Indian Petroleum Refineries network saw over 3.2 lakh cyberattacks between October 2021 and April 2022: report

Cyberattacks on the Indian Petroleum Refinery network have increased with huge attacks recorded between October 2021 and April 2022, according to research by CyberPeace Foundation (CPF), Autobot Infosec Private Limited, as well as CyberPeace Center of Excellence (CCoE).

The research revealed that nearly 3.6 lakh attack events were recorded between October 2021 and April 2022 on the Critical Information Infrastructure (CII) threat intelligence sensor network simulating the network of the oil refinery, simulated by the research group in India.

The study is part of the CyberPeace Foundation’s e-Kawach program to implement comprehensive public network and threat intelligence sensors across the country to capture internet traffic and analyze real-time cyberattacks to which a location or an organization faces.

Creation of simulated networks

“By deploying the simulated network, we can collect data on attack patterns, different types of attack vectors for different protocols, and recent trends in malicious activity,” a CyberPeace Foundation spokesperson said. . “Like any other critical infrastructure in the world, India’s critical infrastructure is also vulnerable to cyberattacks involving state and non-state actors,” the report said.

The Control and Data Acquisition (SCADA) Critical Information Infrastructure (CII) threat intelligence sensor network simulating the petroleum and refining industry saw an increase in the number of cyberattacks with 3 59,989 visits between October 2021 and April 12, 2022.

Specifically, around 1,17,633 visits were recorded in October 2021 while 55,871 visits were recorded in November 2021. December 2021 recorded 20,714 visits. The number of visits recorded in January 2022, February 2022 and March 2022 stood at 52,598, 19,342 and 69,998 respectively.

In April 2022 (until April 12), approximately 23,833 visits were recorded. The most attacked protocols were FTP, HTTP, s7comm, Modbus, SNMP, BACnet. Vulnerable and exposed systems that are unmonitored and facing the Internet are the most attacked targets for threat actors, he said.

Phishing attacks

It has also seen an increase in the number of phishing/social engineering attacks against Indian organizations in the oil or refinery sector. Recently, news has been circling the internet that Oil India Limited head office in Dibrugarh in Assam faced a cyber attack with the malware injected on their systems demanding $75,000,000 as a ransom.

Additionally, the CPF spokesperson pointed to the circulation of WhatsApp messages posing as an offer from Indian Oil with links luring unsuspecting users with the promise of Indian Oil fuel subsidy giveaways.

A similar study was conducted by the research teams, based on a WhatsApp campaign that contained a link claiming to be a giveaway offer from Indian Oil that urges users to take a survey for a chance to win $2,000. He also highlighted some warning signs of this particular campaign.

“The campaign is supposed to be an offer from Indian Oil Corporation but is hosted on a third party domain instead of Indian Oil’s official website, which makes it more suspicious,” he explained. The domain name associated with the campaign has recently been registered. In addition, several redirects were noticed between the links.

“No reputable site would ask its users to share the campaign on WhatsApp. The price is kept attractive to attract laymen. Grammatical errors have been noticed,” he added.

During the analysis, the research team discovered that a javascript code called hm.js was running in the background from the host hm(.)baidu(.)com, a Baidu subdomain and is used for Baidu analysis, also known as Baidu Tongji. .

Chinese attack

“The important thing is that Baidu is a Chinese multinational technology company specializing in Internet-related services, products and artificial intelligence, headquartered in Haidian district of Beijing, China,” he said. he declares.

Additionally, cyberattacks against critical infrastructure are on the rise. Recently, threat intelligence firm Recorded Future Inc said in a report that an alleged Chinese state-sponsored activity group was targeting India’s power sector as part of a cyber espionage campaign.

Recorded Future’s Insikt group detected “continued targeting of Indian power grid organizations by China-linked adversaries”. Over the past few months, he has observed network intrusions targeting at least seven Indian State Load Dispatch Centers (SLDCs) tasked with performing real-time operations for network control and load dispatching. electricity.

Besides targeting power grid assets, it also identified the compromise of a national emergency response system and the Indian branch of a multinational logistics company by the same group of threat activities, had- he declares.

Published on

April 23, 2022

Comments are closed.