Home Features COVID-19 and the Current Cyberthreat Landscape in India

COVID-19 and the Current Cyberthreat Landscape in India

With the second Corona wave and curfew-like restrictions, India might once again prove to be a soft target for cybercriminals.

SideCopy Malware Campaign

It’s been over a year since the first COVID-19 death was reported in the state of Karnataka, India, in March 2020. With concerns of high mortality rates from the global pandemic, the government of India announced strict lockdowns to implement isolation, social distancing, and contact tracing. In November 2020, the country saw COVID cases plummeting, with patients showing mild to moderate symptoms compared to other countries. And while India was heaving a sigh of relief in the new year, the deadly disease made its way back in February, putting the health care sector in shambles. As of today, April 14, 2021, the COVID figure in India has skyrocketed to approximately 180,000 cases. The state of Maharashtra — with over 50,000 cases per day — has announced strict curfew-like restrictions on the movement of people, newly making India a soft target for cybercriminals.

By Pooja Tikekar, Sub Editor, CISO MAG

A CoWin Decoy?

India has been aggressive with its vaccination drive since its launch in January 2021, for health care and frontline workers first in line. The second phase of the vaccination program for the public kickstarted on March 1, 2021. The two vaccines being administered include “Covishield” from the Serum Institute of India and “Covaxin” from Bharat Biotech. Technology plays a critical role in planning, deploying, and monitoring vaccination programs. Hence, citizens are urged to register via Aarogya Setu or on the CoWIN website. However, hackers are testing the country’s digital architecture, and allegedly impersonating the legitimate CoWIN website to coax citizens into registering on the fake portal and exfiltrate their personal information.

RDP Attacks Skyrocket

Remote work continues to top the business continuity operations in India. According to a cybersecurity report from Kaspersky, India witnessed 9.04 million brute-force attacks against remote desktop protocol (RDP) in February 2021, compared to 1.3 million in February 2020 and to 3.3 million in March 2020. Working in decentralized environments has become the new normal and brute-forcing RDPs, the most common technique for cybercriminals to gain access to Windows systems and execute malware.

“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” said Dmitry Galov, security expert at Kaspersky. “That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”

The New-age Oil Leaks Copiously

The data breach landscape in India, pre-COVID, was simple. Adversaries launched ransomware attacks by encrypting the data on vulnerable systems and demanding ransom in exchange for a decryption key. Cybercriminals were complacent in inventing new attack vectors. But as the adage goes, change is the only constant. Today, ransomware groups are re-inventing their modus operandi to not just attack the data or “the new-age oil,” but the brand image of a business. With improved infrastructure, India is opening its doors to global market players. Threat actors are leveraging this opportunity to attack the brand image of a business/enterprise by dropping malware payloads on the targeted system and exporting data, in turn damaging intellectual property and national security.

The recent MobiKwik data leak exposed the data of 3.5 million users, with 6TB of KYC details and 350 GB of compressed MySQL dump. To add to the list, the personal information of 533 million Facebook users from 106 countries was leaked for free on an underground hacking forum – with 6.1 million users from India alone. And if this was not enough, India’s second-largest stockbroker, Upstox, was reportedly the latest victim of a breach, allegedly leaking data of 2.5 million users.

Souring India-China Relations

Ever since the pandemic broke out, India’s relationship with China turned sour. This was evident in the Mumbai power outage in October 2020, which crippled the financial capital with chaos. An investigation from Maharashtra cyber department revealed a malware attack with unaccounted data transfer from a foreign server to the Maharashtra State Electricity Board (MSEB) server. However, evidence from Recorded Future underlined the geopolitical tensions and border clashes between the two Asian neighbors. It claimed that Chinese-state sponsored group “RedEcho” targeted India’s power grid. However, it did not stop here. CERT-In averted a hacking attempt on Telangana state power utilities, TS Transco and TS Genco, by a Chinese cybercriminal hacking group.

In the past, the Indian government alleged Chinese threat actors for attacks on the National Informatics Centre (NIC), the National Security Council (NSC), and the Ministry of External Affairs (MEA). The transformative role of technology impacted Indian cyberspace and the information sector. Another report stated that India was named one of the most cyber-targeted countries globally in 2019, with over 50,000 cyberattacks from China alone. Whereas, the IBM Security report titled “2021 X-Force Threat Intelligence Index,” revealed that India was the second most cyberattacked country in the APAC.

Chief of Defense Staff, General Bipin Rawat says…

Where do we go from here?

Apart from vaccine disruptions, RDP attacks, and foreign intrusion, team CISO MAG continues to observe common attack trends such as phishing and business email compromise directed towards Indian governments and enterprises. Armies in countries like the U.S. have a cybersecurity unit (U.S. Cyber Command) that is responsible for countering cyberwarfare. India has cyber cells attached to its state police forces, and in a similar vein, the Indian government needs to seriously consider a cyberwarfare unit within the armed forces and scale up its cyber maturity.

Cyberwarfare is here to stay threat actors are eyeing every chance to sabotage the country’s defense mechanism. Out of the many attempts made by security agencies, India’s agility in incident response has been inadequate. And with the soaring second COVID-19 wave, it would be interesting to watch how India combats the vicious nature of existing and new cyberthreats.

What are your thoughts on this? Write to us at [email protected]

About the Author

Pooja Tikekar is the Sub Editor at CISO MAG, primarily responsible for quality control. She also presents C-suite interviews and writes news features on cybersecurity trends.

More from the author.