3/18/2023 0 Comments Packetstream vs![]() ![]() We expect to see these unpatched systems exploited by attackers in the coming weeks and months as organizations scramble to play catch up with missing updates. As India goes into lockdown, we assess with moderate to high confidence that a significant number of information systems may not be receiving critical updates and patches against security vulnerabilities during this time. Our incident response experience has also taught us another key lesson that is worth bringing up right now: bad guys love unpatched systems. If India is a key part of your operations, this could be indicative of significant disruption coming in the future, if not here already. However, the top 5 IPs continued to be Amazon AWS from Mumbai. We also find it interesting that India’s Prime Minister Modi did not declare a lockdown until March 24, almost a week after the drop in activity was detected. Overall, we’ve noticed a total drop in traffic of about 70%. The sessions from the top 5 IP’s dropped by about 84%, and sessions for the top 5 targeted ports dropped by about 70%. It’s worth pointing out that while overall traffic was down almost 70%, certain ports actually showed an increase in traffic during this time period. Note: port 0 activity indicates probable ping sweeping. Number of sessions for top 5 IP addresses and top 5 destination ports: Because it’s been about 3 weeks since this drop occurred, we’ll evaluate the previous 3 weeks compared to the 3 weeks since. So, what changed? Here’s some analysis of the traffic before and after March 18. (The entire country of India is on the same time zone, UTC +5:30.) Let’s take a closer look to see what the exact date and time was that we see the drop in activity.Īn enhanced view of that time segment shows traffic took a steep drop around 16:00 on UTC, or, around 21:30 India Standard Time Zone. The decrease in activity is truly startling. Screenshot: Activity from India over the last 30 days using PacketWatch Below is a screenshot that provides a glimpse into our monitoring capability at one listening point: That lead to a theory – what would happen if the world’s most populous country, which is also a key partner in the technology world, suddenly was hit with the nastiest virus we’ve seen in over a century? So, we ran a search in our PacketWatch systems looking for traffic coming from India. ![]() A chance conversation discovered that a partner organization was concerned about their colleagues in India. ![]() This post will share what we’ve uncovered, details in the change in traffic, as well as a few predictions about what this means for the future.Īs all research begins, this one started the same way: virtual, water cooler chitchat. Our research and analysis found a major drop in traffic starting around late March. Recently, our intelligence team started looking for countries that have suddenly gone silent. The World’s Most Populous Country Just Got Significantly QuieterĪs the Coronavirus continues its march across the globe the last few weeks, it has forced countries into lockdown. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |