Computer virus are as prevalent and as old as the computers they infect. The origins of computer viruses stretch all the way back to 1949 when the famous mathematician John von Neumann first published the “Theory of Self-reproducing Automata,” describing how a computer program could be designed to self-replicate.
“Self-reproducing automata” was just a theory — there was never any intention to set a virus free into the wild. The year 1971, however, saw the first “detected” virus: “Creeper,” an experimental self-replicating program, was designed to infect computers via ARPANET, the forerunner of the Internet. Creeper didn’t cause any actual damage, it simply copied itself to systems and displayed the message, “I’m the creeper, catch me if you can!” Shortly thereafter, the first antivirus, named “Reaper” was created. Reaper’s purpose, to delete Creeper.
Reaper/Creeper was the innocent and harmless opening salvo of the Cyber War. Since then, the gloves have come off and we’ve seen a constant escalation of computer attacks and defense that has resulted in massive thefts of personal information, damaged hardware and hundreds of millions of dollars in losses.
Until wide-scale usage of the internet and email became common, the spread and damage of most viruses was reasonably limited. That all changed in 1999 with Melissa, a virus designed to infected Microsoft Word users. The virus, created by David Smith, was named after an exotic dancer — and like its namesake, the newcomer shook things up. Within six hours of being released into the wild, Melissa had taken down hundreds of websites, and tens of thousands of people found themselves unable to access their emails. The resulting damage cost approximately $1.2 billion (U.S.) to undo. Smith was fined $5,000 (U.S.) and sent to jail for 20 months — a punishment that many still think was far too lenient.
Today’s computer landscape is like a no-holds barred cage match, with IT security professionals engaged in a struggle against the bad guys where the prize is literally billions of dollars. India, where Internet usage is exploding, is on the front lines of this struggle. As our tech industry has grown, we’ve attracted not only multinational entities like Facebook, Google and Amazon, but a vast number of talented and relentless cybercriminals as well.
According to a recent study by Symantec, India is ranked third for the number of ransomware attacks, and we are the sixth most bot-infected country. During the last quarter of 2015 India experienced 19 million identified cyberattacks. Viruses are no laughing matter. And it’s not just governments and corporate entities at risk. We are all in the middle of this fight.
Below are five of the worst virus types to date affecting India:
Ransomware is the digital version of good old-fashioned extortion. It is infamous in that it operates under the guise of a legitimate program or service. Victims of these virus attacks are held hostage and at the mercy of an attacker as important files, or even an entire hard drive, are locked up by the virus.
The malware enters a system via spam and social engineering, attachments, downloads, mal-vertising and infected installation tools. The ransomware is typically propagated via e-mail where the virus is encrypted in disguised form within .pdf, .doc and .jpg files. The victim is convinced to run those files and, in turn, executes the virus.
When a ransomware victim attempts to access their computer, they receive a message stating that their files have been encrypted and are now inaccessible. The message also demands payment for the files to be unencrypted. Often the payment must be made within a specified time; failure to do so results in the destruction of all the user’s data.
One widely publicized attack occurred in 2015, when a businessman from Agra was victimized. The ransomware was able to lock down important transaction details, and client files were kept hostage and threatened with destruction until payment was made. The ransom demand was for $10,000 (U.S.).
Fortunately, the victim sought help from the Agra Cyber Cell center, which detected the ransomware as originating from a Nigerian hacker and belonging the TeslaCrypt ransomware family, and was able to regain control of his data
These sort of attacks are constant occurrences in India, and the average ransom paid is between $300 and $400 (U.S.).
Another nasty attack hitting Indian cyberspace is Bioazih Trojan (BT). BT alters a user’s personal data. According to India’s Computer Emergency Response Team, “Bioazih Trojan virus can have as many as five aliases to protect its anonymity, and it has capabilities like running remote arbitrary command, uploading, downloading and executing files in an unauthorized manner.”
BT spreads by phishing emails, attaching itself with images and document files, especially with vulnerable Microsoft office systems. BT can be dropped off via a Remote Access Trojan (RAT) to enable remote access to a victim’s computer. Once in place, BT operates in a stealthy manner that makes it difficult to detect and defeat. The extent of the BT virus in India has yet to be measured accurately, since many organizations and individuals effected are as yet unware of its activities.
Heartbleed is technically not a virus, but rather a vulnerability built into certain versions of the popular open-source encryption standard OpenSSL.
Heartbleed allowed hackers to steal information that was, under normal conditions, protected by the SSL/TLS encryption used to secure the Internet. The attack was so widespread in 2014-2015 that it affected 70 percent of all the websites using OpenSSL technology for encryption. Here in India, it affected five percent of all online transaction websites. The only reason more sites were not impacted was due to them operating on an older version of OpenSSL.
Servers infected with Heartbleed can remain undetected and an upgrade to the vulnerable OpenSSL version may open the door for hackers to steal protected passwords, credit card information, and government intelligence data.
Heartbleed isn’t just targeted towards internet facing webservers. It can affect smartphones, older PC’s, email servers, routers, medical devices, Smart TVs, firewalls and any device that relies on OpenSSL. Given the growth of Internet access in India, this is a particularly vicious virus with the potential to continue to cause a these could potentially cause havoc if correct safety measures are not taken in timely manner.
This vile Trojan malware attacked Indian cyberspace in 2013. Beebone controlled at least 12,000 infected computers in dozens of countries. It attacked computer systems by faking its identity and then deploying attack techniques. What made it so nasty was that it had the ability to acquire as many as 20 aliases or masks to infect computer systems that had weak security protections.
Beebone acted as a downloader. Once Beebone infected a computer it went to work silently instructing the system to download additional malware programs, like banking Trojans, spyware, ransomware and password-stealers — all without the explicit permission, and knowledge of the owner.
Law enforcement did make a great effort to eradicate this botnet in 2015, and were fairly successful. However, a lot of computer systems remain infected, due to their owners not being aware. These systems continue to infect other systems.
This is a particularly sneaky and effective espionage Trojan horse. Discovered in 2013, Backdoor.Regin (Backdoor) appears to have been spying on countries like India for the last six years. Other countries that have been spied on include Russia and Saudi Arabia. Experts say that backdoor possesses “a degree of technical competence rarely seen.” The consensus is that Backdoor is the creation of a nation state.
Backdoor is used to steal passwords, sniffing on network connections and read email. The attacks are targeted towards all types of entities, governmental, infrastructure, businesses, and individuals. Targeted data and intelligence gathering seems to be its primary function.
In order to avoid detection and protect itself from decoding backdoor has plenty of firepower in its arsenal. Features like anti-forensic and custom encryption techniques are some of its core features. Even when detected it is difficult to determine exactly what the malware it is doing.
The Next Step
According to the Symantec report, last year almost 60 percent of targeted attacks in India were directed towards larger enterprise companies. In particular, the financial sector saw the number of attacks rise six percent from last year; transport and communication attacks were up 4.5 percent. With such critical national Infrastructure under fire, there is a growing need and urgency to continue educating our population and building our National Cyberspace Guard. Reinforcing the importance of cyber education along with proper IT training and certification will go a long way towards protecting us from cyber espionage.
The volume of cyberattacks and their complexity have become so great that they now pose an existential threat. How well are we prepared to protect ourselves? Not very. According to research India needs approximately 500,000 White-hat-hackers — presently, we have less than 30,000. If you’re looking for a profitable direction to go with your next certification, then consider cybersecurity a strong option.