India’s ongoing Covid-19 vaccination drive platform CoWIN is being used as bait by Chinese and North Korean hackers looking to launch widespread cyberattacks on the country’s companies and individuals.
According to cyber intelligence firm CYFIRMA, hackers based in China and North Korea are discussing plans of creating fake CoWIN websites to imitate India’s meant for people to register for Covid-19 vaccination.
The purpose of these sites would be to get individuals to sign up and unwillingly share their personal information with the hackers behind the screen, who’ll be able to use it to launch more sophisticated cyberattacks.
According to a report in The Print, hackers are looking to set up fake CoWIN websites on the following domain names: sowin.net, wonwin.io, cow-in.net and registrationcowin.org.
Previously, CYFIRMA had told Inc42 about hackers sponsored by China, North Korea and even Pakistan, looking to launch cyberattacks on India’s pharmaceutical companies and vaccine manufacturers to steal Covid-19 vaccine research data.
In a previous report, CYFIRMA claimed it had recorded conversations in Chinese hacking communities, where participants have talked about “teaching India a lesson”.
Others in the group wrote, “This is one country that doesn’t listen to us”. The participants in one such Chinese hacking group conversed in Mandarin about targeting Indian press and media companies, telecommunication firms, government websites including defence-related agencies and Indian pharma companies.
Moreover, according to a recent study by Recorded Future, which studies the use of the internet by state actors, amid border clashes between the armies of India and China in Ladakh’s Galwan Valley since June last year, malware began to flow into India’s electricity grid due to hacking attempts by Chinese actors, eventually leading to a blackout in Mumbai.
According to IBM Security’s Cost of a Data Breach Report 2020, Indian companies, on average, saw the total cost of a data breach come up to $2 Mn. Further, the report reveals that on average, it takes 313 days to identify and contain a data breach in India, while security automation is deployed in just 53% of all organisations in the country. Given the current scenario, the costliest industry for a data breach is healthcare.