CERT-IN Alert: Rising Trojan And Botnet Threats Across India’s Smart Cities

Published Date: March 3, 2025
Category: ShadowOpsIntel
Share:

A study conducted by the Indian Computer Emergency Response Team (CERT-In) in collaboration with Kaspersky has revealed widespread cybersecurity risks in 20 Indian smart cities. The report, released on February 17, highlights the prevalence of malware infections, botnet attacks, and network misconfigurations, which threaten critical infrastructure and citizen data security.

Severity Level: Moderate

Threat Overview

The analysis revealed two major categories of cyber threats affecting smart city infrastructure:

1. Trojans

  • Target regions: Western, Central, and Northern India.
  • Malware Types: Avalanche-Andromeda, Gamarue.
  • Impact: These trojans function as remote access tools, allowing cybercriminals to steal credentials, monitor keystrokes, and deploy additional malware. They can also create backdoors, leading to espionage, financial fraud, or full system compromise.
  • Primary Vulnerability: Unauthorized remote access, enabling attackers to exploit systems lacking proper authentication or access controls.

2. Botnets

  • Target region: Southern India.
  • Malware Type: Socks5Systemz.
  • Impact: This botnet turns infected systems into proxies for cybercriminal activities, such as distributed denial-of-service (DDoS) attacks, spam distribution, and data theft. Compromised devices can be remotely controlled without the owner’s knowledge.
  • Primary Vulnerability: Misconfigured Simple Network Management Protocol (SNMP), which allows unauthorized access to network devices, leading to data interception, command execution, and potential network outages.

These threats pose significant risks to smart city infrastructure, including service disruptions, data breaches, financial losses, and potential national security threats. Addressing these vulnerabilities requires proactive security measures, continuous monitoring, and rapid incident response strategies.

Recommendations

  1. Disable unused remote desktop services (RDP, SSH, Telnet, etc.).
  2. Implement multi-factor authentication (MFA) for remote logins.
  3. Use virtual private networks (VPNs) with strong encryption for remote access.
  4. Disable or harden Simple Network Management Protocol (SNMP) by:
    – Using SNMPv3 with strong authentication instead of SNMPv1/v2.
    – Restricting access to trusted IP addresses.
    – Regularly monitoring SNMP activity for anomalies.
  5. Block high-risk ports (e.g., 1080, 4444, 3389) on firewalls to prevent malware communication.
  6. Implement application whitelisting to allow only trusted software.
  7. Disable autorun features for external drives to prevent USB-based infections.
  8. Regularly audit installed software and remove unused applications.
  9. Apply security patches to operating systems, IoT devices, and network hardware.
  10. Ensure all legacy systems are either upgraded or decommissioned if no longer supported.
  11. Keep antivirus/anti-malware/EDR solutions updated across all devices.

Source:

  • https://www.moneycontrol.com/technology/cert-in-analysis-flags-cyber-security-risk-in-smart-cities-article-12950534.html
  • https://www.cert-in.org.in/PDF/Guidelines_for_Smart_City_Infrastructure.pdf

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.