It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit.
https://twitter.com/NarangVipin/status/1189159651771912192
It should come as no surprise that India is both a target for political and economic reasons or a major player, ready-or-not, in the cyber arena too. What this discovery does is reinforce how complex the world of espionage, cyber crime and nation-state hacking is. India has offensive and defensive cyber capabilities, is a nuclear power, has a massive percentage of the world’s population, the largest middle class in the world and the world’s largest democracy. It is strategic and has deep ties with the leading economies like the USA. That makes India a massive part of the geopolitical landscape and by extension of the cyber landscape. It’s time for India step up activities, and it’s time for a new alignment and balance of power in the cyber domain to match what we do in others: land, sea, air, space.
Critical national infrastructure is a lucrative target for cyber hackers. Not only can an attack disrupt services that have a nation-wide impact but data is often highly sensitive and valuable. The attack on India’s nuclear power plant is particularly worrying given it should have had the newest and most secure network. It is fundamental that those responsible for the provision of critical infrastructure are taking the necessary steps to defend themselves from attackers. They need a layered approach to cybersecurity, all the way down to a network level. By tapping into the ubiquitous DNS layer for network detection and response, for example, security teams can use their existing infrastructure to identify malicious traffic entering and leaving their network early, allowing them to quickly take steps to mitigate the impact of an attack before damage is done.
The consequences of not investing in industrial cybersecurity could be numerous and severe, particularly if a nuclear power station is targeted. Dtrack malware may usually be used for reconnaissance purposes but the information gathered from infected industrial and critical infrastructure plants could be used for other malicious purposes. It is imperative that critical infrastructure organisations put plans in place to prevent malicious attacks, and the cybersecurity community comes together to share expertise and knowledge on identifying and providing solutions to cybersecurity challenges. Applying artificial intelligence and machine learning detection and response enables organisations to monitor for malware and rapidly respond to remove malicious code.