Cyberattacks on Indian Govt Agencies More Than Doubled In 2022: Report

Cyberattacks on Indian government agencies more than doubled in 2022, according to a report by cybersecurity firm CloudSEK. 

Noting the uptick in cyberattacks, CloudSEK said that India was the most frequently targeted country in the world in this regard. This spike was attributed to a volley of cyberattack campaigns launched by Malaysia-based Dragon Force and numerous other hacker groups. 

In 2021, India accounted for 6.3% of the total cyberattacks on government agencies, while this number surged to 13.7% in 2022.

“In 2022, attacks on the Indian government intensified to the point where it became the country that was most frequently targeted in this sector. This expansion is the result of the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous hacktivist groups joined and supported these campaigns, which laid the path for subsequent ones,” said CloudSEK in its report. 

The motivations were largely related to hacktivism, data breach, initial access to point of sale, compromised personal identifiable information, among other reasons. 

Hacktivism refers to a cyberattack where the malicious actor’s aim is largely to promote a political agenda or to protest certain policies. 

A majority of the cyberattacks launched on India, according to the report, had religious connotations. 

In one instance, a group called Khalifah Cyber Crew launched a coordinated campaign to protest ‘Muslim discrimination by (the) Indian government’. In a separate instance, Dragon Force attempted a cyberattack as part of ‘protest against (an) Indian politician’s controversial comments on Prophet Muhammad’.

The report claimed that attacks on government agencies across the globe increased 95% year-on-year (YoY) in the second half of 2022. A mere four countries – India, the US, Indonesia, and China – accounted for nearly 40% of the total cyberattacks on government agencies in 2022. 

Cyberwar At India’s Doorsteps

The coordinated cyberattacks from Indonesia and Malaysia were not out of the blue for Indian authorities. 

In July, Ahmedabad’s Deputy Commissioner of Police for the cybercrime wing, Amit Vasava, stated that hacker groups from Malaysia and Indonesia had initiated cyber war against India following former BJP leader Nupur Sharma’s comments on Prophet Muhammad during a television debate.

A clutch of recent cyberattacks involving AIIMS Delhi, Oil India Limited and the infamous CapraRAT Android malware have raised eyebrows in the security establishment. In many cases, hackers have encrypted data and even purportedly sought ransom to decrypt the sensitive data.

The Indian agencies have been an easy target in many cases owing to lax security infrastructure and sub-standards firewalls to ring fence critical data of users. This has made Indian websites and servers hosting critical user data a major target of the hackers worldwide from Pakistan to China and from Russia to Malaysia.

Elaborating further on what drove these malicious actors, the CloudSEK report said, “Although the primary motive of most of the threat actors is exfiltrating data and selling it for monetary benefit, it is not the only reason they target government entities… The year 2022 saw a significant increase in hacktivist activity, which accounted for about 9% of the recorded reported in the government sector.”

Interestingly, the report comes days after Minister of State for Information Technology Rajeev Chandrasekhar conceded that the country was witnessing a rise in ransomware attacks involving commercial and critical infrastructure.

In response, the government has beefed up cybersecurity infrastructure,raised awareness among officials and introduced a slew of measures to curb such attacks. Despite that, it seems that there is let down in cyberattacks. A senior Google executive recently estimated that India saw 18 Mn cyberattacks and 2 Lakh online threats daily in the first quarter of 2022. 

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.