Central agencies are maintaining a high level of vigilance as they anticipate potential cyber attacks on India’s critical infrastructure. CNBC-TV18 had reported on December 11 that more than 4,000 Indonesian and Pakistani hackers are planning to launch a ‘cyber party’ targeting India’s digital infrastructure, especially the health sector. There is heightened concern as hacker groups have shown a continued interest in targeting this sector, particularly following the global pandemic.
What is Critical Digital Infrastructure?
The National Critical Information Infrastructure Protection Centre in India, a government organization responsible for safeguarding critical information infrastructure, has identified several sectors as ‘Critical Sectors’. These sectors include Power & Energy, Banking, Financial Services & Insurance, Telecom, Transport, Government, and Strategic & Public Enterprises.
India is expanding digitally, and these sectors are vital for the countries daily operations and contain highly sensitive and confidential data. As a result, they are also a big target for cybercriminals.
What is Data Breach and How is it Connected to Cyber Attacks?
A data breach occurs when unauthorized entities illegally access confidential information, such as personal details, financial data, and intellectual property. This security lapse can affect anyone with a digital presence.
Perpetrators, often hackers, may execute breaches for malicious purposes, including phishing, ransom demands, or selling sensitive information. While ‘data breach’ and ‘cyber-attack’ are often used interchangeably, not all breaches involve cyber-attacks.
According to IBM’s 2022 report on the cost of data breaches, organizations face an average cost of around $4.35 million per incident.
How many attacks has India faced on its critical infrastructure?
India’s critical digital infrastructure has faced an incredulous number of attacks. Banks, Oil corporations, flood warning systems, hospitals, airlines and data centers have all been targeted.
Here’s a recall of some of the biggest cyber attacks in India:
Cyberabad police data leak: In April, Cyberabad Police served notices to 11 organisations, including banks and a social media giant, regarding a massive data breach impacting 66.9 crore individuals and organisations in India. Vinay Bhardwaj of Faridabad was apprehended for involvement in the theft, possession, and sale of personal and confidential data. The stolen data included GST details, customer data, and student data. The police conducted an investigation to identify security loopholes and have summoned organisation representatives for information on their database procedures and access permissions.
RailYatri data breach: RailYatri, the e-booking services website, experienced a data breach in December 2022. Over 30 million user records associated with the platform were found being sold on the dark web. The leaked data included user records and invoices. RailYatri had a previous breach in 2020. The company assured users that sensitive customer data remained secure, but some registered user information may have been accessed. RailYatri resolved the breach and reported it to authorities, while the Railway Board advised thorough system inspections for all IRCTC business partners.
Aadhaar data breach: According to an October 9 News18 report, a ‘threat actor’ with a handle on X (formerly Twitter), advertised the database in a breached forum on dark web which involves records of 815 million Indian citizens — Aadhaar and passport information along with names, phone numbers and addresses. The ‘threat actor’ claimed the data — extracted from the Covid-19 test details of citizens — was sourced from ICMR.
According to American cyber security and intelligence agency Resecurity, which initially noticed the leak, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on October 9, brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people.
AIIMS Delhi ransomware attack: The Rajya Sabha was notified on December 16, 2022 by the Union government that five servers at the All India Institute of Medical Sciences (AIIMS) had been impacted by a cyberattack, leading to approximately 1.3 terabytes of encrypted data. The AIIMS ransomware attack reportedly involved 40 million record. The servers at AIIMS Delhi were rendered immobile due to this attack. On June 6, another malware attack was attempted, but the premier institute was able to prevent it within a day using an advanced firewall security system.
Who is responsible for these attacks?
Cyber attacks can occur from anywhere in the world. However, when it comes to India, 79% of cyberattacks in 2022-23 were carried out from China. In 2015-16, 58-59% of cyber attacks on India were from Pakistani threat actors or operators from the Middle East. Today, only 6.4% of threats are from Pakistani actors or their affiliates according to Cyfirma, an external threat landscape management platform based in Singapore.
Statistics behind Cyberattacks in India
- India is the most targeted country, with 13.7% of all cyber attacks in the world directed at it
- Of all the cyber attacks India faces, 95% of the time the target has been a government agency
- 45% of Indian businesses saw more than 50% increase in disruptive attacks, the highest in Asia-Pacific
- 67% of Indian government and essential services experienced more than 50% increase in disruptive attacks
- Last year, on November 30, the website of the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts in 24 hours
- Almost 72% of all cyber attacks targeted at India is state-sponsored
- State-sponsored cyber attacks against India increased by 278% between 2021 and September 2023, with services companies, including information technology (IT) and business process outsourcing (BPO) firms, seeing the highest share of attacks
What about personal cybersecurity and data leaks?
While it sure sounds easy to take stock of personal data, it really isn’t. In Q3 of 2023, data from almost 369,000 personal accounts were leaked including passwords, and credit card details. Q2 was worse as data from 1.4 million individual accounts were leaked on to the dark web.
So, for those wondering how to protect themselves, two-factor authentication is the best way to protect yourself. According to a report by Microsoft, it helps prevent an illegal entry to your account almost 99.2% of the time.
What systems are in place to protect our critical digital infrastructure?
Several measures are in place, including strict adherence to Cyber Hygiene Standard Operating Procedures by government agencies, the establishment of the Indian Cybercrime Co-ordination Center, CERT-In advancements, and the implementation of the Personal Data Protection Bill.
In the face of escalating cyber threats to India’s critical digital infrastructure, urgent action is needed. Strengthening cybersecurity, fostering collaboration, and promoting a culture of vigilance are crucial. Governments, businesses, and individuals must unite to fortify our digital defences.
Let recent incidents serve as a catalyst for innovation and a shared commitment to a safer digital future. Together, let’s build a resilient cybersecurity landscape that safeguards our interconnected lives.