HT Interview | With ChatGPT cybercriminals becoming more sophisticated, says data security expert

Cyber-attacks are becoming more widespread in India, with a rise in ransomware and email-borne security threats. Cyber criminals have become more proficient, taking undue advantage of the potential of artificial intelligence and machine learning. (ALSO READ | Ransomware attack: Cyber terrorism probe as AIIMS services paralysed)

To understand how to defend oneself and the business and be aware of best practises if targeted by cyber-attacks, Hindustan Times spoke to Rohit Aradhya, vice president and managing director of Barracuda Networks India, a security, application delivery, and data protection company.

Here's an edited version of the interview.

1) Can you provide an overview of the current state of cyber-attacks in India?

As per CERT-IN reports there has been a 51% increase in ransomware attacks in India in the first half of 2022. A Barracuda report also finds 73% of Indian organizations experienced a successful ransomware attack in 2022 and 45% of them were hit more than once.

The top four Industry verticals targeted for ransomware attacks in India are manufacturing, power, datacenters/IT/ITeS, and Oil & Gas. Apart from these, the healthcare sector is also becoming an increasingly attractive target for ransomware attacks due to the sensitive nature of the data that healthcare institutions hold.

Email-borne security attack is another common type of attack in India as 82% of the Indian organizations surveyed for our earlier report had fallen victim to at least one successful email attack in the last 12 months.

ALSO READ: CBI launches probe into cyber attack on Nagpur’s Solar Industries Limited

2) With the increasing development of artificial intelligence, how do you see cyber criminals becoming more sophisticated in their attacks?

AI & ML were already favoured by the attackers. With the increased availability of large sample sets of data to train the Machine Learning models and readily available software kits, cyber attacks are now becoming more sophisticated. With the recent availability of ChatGPT, the open AI-based chatbot, cybercriminals are well-equipped to leverage some of this platform’s capabilities. Although ChatGPT has strong authentication, user liability and legal guard rails, it can definitely help increase the sophistication of social engineering, impersonation, ransomware, phishing, and other kinds of cyber-attacks.

ALSO READ: This new ChatGPT-like AI tool from Microsoft helps fight cyberattacks

3) If someone is caught in an attack of ransomware, what are the most important dos and don'ts they should keep in mind?

Disconnect devices and set up network segmentation: As soon as possible, disconnect the infected machines, such as external storage devices like phones, hard drives, or backup machines, from the network. If multiple machines are infected, they should be brought off the network at the switch/router level. Physically disconnecting the machines is recommended. At the same time, implementing robust network segmentation will help reduce the spread of ransomware if it does get into your system.

Take stock of extent of infection: Look for signs of encryption and ransomware-type by looking at known file extensions, ransom note or screen lock, and password not working that help to determine the extent of infection – whether it is limited to a few connected machines, or it has infected full network, single geography or multiple locations etc.

Take remediation actions: Look for decrypt keys for known ransomware in CERT-IN or any other sources and use them to decrypt your files or disk. You should ensure that the decryption is done in an isolated environment.

Secondly, restore your backup with a fresh installation on all your infected machines. You are recommended to adhere to the best practices for AAA (authentication, authorization, and accounting) practices like multi factor authentication, privilege access, multi-level logging and alerting mechanisms, proper network segmentation etc. It’s also important to ensure all your servers and software are patched to the latest security patches from the vendors. This should be audited on a regular basis.

Lastly, report the incident to CERT-IN so that they are aware and recommend measures.

ALSO READ: HT Interview | Paying up to ransomware attackers bad strategy…: Dmitry Volkov

4) What are some of the most common signs of phishing mail that someone should be aware of?

Any email, SMS, calls, or links asking for personal data like login credentials, government ID numbers, credit card, bank account or any personal relevant information.

Similar sounding email IDs, websites but with spelling or grammatical errors in domain names and URLs.

Any emails or messages asking you click on any hyperlinks, shortened links, or suspicious URLs.

Any emails which have a false sense of urgency and call for action which is not usually known, such as bank closures, mortgage closures, updating of government or bank information, or government notices.

Unknown sender that shows sense of urgency but using your name and some publicly available personal information by unsolicited social media reach out or honey trap messages.

5) Finally, could you provide some tips and best practices for better digital hygiene and staying safe from cyber-attacks?

Have strong passwords and better password management and change them on a regular basis.

Use multifactor authentication to strengthen access control.

Think before you click any link.

Least security default, need basis, time-bound, role-based privilege access to systems.

Periodic upgrade of your digital devices to patches and the latest software to avoid breaches.

Backup your digital devices on a regular cadence.

Invest in good email security, anti-phishing, anti-virus software for your digital devices.

Enhance employee security awareness training for the latest phishing and social engineering tactics.