India’s Covid-19 Data Under Threat, Warn Cybersecurity Firms

With a population of 1.38 Bn, India has the potential to be the largest digital data market in the world, but cybersecurity and data storage are two major issues in the Indian market which have time and again brought up questions of whether India can tap into the data economy. Data around healthcare has come in handy for Covid-19, for example, but there are still concerns about privacy violations and more. And now cybersecurity firms have cautioned the government about state-sponsored hackers from the neighbouring countries attacking data related to Covid-19.

Cybersecurity firms Cyfirma and Malwarebytes Labs have independently highlighted incoming threats from Pakistan.

“We observed increased activity in the hackers’ Dark Web communities. We initially thought that they were after financial gains, but the objective appears to be to cause reputational damage,” Ritesh Kumar, CEO of Cyfirma told ET, talking about one of the potential threats.

Cyfirma has traced this back to Pakistan state-sponsored hacker groups that identify themselves as IOK <Babur>. In a report, the firm has also listed out top donors of the PM-CARES Fund that have been mentioned in the conversation. The list also includes industry leaders like Adani Group, JSW Group, Reliance Industries and L&T.  Cyfirma has alerted India’s state-run cybersecurity agency Computer Emergency Response Team (Cert-In) about the potential threat.

Security software developer Malwarebytes Labs has highlighted similar concerns coming from another hacker group APT36, in a separate report, which is looking to collect sensitive information that supports Pakistani military and diplomatic interest. Earlier this month, the group was also linked to the series of cyberattacks on China’s Ministry of Emergency Management.

Google’s Threat Analysis Group (TAG), which works towards preventing government-backed phishing and hacking against Google and its users, has identified over a dozen government-backed hacker groups carrying out cyberattacks exploiting the Covid-19 crisis.

“Recently, our systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 Mn COVID-related daily spam messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing and malware from reaching our users,” Google blog added.

Meanwhile, National Technical Research Organisation (NTRO) has also added that the relaxations in geofencing restrictions to allow employees to login from different locations can make such networks vulnerable to cyberattacks, especially from the neighbouring countries.

Another modus operandi being used by them is to send out legitimate-looking coronavirus-related advisories impersonating as officials from the government and health organisations, through malicious email attachments. The report added that the impersonators are trying to leverage the Covid-19 situation and seeking donations while also trying to steal credentials of the users.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.