Last week, CERT-In, India’s nodal agency on cybersecurity, issued an advisory on a massive phishing attack on India. The adoption of digital services has put India high up on the hit list of hacker groups, many linked to neighbouring countries. Mint takes a deep dive.
Are the cyberattacks against India growing?
Since mid March, as the number of covid-19 cases in India started to increase, and offices encouraged people to work from home, attacks targeting many Indian companies also increased. According to PWC, many Indian organizations saw a 100% increase in cyberattacks between 17 and 20 March 2020. A May report by Kaspersky shows a 37% increase in cyberattacks against Indian companies in Q1 2020, as compared to Q4 2019. Phishing attacks offering information on covid-19 and equipment, or free testing with the intention to steal personal information has also been on the rise in India in the last few months.
Who are the people or nations targeting India?
According to Subex, a telecom analytics firm, India was the most targeted nation between April and June 2019. Most cyberattacks targeting India originated in Slovenia (74,998), Ukraine (55,772), the Czech Republic (53,609), China (50,000), and Mexico (35,201). Pakistan linked hacker groups have also intensified their attacks on the Indian government and individuals. China is believed to be behind the conspiracy to target government agencies, telecom and pharma firms, media houses. Two hacker groups Gothic Panda and Stone Panda, who are behind these attacks, have strong links with the People’s Liberation Army of China.
Who among the ones being targeted is most vulnerable?
Since the advent of coronavirus-induced challenges in workplaces, the challenges with cyber security have only increased. Any organization which has been forced to move its operations online on short notice is vulnerable. Individuals who are not fully aware of the best security practices and are using digital payments solutions or tools for the first time are prone too.
What can be the impact of cyberattacks?
Cyberattacks and data breaches have cost organizations in India ₹12.8 crore on an average between July 2018 and April 2019, as per a 2019 report by IBM. Globally, the average cost, in that period, of data breach was ₹27 crore. Besides losses incurred due to disruption, a cyberattack can cause loss of brand value. It can also result in lawsuits and heavy penalties levied by the government or regulator of land. The proposed data protection bill stipulates a maximum penalty of ₹15 crore or 4% of annual turnover in case of a violation.
What’s the aim behind targeting India?
Most cyberattacks are motivated by financial gain. Hackers exploit vulnerabilities to gain access to company network and then block them out of their systems, forcing them to pay a ransom. However, in the last few years, state-backed attacks against India have grown. The motive behind these is to send a warning to India or firms that have been critical of adversarial neighbours such as China and Pakistan. Many of the large-scale hacker groups are after intellectual property critical for any firm, so they can sell them on Dark Web.