After the shocking revelation of the Kudankulam Nuclear Power Plant (KKNPP) cyber-attack last year, where North Korean hackers had attacked the nuclear power plant system, it was quite evident that the government’s departments and facilities are hackers all-time favourite.
Sai Krishna Kothapalli, the founder of Hackrew, a cybersecurity startup, claimed in a news report that up to 3K government email IDs has been compromised from across 20 different entities and departments. Some of the departments and government institutions whose officials have had their email IDs compromised include Bhabha Atomic Research Centre (BARC), Indian Space Research Organisation (ISRO), Ministry of External Affairs, Ministry of Corporate Affairs, Atomic Energy Regulatory Board (AERB), Securities and Exchanges Board of India (SEBI).
According to The Quint report, the list of senior officials includes ambassadors, scientists and senior bureaucrats across state governments and autonomous entities.
Kothapalli said that these attacks are a culmination of several data breaches that have happened in the last seven years, and the information is readily available through various sources like deep web forums, deep web websites, IRCs and others.
He further said that the data is not publicly available, but those looking in the right places can find bits and pieces in just a couple of days. He added that government authorities and agencies usually had simplistic numeric passwords or common words.
Several industry experts believe that this raises a serious concern about the security of digital infrastructure in the country and also highlights the government authorities carelessness.
Cyber Attacks On The Rise In India
Over the years, India has witnessed massive security breaches across various segments, institutions and government departments. Some of them that were reported of a data breach last year include Oyo, Bounce, Just Dial, Airtel, Nykaa Fashion, Uber, Whatsapp, OnePlus, Govt’s Online Health Registration System and others.
According to a new Data Security Council of India (DSCI) report, India has been the second most cyberattacks affected country between 2016 to 2018. The average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached recorded mounting to $64.
Last week, the ministry of electronics and information technology (MeiTY) and Nasscom-affiliated DSCI launched the ‘Cyber Security Grand Challenge.’ The Indian government has allocated INR 3.2 Cr grant for innovative startups in the Indian cybersecurity space.