14.02 Lakh cybersecurity incidents were reported in 2021 while 11.58 Lakh such instances were reported to CERT-In in 2020
Delhi AIIMS cyberattack was the handiwork work of unknown threat actors and was caused due to improper network segmentation
Five servers of AIIMS Delhi were impacted in the November cyberattack and 1.3 TBs of data was encrypted
India witnessed 13.91 Lakh cyber security incidents in 2022, Minister of State for Electronics and Information and Technology Rajeev Chandrasekhar informed the Parliament on Friday (February 10).
The numbers still do not give an entire picture of cyberattacks on the country as these statistics only include information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In).
The number of reported cyberattacks, however, fell in 2022, down from 14.02 Lakhs in 2021. As per government figures, 2.08 Lakh incidents were reported in 2018, 3.94 Lakh attacks were recorded in 2018 and 11.58 Lakh cybersecurity incidents were reported to CERT-In in 2020.
The Minister also disclosed the findings of a technical analysis into the AIIMS Delhi cyberattack. Chandrasekhar said that the attacks was the handiwork of unknown threat actors and was caused due to improper network segmentation.
“As per the analysis, servers in the information technology network of AIIMS were compromised by unknown threat actors due to improper network segmentation, which caused operational disruption due to the non-functionality of critical applications. CERT-In and other stakeholder entities advised necessary remedial measures in respect of the same,” noted the reply.
As many as five servers of AIIMS Delhi were impacted in the incident and 1.3 Terabytes (TBs) of data was encrypted by the hackers.
The country’s premiere medical institute was the subject of a major cyberattack in November last year which paralysed operations at the critical national infrastructure. Eventually, a case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) wing of Delhi Police. The case is being probed by CERT-In, CBI, NIA, among a host of other agencies.
Replying to a question from MP Sushil Modi, the MoS also said that the National Security Council Secretariat (NSCS) has already formulated a draft National Cyber Security Strategy, which would address issues related to the security of national cyberspace.
Noting that it was ‘fully cognisant’ of various cybersecurity incidents, the government said that it has taken various measures to ‘enhance the cyber security posture and curb cybersecurity incidents.’
The Digital Security Challenge
While the government said that CERT-In tracked just 13.91 Lakh cybersecurity incidents in 2022, a senior Google executive in August last year had pegged the number at 18 Mn cyberattacks a day.
Last year also saw hackers from Indonesia and Malaysia launch an all-out cyberwar against India following former BJP leader Nupur Sharma’s comments on Prophet Muhammad during a television debate.
As per a report, cyberattacks on Indian government agencies more than doubled in 2022 as the country emerged as the most frequently targeted country in the world in this aspect. Besides, multiple Indian agencies from Oil India Limited, Ladakh Power Grid, UIDAI and other agencies have allegedly been attacked in multiple such attacks in the past few years.
Indian agencies have been a soft target owing to lax cybersecurity norms and access to a huge trove of data. With sub-standard firewalls deployed to protect critical user data in many cases, the recent past has seen both state and non-state actors looking to exploit vulnerabilities in the system.
While the government claims to have added more safeguards and ramped up measures, it remains to be seen how effective these new firewalls are. With most reports pointing to a more challenging year on the cybersecurity front for India, all eyes are now on how effectively authorities curb such attacks.