What is Cyber-Attacks in India

Date: Jan 20, 2023

Cyber Attacks

Introduction
Cyber-attacks on India or any other country in the globe aim to take down or infect computer networks in order to steal money, extort people, or achieve other sinister goals like obtaining crucial information.Through the use of malicious code, cyberattacks change computer code, data, or logic, which can have unfavorable effects and jeopardies an organization's information or data and make it accessible to cybercriminals.India is under constant threat from cyberattacks.In the year 2020, 1.6 million attacks were reported. Due to work from home, the globe was spreading to distant regions, and security was seriously threatened.Over 700 organizations have received alerts regarding cyberattacks from the Indian Computer Emergency Response Team (CERT-IN), which has also recommended that they strengthen their cybersecurity protocols to reduce risks.

Major and minor cyber-attacks on India:
• SIM Swap Fraud
Two Navi Mumbai men were detained for cybercrime in August 2018. By illegally obtaining the SIM card details of multiple people, they engaged in fraudulent actions including money transfers from their bank accounts. These con artists were obtaining people's information, disabling their SIM cards later with the aid of phony paperwork, and then engaging in online banking transactions. They were charged with successfully moving 4 crore Indian Rupees from several accounts. They even dared to break into a few businesses' accounts.The information needed for this strategy is obtained from numerous public sources and then used inappropriately. Providing personal information to unidentified applications and domains might reduce the possibility that users would receive it along with dangerous stuff.With the help of the victim's information, fraudsters might manipulate them into participating in numerous schemes. Because scammers utilise bogus websites to obtain information directly from potential victims, it is advised that the website where a person enters his banking or other details be checked for validity.

• Cyber Attack on Cosmos Bank
The Pune branch of Cosmos Bank was the target of a daring cyberattack in August 2018 that resulted in the theft of roughly 94 crores of rupees.By breaking into Cosmos Bank's server, hackers erased money and moved it to a bank in Hong Kong. Cosmos Bank reported the cyberattack to the cyber cell in Pune. Many owners of Visa and Rupee debit cards had their personal information stolen when hackers broke into the bank's ATM server.The Cosmos Bank's centralised financial system was not the target of the attack. There was no change in the balances or overall account statistics, and the holders' bank accounts remained unaffected.The switching system, which serves as a communication link between the bank's centralized banking solution and the payment gateways, came under attack.On a national scale, 400 cards were used, and there were 2,800 transactions total. The switching system was the target of the first malware assault on it in India, and as a result, the payment gateway and the bank were unable to communicate.The best course of action may be to harden the security systems by allowing only authorized users to perform their responsibilities .Any attempted unauthorized network access must be immediately reported in order to shut down all network access to the bank. Enabling two-factor authentication could also help to reduce risk.Potential weaknesses can be uncovered through testing, making the entire digital component of the banking system secure.

• ATM System Hacked in Kolkata
In July 2018, thieves gained access to Canara Bank ATM servers and stole about 20 lakh rupees from numerous bank accounts. There were more than 50 victims, and it was thought that they had the account information for more than 300 Indian ATM users.The hackers executed transactions with a minimum of INR 10,000 and a maximum of INR 40,000 per account using ATM skimming devices to obtain the data of debit cardholders.On August 5, 2018, two guys who were affiliated with a global gang that engages in skimming to obtain bank account information were detained in New Delhi.The security elements in ATMs and ATM monitoring systems can be improved to prevent any data misuse. By employing lockbox services to receive and move money discreetly, you may reduce the danger of skimming and thwart fraudulent activities. Unlike other forms of payment, this one utilizes an encrypted code.

• Cyberattack on Union Bank of India
In July 2017, there was yet another catastrophic cyberattack that raised everyone's awareness. One of India's largest banks, the Union Bank of India, was the target of the attack. When a worker opened an email attachment, the attack started. This email attachment included malicious software. It made it possible for the hackers to access the bank's computer system and take data from the bank. The email attachment was a fabricated message from a bank.The employee trusted the email despite the inaccuracies, which led to a malware assault that allowed hackers to access the bank's data and obtain Union Bank's access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT). International trade is conducted through SWIFT. Through the use of these codes, the hacker sent $170 million to a Union Bank account at Citigroup Inc. in New York.

• Personal Data Exposed from Just Dial Database
This incident was caused via an unsecured API end. One of the most popular local search engines in India, Justdial, let a loose end that made all of the information on its users' phone numbers, mobile devices, and web usage public.Name, email, phone, gender, and other information were exposed. The news that the API has been made public since 2015 is, reportedly, the shocking aspect.

• UIDAI Aadhaar Hacked
Everyone is aware that the Aadhaar card is the most significant and potent form of identification in India. In the government database, there are more than a billion pieces of data that are ready to be handled with strict security measures in place.But in 2018, a significant flaw put the vast data pool at danger. Major news portals have reported that a minor software patch has actually jeopardised the security of the data. Since Aadhaar was becoming the most potent system, there was a danger to national security. Speaking of the patch, it was cheap but had the potential to compromise the security of the system.The fact that an Indian citizen's bank account, pan card, mobile number, and a lot of other personal information were connected to their Aadhaar card made the whole situation terrifying.However, the organization in control of the data, The Unique Identification Authority of India (UIDAI), has refuted these claims. However, a number of recent reports and evidence might suggest otherwise.

• Cyber-attack on Air India
The largest airline in India, Air India, was the target of one of the largest cyberattacks in 2021. When hackers stole the private information of more than 4.5 million customers, including credit card numbers, passport numbers, and ticket information, Indian Airlines' security was jeopardized. The airlines urged that their customers update their passwords even though they made an effort to reassure them that their credit card information was secure.

Steps Taken by the Indian Government
• Individual Data Protection Act
The bill calls for the processing and storage of any important data pertaining to people who exclusively reside in India. It primarily emphasizes that while sensitive and important personal information about an individual should be retained locally, processing abroad is only permitted under specific circumstances. The measure also emphasizes holding social media corporations more accountable and asking them to address issues with the proliferation of offensive and irrelevant content online.

• Website review
The Indian government has taken steps to undertake an audit on all of its websites and applications in response to the growing number of government website hacking, data theft, email phishing, and privacy breach instances in the country. About 90 security auditing companies have been hired by the Indian government as part of this programme to evaluate the best information security techniques used to protect government data.

• CERT-In
The number of cyberattacks on government computers and networks in India has decreased because to the development of the Indian Computer Emergency Response Team (CERT-In), which runs the country's cybersecurity agency. Employees working in the technological departments of government sectors have benefited from the deployment of cybersecurity awareness and anti-phishing training across Indian government organizations and agencies in combating cybercrimes. In addition to educating the public on the danger posed by phishing attempts, CERT-In has released advisories and alerts regarding the most recent cyber defenses and vulnerabilities to combat them.

• Digital India Surakshith
India wants to improve its cybersecurity environment in line with its goal of becoming a digital nation. A campaign called Cyber Surakshith Bharat has been launched by the Ministry of Electronics and Information Technology. The National e-Governance Division of India is collaborating on this effort. India's governance structure has changed due to digitalization, it is essential to have competent government. With such a move, the government would raise public awareness of cybercrime and strengthen the ability of all Indian government organizations to secure their CISOs and front-line IT personnel.In addition to raising awareness, the first public-private partnership includes a series of workshops to provide experts with cyber security toolkits and encourage government personnel to fight against cybercrime.