Apple’s labyrinthine data sockets would lie the tech major’s information pile on “state-sponsored attacks”, perhaps with evidence.
That was the cause the company cited a couple of days ago in its warning emails to a group of iPhone users worldwide, including India, cautioning them against a possible remote attack on their phones.
The Indian users were largely politicians, peculiarly, of the Opposition variety.
The tech giant also avoided furnishing further details since the attacker(s) might “adapt their behaviour to evade detection in the future”.
The question remains unanswered: What is a “state-sponsored attack?” Which state is the reference to? Which group (possibly of hackers or malware manufacturers or users) has that state hired or “sponsored” for the attack?
The Apple’s statement is bland. It is a standard cautionary text that tells the user what to do and not to do if the phone is hacked or attacked. It is a note every phone manufacturer issues these days as part of the manual.
There is probably no country in the world that has not escaped cyberattacks. They are more common than viruses today.
Statista says that “during 2022, the worldwide number of malware attacks reached 5.5 billion, an increase of two percent compared to the preceding year”. In recent times, 2018 was the worst year, registering 10.5 billion attacks across the globe.
In recent years, there have been numerous instances of malware attacks that have made headlines worldwide. From large corporations to individual users, no one is immune to these threats. Let’s take a closer look at some of these malware attack examples.
Cyber/malware attacks do not differentiate between big corporations and individual users. Among the most notorious attacks are Emotet Trojan, which stole financial data in 2014; CovidLock, which preyed on people’s fears and uncertainties about Covid-19; and the Colonial Pipeline attack unleashed by a ransomware group called DarkSide against the eponymous American company, one of the largest fuel pipeline firms.
In 2021, Microsoft detected multiple attacks on the Microsoft Exchange Server to illegally access email accounts and place malware for future access to them. The attack affected tens of thousands of organisations worldwide.
Another infamous attack that year was the Kaseya ransomware attack. A Russia-linked ransomware group known as REvil targeted Kaseya, which provides software tools to IT outsourcing shops.
Last year, prominent graphics designer Nvidia faced a cyberattack. Proprietary information was stolen by unknown cyber thieves, causing severe disruption to the company’s operations.
Fast-improving technology is helping cyberattacks target even the toughest phones, including the iPhone series, which claims security as one of its USPs. Apple has a reputation for having highly encrypted and strong security systems that can protect sensitive data and user privacy.
IT mobility and solution architect Michael Goad recently wrote in TechTarget, a problem-solving IT content professional group: “Apple devices have traditionally had a reputation for being less susceptible to malware than other OSes. This is primarily due to two factors: The closed nature of the Apple ecosystem and the company’s strong focus on security. By keeping users within a proprietary platform, Apple can tightly control what code can and cannot be downloaded or run on its devices, ensuring that users can only install vetted and approved apps on iPhones, iPads and Macs.”
Goad, however, argued the iPhone was “not foolproof”. He said there had been instances where “malware authors have exploited vulnerabilities in iOS or other software components to gain access to user data”. His list of user precautions is the market mantra today.
Considering the specialist’s comments, Apple knows more about cyberattacks and their sources than they let us know.
The company’s cryptic “state-sponsored attacks” are explained on Apple Support on its website. It has an entire chapter devoted to “Apple threat notifications and protecting against state-sponsored attacks”. It says Apple’s threat notifications are designed to “inform and assist users who may have been targeted by state-sponsored attackers”.
The company does not talk about common users. It mentions only users “individually targeted because of who they are or what they do”. It says state-sponsored attackers target “a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent”.
These attacks are “highly complex, cost millions of dollars to develop and often have a short shelf life”.
The company claims it has a system to notify users when such an attack is imminent or unleashed.
“If Apple discovers activity consistent with a state-sponsored attack, we will notify the targeted users in two ways: A Threat Notification will be displayed at the top of the page after the user has signed in to appleid.apple.com. Apple will send an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID. These notifications will provide additional steps notified users can take to help protect their devices, including enabling Lockdown Mode.”
Who are state-sponsored attackers? Apple Support says: “(They) are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.”
This limited description comes with a disclaimer that it is possible that some Apple threat notifications could be false alarms. In this case, Apple must be reviewing the reasons for issuing the notifications, meaning it might know what or who causes state-sponsored attacks.
Anticipating the question, Apple Support says: “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”
That is Apple’s possible justification for not saying more on the subject now.
Notwithstanding Apple’s silence, the internal community already realises that cyberattacks have, in the last decade, grown from mere data theft to espionage to interference in the internal affairs of countries.
The West has often laid the blame at the feet of Russia and, now, China, as two countries allegedly using cybercrime as a warfare tool.
Western IT publications claim they have identified the hacks but do not disclose the links between them and their political masters: Russia-backed hacker group Strontium, which specialises in infiltrating political campaigns, political consultants and advocacy campaigns.
Chinese-supported hacker group Zirconium reportedly targets high-profile individuals during election campaigns, and Iranian group Phosphorus is known to have staged attacks during the Trump campaign.
When the AIIMS servers in New Delhi came under cyberattack in late 2022, government sources said information subsequently retrieved showed the attack originated in China.
A news agency quoted sources in the Ministry of Health and Family Welfare (MoHFW) as saying at that time: “The server attack was by the Chinese; the probe found that it originated from China. Of the 100 servers — 40 physical and 60 virtual — five physical servers were infiltrated by the hackers. The damage could have been far worse but is now contained. Data in the five servers has been successfully retrieved.”
International disputes are being mysteriously raised in current times through silent cyberattacks. One of the earliest incidents occurred during the Ukraine elections in 2014 when efforts to manipulate and influence the election through cyberattacks were sourced to CyberBerkut, a pro-Russian hacktivist group. European Parliament reported the attack, which, however, failed as the malware was removed just before voting began.
The biggest political attack that shook the world came during the 2016 presidential election in the US when the Democratic National Committee was hacked into, reportedly making candidate Hillary Clinton lose her campaign momentum against Republican Donald Trump.
That was just the beginning. The 2020 US election was also affected, followed by scandals like the 2021 Labour Party hack, the Pegasus scandal, Solar Winds, and the 2017 French elections. All these attacks were said to be “politically motivated”.
Cyber Rights Organisation (CRO), which has a reputation for identifying and exposing such attacks, said in a recent interview with MoonLock, a technology safeguard site: “The incidents are not isolated events, but rather part of a larger, more concerning trend.”
According to CRO, the key drivers for politically motivated attacks are:
Global intelligence and security agencies are currently involved in cooperative probing to build a case against state-sponsored attacks methodically.
It is said nearly all such attacks have been deconstructed, and in most of the cases, the sources have been identified.
The lack of a global treaty on cybercrime — a draft that has been under consideration by the United Nations — impedes cohesive action.
Jan 17, 2024
Jan 07, 2024
Jan 07, 2024
Dec 23, 2023
Nov 03, 2023
Nov 01, 2023
