Cyber Review - May 2023

National

AI Supercomputer ‘AIRAWAT’ puts Bharat among the top supercomputing leagues

Ranked 75th in the world, ‘AIRAWAT’— the Artificial Intelligence (AI) Supercomputer installed at C-DAC, Pune, was declared so in the 61st edition of Top 500 Global Supercomputing List on 23 May 2023 at the International Supercomputing Conference (ISC 2023) in Germany. The declaration puts Bharat on top of AI Supercomputing nations worldwide. “We need to make AI in Bharat and AI work for Bharat”— Prime Minister Narendra Modi’s vision “AI FOR ALL”.

“Artificial Intelligence is the most promising technology in the digital age. Bharat (India) has a strong ecosystem and competitive advantage for AI due to its massive data availability, strong digital economy and skilled workforce. Bharat has been working in Applied AI with a focus on Natural Language Processing, Image Procession, Pattern Recognition, Agriculture, Medical Imaging, Education, Health Care, Audio assistance, Robotics and developing solutions for the strategic sectors,” said Ministry of Electronics & Information Technology (MeitY) Secretary Alkesh Sharma. Bharat will pursue AI technology to empower citizens and organisations to solve society's and the economy's most pressing problems to improve the world.^[1]

Aadhaar authentication clocks 1.96 billion transactions in April 2023, 19 per cent more than last fiscal month

Highlighting the growth of the digital economy and usage of Aadhaar in Bharat, Aadhaar holders carried out 1.96 billion authentication transactions in April 2023, a rise of more than 19.3 per cent over April 2022. Most of these authentic transactions were carried out using fingerprint, followed by demographic and OTP (One-Time Password) based authentications. Financial inclusion for those at the bottom of the income pyramid is being enabled by the Aadhaar Enabled Payment System (AePS). The AePS and the network of micro-ATMs enabled more than 200.6 million last-mile banking transactions in April 2023.

The Aadhaar e-KYC service is important in banking and non-banking financial services by providing a more transparent and improved customer experience and facilitating business transactions. In April alone, over 250.5 million e-KYC transactions were completed. By the end of April 2023, the total number of Aadhaar e-KYC transactions will have surpassed 14.95 billion. The continued use of e-KYC is significantly lowering the cost of customer acquisition for entities such as financial institutions and telecom service providers, among others.^[2]

Cabinet approved PLI Scheme 2.0 for IT Hardware

On 17 May 2023, the Union Cabinet, chaired by Prime Minister Narendra Modi, approved the Production Linked Incentive (PLI) Scheme 2.0 for IT hardware with a budgetary outlay of ₹ 17,000 crore. In the last eight years, electronic manufacturing in Bharat has witnessed consistent growth with a 17 per cent CAGR. In 2023, it crossed a major benchmark in production— around ₹ 9 lakh crore (USD 105 billion). Exports of mobile phones crossed a major milestone of ₹ 90 thousand crores (around USD 11 billion) in 2023. Building on the success of the PLI scheme for mobile phones, the Union Cabinet approved PLI Scheme 2.0 for IT hardware.^[3]

The US Department of Commerce’s delegation visited Bharat to enhance the cyber ability of the two nations

The United States Department of Commerce delegation visited Bharat from 22-26 May 2023, with meetings in Delhi and Mumbai, to enhance the cyber abilities of the two nations to address and resolve the growing risks from cyber threats. The delegation comprised 13 US cyber security companies that held meetings with Central and State government officials. Both sides provided their input on the cyber challenges.

The delegation also participated in the US Trade Development Agency (USTDA) capacity-building workshops on the 5G network. The Federal Bureau of Investigation (FBI) spoke on the current conditions in cyberspace and interacted with Indian financial services companies and the Data Security Council of India (DSCI).

The DSCI’s CEO— Vinayak Godse, said, "Bharat is accelerating cyber security technology development and emerging as a global hub for cyber security. Bharatiya companies are offering innovative and cutting-edge security solutions in emerging areas such as Quantum, 5G, 6G, Artificial Intelligence (AI), hardware, and supply chain, which opens considerable possibilities for collaboration with the US counterparts.” The US Counsel-General in Mumbai— Mike Hankey said that “by aligning our policies, regulations, and practices, the Bharat and US can collectively combat cyber-crime, protect privacy, and ensure the secure flow of information across borders.”^[4]

Internationa

The United Kingdom and its allies exposed the ‘Snake’ malware threat from Russian cyber actors

The United Kingdom (UK) and international allies disclosed technical information on a sophisticated espionage tool used by Russian cyber attackers against their targets in a joint advisory released on 09 May 2023. For nearly 20 years, the Centre 16 of the Russian Federal Security Service (FSB) has used the “Snake” malware and its variations as a key tool in its espionage activities.

The malware implant has been used to gather private data from predetermined targets, including government networks, research centres, and media outlets, with “Snake” infrastructure found in more than 50 nations worldwide. The UK’s National Cyber Security Centre (NCSC), a division of the Government Communications Headquarters (GCHQ), along with organisations from the United States (US), Canada, Australia, and New Zealand, have released advice to help organisations understand how “Snake” functions and offer potential countermeasures.^[5]

FBI and Europol busted a global dark web drug network with ‘Operation Spec Tor’

In a joint operation named ‘Operation Spec Tor’, the Federal Bureau of Investigation (FBI) and Europol targeted dark web markets to disrupt the global trafficking of fentanyl and opioid. The operation concluded with 288 arrests, the seizure of 1,875 pounds of drugs and more than USD 50 million in cash and cryptocurrency. The operation unearthed vast networks of manufacturers, online supply chains, buyers, re-sellers, and consumers.

In late 2021, the Joint Criminal and Opioid Darknet Enforcement (JCODE) team of the US Department of Justice (DoJ) launched Operation Spec Tor. Teams targeted the darknet markets’ infrastructure to bring them offline finally. After that, they analyse the data, including usernames and accounts, to produce leads they can share with international partner agencies to expand investigations. The 288 vendors and buyers arrested in the operation were engaged in tens of thousands of sales of illicit goods across Europe, Brazil and the US, where 153 arrests were made. ^[6]

Operation Spec Tor [Source: fbi.gov]

‘CosmicEnergy’ malware poses a plausible threat to electric grids, warned researchers

According to the threat research group at the Mandiant, a new malware— ‘CosmicEnergy’ targeting electricity networks shows “the barriers to entry are lowering” for industrial attacks. CosmicEnergy was identified when the code was uploaded to a public malware scanning utility in December 2021. In a recent analysis carried out on 25 May, Mandiant researchers said that it was designed to disrupt power supplies by interacting with devices using the IEC-104 protocol, such as Remote Terminal Units (RTUs) that are commonly used in electric transmission and distribution operations in Europe, the West Asia and Asia.

The malware was rare because specialised Operational Technology (OT) or Industrial Control System (ICS) malware capable of causing cyber physical impacts were seldom discovered or disclosed. “A unique aspect of CosmicEnergy was that evidence suggestsa contractor had developed it as a red teaming tool for simulated power disruption exercises hosted by Russian cyber security company Rostelecom-Solar. This discovery suggests that the barriers to entry are lowering for offensive OT threat activity since we normally observe these capabilities limited to well-resourced or state-sponsored actors,” said Mandiant.^[7]

Cyber-attack on Norton Healthcare spurs long waits, prescription and lab delays

On 09 May 2023, the Information Service team at Norton Healthcare discovered a suspicious network activity and deployed defensive measures. In the meantime, the team received a fax ‘containing threats and demands’. At the time of the fax, the network was operational, but later the systems were brought down in a controlled fashion. “At no point did an external force take control of or shut down our network,” said the officials at Norton Healthcare. The Federal Bureau of Investigation (FBI) actively worked with Norton Healthcare to determine the scope of the cyber-attack.

The information services team was able to mitigate the attack’s effects and maintain control over the network. However, clinicians are using manual and paper techniques to continue services since the network is down. For all patient services, all Norton Healthcare locations are open. However, the outage has led to delays in network-related capabilities, including imaging, lab and test results, prescription refills, and the Norton MyChart patient messaging tool, as well as lengthy wait times for phone calls and in-person patient appointments.^[8]

Endnotes

^[1] “AI Supercomputer ‘AIRAWAT’ puts India among top supercomputing league”, Ministry of Electronics and IT, 24 May 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1926942 [2]
^[2] “Aadhaar authentication clocks 1.96 billion transactions in April, 19% more than same month last fiscal”, Press Information Bureau- Ministry of Electronics and IT, 22 May 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1926374 [3]
^[3] “Cabinet approves Production Linked Incentive Scheme- 2.0 for Hardware”, Press Information Bureau- Ministry of Electronics and IT, 17 May 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1924772 [4]
^[4] “Cybersecurity mission from USA in India to enhance cyber ability of the 2 countries”, ET CIO, 25 May 2023, available from: https://cio.economictimes.indiatimes.com/news/digital-security/cybersecurity-mission-from-usa-in-india-to-enhance-cyber-ability-of-the-2-countries/100489122 [5]
^[5] “UK and allies expose Snake malware threat from Russian cyber actors”, National Cyber Security Centre- United Kingdom, 09 May 2023, available from: https://www.ncsc.gov.uk/news/uk-and-allies-expose-snake-malware-threat-from-russian-cyber-actors [6]
^[6] “Sweep Targets Darknet Markets”, Federal Bureau of Investigation- United States, 02 May 2023, available from: https://www.fbi.gov/news/stories/operation-spector-targets-darknet-markets [7]
^[7]Hendery, Simon. “CosmicEnergy malware poses ‘plausible threat’ to electric grids, researchers warn”, SC Media, 26 May 2023, available from: https://www.scmagazine.com/news/critical-infrastructure/cosmicenergy-malware-electric-grids [8]
^[8]Davis, Jessica. “cyberattack on Norton Health spurs long waits, prescription and lab delays”, SC Media, 23 May 2023, available from: https://www.scmagazine.com/news/privacy/cyberattack-on-norton-health-spurs-long-waits-prescription-and-lab-delays [9]