Cyber attacks amid the Covid-19 pandemic rose by almost 300% last year in the country to reach 1,158,208 compared to 394,499 in 2019, the government told Parliament on 23 March, citing the data from Computer Emergency Response Team (CERT-In).
The ministry did not elaborate on the attacks or the profile of attackers. But cyber experts said the spike could be linked to an increase in online activity last year particularly during the lockdown imposed to check the Covid-19 spread. The experts blamed a lack of cybersecurity awareness for phishing and malware attacks.
“CERT-In receives inputs from its situational awareness systems and threat intelligence sources about malware infections in networks of entities across sectors. Whenever any incident comes to notice of CERT-In, it issues alerts and advisories to the entities concerned and sectoral CERTs for remedial measures,” Union minister of state for home affairs G Kishan Reddy told Parliament. He was responding to a query on cyber attacks on India’s power supply and on a company supplying Covid-19 vaccines.
Earlier this month, American cyber intelligence company Recorded Future said it uncovered a suspected China-linked cyber operation that was focused on India’s electricity grid and other critical infrastructure. While the company did not link a wide power outage in Mumbai to the operation, which it titled RedEcho, it did not rule out a link. Recorded Future said RedEcho deployed malware known as ShadowPad, which has been previously linked to Chinese cyber soldiers.
Reddy said the government has issued guidelines to chief information security officers regarding their key roles and responsibilities for securing applications/infrastructure and compliance. “All the government websites and applications are audited with respect to cyber security prior to their hosting. The auditing of the websites and applications are conducted on a regular basis after hosting. (The) government has empanelled security auditing organisations to support and audit implementation of information security best practices.”
Reddy said the government has formulated a Cyber Crisis Management Plan for countering cyber attacks for implementation by all ministries/ departments of the central government, state governments, and their organisations.
He added the government is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). “The centre is providing detection of malicious programmes and free tools to remove the same.” Reddy said the government has set up the National Cyber Coordination Centre to generate necessary situational awareness of existing and potential cybersecurity threats.
Pavan Duggal, a cyber law expert said, there are mainly two reasons for the increase in cyber-attacks last year. “…first, the fear and panic due to Covid-19, which cyber-criminals were able to weaponize to their benefit. Secondly, the work-from-home ensured that cyber security did not get the kind of attention it was supposed to get. It was far easier to breach the systems at home than at the workplace. But, keeping numbers aside, this can be called the golden age of cyber-crimes. The cyber breaches will be a new normal now with both state and non-state actors involved.”
The Union transport ministry on 21 March received an alert from the Cert-IN regarding “targeted intrusion activities” directed towards the country’s transport sector with “possible malicious intentions”. This came after a slew of cyber security attacks on the Indian government’s domains over the past few months.
On 25 February, media reported about new phishing emails using compromised government accounts to target groups of officials, attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website.
On 21 February, media reported that the devices of multiple former defence personnel may have been compromised in a phishing attack launched through similar attacks carried out by government domain email addresses.
Last year, the National Highways Authority of India reported a cyber attack on its email server and said prompt action resulted in no data loss. It shut down its server then as a precaution.