CYBERATTACKS AND COVID-19
Cyberattacks and COVID-19
1. CONTEXT OF THE NEWS
Recently, the Australian government and institutions are being targeted by what the Australian Prime Minister called a ‘sophisticated state-based cyberattacks’. In the chain of events, now, the Indian Computer Emergency Response Team (CERT-In) has warned about a possible large-scale cyberattack in India.
This editorial discuss about the rise and nature of cyberattacks amidst the COVID-19 pandemic.
2. CYBER ATTACK
- According to the ISO (International Organziation for Standardization), an attack in computer and computer networks 'is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.'
2.2 Some important type of Cyber attacks
- Malware - it refers to malicious software, including spyware, ransomware, viruses, and worms. It installs itself on the system after a trigger by the user such as a click. Once installed, the malware can block access to the network, install additional harmful software, spy on sensitive data of the user, or disrupt a complete system.
- Packet sniffing – it is the act of gathering and logging some or all packets that pass through a computer network irrespective of the address of the packet. Packet sniffers interpret these packets to reveal underlying information.
- Phishing – it is the act of sending fraudulent mails under the pretext of some credible source intended to steal personal, sensitive, or financial information.
- Man-in-the-middle attacks – in this attack the attacker relays communication between two parties who think they are communicating directly. The man in the middle may modify the message sent from one party to the other.
- Denial of services (DoS) – in this attack the perpetrator aims to make a machine or network temporarily or permanently unavailable to the intended user. This is the most widely used attack and also the most difficult to tackle.
- Brute Force attacks – trying various combinations of login credentials until one gets access into a system.
- Similarly, viruses, Trojan horse, ransomware, spyware, etc. are also widely used methods of cyber-attack.
3. RECENT REPORTS WARNING ABOUT CYBER ATTACKS IN INDIA
3.1 Details of CERT-In advisory
- CERT-In released an advisory on June 19, 2020.
- CERT-In has said that the cyber attackers may use COVID-19 support initiatives especially the ones launched by the government to conceal malicious e-mails.
- The malicious emails are designed to divert the target audience towards a look-alike Fake website and the attack will take place either by downloading malicious files on the device of the user or will aim to extract personal, sensitive, and financial information.
- The report further said that the hackers claim to have 2 million individual email IDs and in order to coax the user into submitting personal information, will use catchy lines in the email subject as, 'Free COVID testing for all the residents of a particular city'.
- These malicious emails will originate from fake email IDs impersonating government authorities and will begin from 21 June.
3.2 Findings of CYFIRMA
- CYFIRMA, a cyber-intelligence firm found that a group of cyber-hackers knows as Lazarus group are targeting 2 million individual Email IDs in India.
- The Lazarus groups is believed to have the backing of the North Korean government.
- Recently, Cyfirma has reported about the conspiracy of a widespread cyber-attack in India targeting government agencies, media houses, pharmaceutical companies, and telecom operators.
3.3 Other Findings
- Recently a report released by PwC informed about around 6 fake versions of the 'PM CARES'have cropped up and are targeting Indians.
- According to a NITI Ayog Report, among the cyberattacks forms, the most widely used attack is Phishing forming 57% of all attacks. This is followed by malware attacks, which constitute 41%, spear-phishing at 30%, Denial of Service attack comprising 20%, and ransomware at 19%.
4. RISE IN CYBER ATTACKS
4.1 Rising Numbers
- A PwC report suggests that the number of cyber-attacks in March 2020 was twice than the attacks in January 2020.
- While the governments all over the world are busy tackling the COVID-19 pandemic, for cyber attackers, this is the most suitable opportunity to launch even organization-wide attacks.
4.2 Piggybacking on COVID-19
- The COVID-19 pandemic has led to worldwide fear, anxiety, and insecurity.
- Such overwhelming conditions makes an individual more vulnerable to a cyber-attack.
- Cyber-attackers send phishing mails under the garb of ‘false cure of COVID-19’, ‘free testing for COVID-19’, ‘false advice or medication’ etc.
- An individual distraught by the COVID-19 fear becomes an easy target for such attackers.
- These phishing emails can be viruses, malware, worms, Trojan horse, malware, or ransomware aiming to attack an individual, organization, or even while governments.
- Phishing emails are also sent under the garb of donations and charity to help the destitute under the pandemic.
4.3 Attacks targeting India
- According to PwC, the major target of COVID-19 related malicious emails were firms in finance and pharmaceutical sector. Banking, defence, and manufacturing firms were also targeted widely.
- The PwC study noted a 100% increase in attacks within a few days in February. In March 2020, a 66% increase was detected by endpoint security systems and 100% in brute force attacks.
- PwC findings suggest that organizations in India lose $100 - $200 million per year due to data breaches. The average cost of data breaches in 2019 was $119 million.
5. CYBER THREATS TO INDIA
5.1 Cyberattack from the Chinese
- Cyber-intelligence firm Cyfirmawarns that Indian government agencies, media houses, pharmaceutical companies, telecom operators may be the target of Chinese hacking groups.
- CYFIRMA has gathered the information from messages exchanged in Mandarin on the dark web.
- The attacks stem after the first bloody clash between India and China in 45 years over border issues when earlier this week 20 Indian soldiers died as a result of the clash and several others were injured.
- The messaged were exchanged between Gothic Panda and Stone Panda, two well-known cyber-hacking groups who have the backing of the PLA (People’s Liberation Army).
5.2 Cyberattack from the Pakistanis
- India faces a dual challenge from China and Pakistan due to escalation on both the fronts.
- Cyberattacks from Pakistan based groups have increased ever since India abrogated Article 370 last year.
5.3 Intensity of the Attacks
- Twenty-four websites related to Union and state governments had been under cyber-attack until May 2019, according to the information provided by CERT-In to the Indian Parliament.
- A malware designed to extract data was found in the network of Nuclear Power Corporation of India's Kudankulam nuclear power plant in November 2019. The malware was supposed to have been launched from the Lazarus Group from North Korea.
5.4 Cyberattacks globally
- Australia became a target of cyber-attacks recently after its decision to investigate the origins of COVID-19.
- Given the scale, type, and intensity of cyberattacks in Australia, the Australian PM called these attacks as state-backed.
5.5 Rising incidents of Cyberattacks
- Cyber-attacks are now widely used covertly by big nations to retaliate against a rival or to show passive aggression.
- North Korea is believed to have an army of 7000 hackers, who often engage in espionage, stealing state secrets, the blueprint for weapons, and sensitive political information.
- North Korea is also believed to have launched widespread cyberattacks on the U.S.A. and South Korea aimed at disabling critical infrastructures such as power plants and electric grids and raised billions of dollars from such attacks to fund their weapons programme.
The fear and anxiety caused by the COVID-19 pandemic have become a hotspot for malicious cyber-attacks. Furthermore, these attacks are not only financially motivated anymore. They are now extensively used by rival big nations who wish to avoid a full-blown nuclear war.
The Indian government should focus on this issue and look into the matter since these attacks can harm critical infrastructure as power plants, electric grids, steal sensitive information, and can hurt pillars of an economy like the MSME Sector (Micro Small Medium Enterprises), bringing the economy to a halt.
Every organization and firm in India must remain vigilant and be in constant dialogue with law enforcement authorities in the wake of such reports.