India has faced increased cyber-attacks from China and Pakistan since the nationwide lockdown was imposed end-March and the country continues to encounter threats from malware that communicates with Chinese servers, government officials and cyber security companies told ET.
Most of the hackings are through phishing emails, malicious advertisements on websites, and third-party apps and programs, experts said.
Healthcare services and educational institutions have been the targets, said Sanjay Bahl, Director-General of the Indian Computer Emergency Response Team (CERT-In), India’s nodal cyber security agency.
“Because of the pandemic, healthcare services and academia are the new spaces which are emerging as targets for malicious cyber actors, while the usual areas such as critical infrastructure, government, financial services, continue to be on their radar,” Bahl said.
Covid-19-themed malware, including ransomware, and Covid-19-based domain-led infections have also increased.
“Because of this lockdown, phishing and spear phishing attacks have increased; since users are sitting at home, logged in to their devices most of the time, it is easier to lure them and they are falling prey to such attacks,” he said.
Citizens have been urged to report cyber security incidents to the Indian Computer Emergency Response Team (CERT-In).
In the last few week, Pune-based Quick Heal Technologies has detected calibrated attacks — targeting India’s critical infrastructure — which communicate with ‘command and control’ servers based in China.
“Crypto Miners and Remote Access Tool (RAT) malware, are being dropped on victim computers as part of these attacks, enabling remote administration and extensive interactions with those devices,” said Himanshu Dubey, Director of Quick Heal Security Labs.
Pakistan has also made attempts to infiltrate Indian defence networks from March, through a group called APT36, Dubey said.
APT36 is believed to be a Pakistan state-sponsored threat actor targeting defence organizations in India. Dubey said the attacks were aimed at stealing sensitive information.
China-based attacks on India peaked in March and have declined to levels similar to those seen in February, said Aamir Lakhani, Global Security Strategist of California-headquartered Fortinet.
CERT-In has issued more than 35 advisories and 200 vulnerability notes since March. These include advisories for citizens.
It has also been providing threat intelligence reports to Chief Information Security Officers so that they can put in place appropriate measures to secure their digital infrastructure.
Sectoral Certs, such as Fin-Cert and four Power-Certs, have also issued such advisories, according to Bahl of Cert-In.
The main targets of attacks against India appear to be government organisations, the national IT infrastructure and the banking sector, said Bengaluru-based startup SignDesk, which creates automation tools for the Banking, Financial Services and Insurance (BFSI) sector.
“These entities have become more vital than ever to the nation in our current situation and they are increasingly becoming prime targets for attack,” said Ashok Kadsur, co-founder of SignDesk.
Effective cybersecurity is a shared responsibility involving people, processes and technologies, Bahl of CERT-In said.
“The people are the weakest link and if that’s made stronger through awareness and sensitisation our defence will be better.”