Pages

27 December 2023

Mega data leaks, war hacktivism and India’s cyber rise: Top trends of 2023

Aakash Sharma, Subham Tiwar

As the curtains close on 2023, the world reflects on a year marked by rising cyber-attacks on critical infrastructure—especially by ideologically motivated and state-backed hacking groups from foreign countries—as armed conflicts expanded into the digital realm. According to a report, India detected an average of 761 cyberattack attempts every minute this year.

The Indian automobile industry emerged as the primary target of cyberattacks in 2023, followed by government infrastructure and the education sector, as reported in the India Cyber Security Threat report published by the Data Security Council of India (DSCI). Another report estimates that state-sponsored cyberattacks against India have surged nearly threefold, or 278 per cent, in three years.

An Android device experienced an average of three cyberattacks per month in India in 2023, the DSCI report revealed. The report notes that Telangana (15%) and Tamil Nadu (14%) were the most affected among all Indian states. Surat, India's diamond and textile hub, along with the tech city of Bengaluru, emerged as the top victims.

Top 10 Indian cities targeted by cyber attackers in 2023.

THE TREND

The first major publicly discussed cyberattack of 2023 targeted the servers of Delhi’s All India Institute of Medical Sciences (AIIMS) in June. However, attackers could not replicate the success they achieved in November '22, when they left the premier health institute's systems paralysed for 15 days—due to the deployment of enhanced security systems.

Though no conclusive, official data is available regarding the total number of cyberattacks this year, a report by Microsoft indicates India slipped to fifth place from second in the list of top nation-state victims. The Central government’s Indian Computer Emergency Response Team (CERT-In) reported 1.12 lakh cybersecurity incidents in the first half of 2023 against 13.91 lakh incidents in 2022 and 14.02 lakh attacks the previous year.

“The past year has seen Europe climb to the second-highest with 14 per cent of attacks, overtaking East Asia. The change is tied to geopolitical conflicts, with pro-Russian hacktivist groups intensifying their onslaught against Europe and the United States,” notes the Microsoft Digital Defense Report 2023.

CONFLICTS PROLIFERATE INTO DIGITAL WORLD

Cyberattacks on government institutions increased in August and September as tensions gripped the diplomatic world over whether India would follow Indonesia in condemning Russia’s war on Ukraine during its G20 presidency.
The DSCI report indicated that the number of detections of attack attempts was 30.96 million in August, which rose to 33.06 million in September. These attempts resulted in 1,070 cybersecurity incidents in August and 928 incidents in September.

“During this period, there was a marked increase in both the frequency and sophistication of cyber threats, contributing to the proliferation of criminal activities such as extortion, espionage, and fraud on a broader scale,” according to the DSCI.


More than 30 groups of hacker-activists, or ‘hacktivists,’ from neighbouring countries attacked more than 600 websites of government and private entities through DDoS attacks, defacements, and data leaks during the G20 Summit in September.

Government platforms were the most targeted, followed by the finance, technology, public, and education industries during the summit.

After the outbreak of the Israel-Hamas war in early October, pro-Palestinian hacktivist groups launched a coordinated attack campaign named #OpIndia against New Delhi for supporting Tel Aviv. The Pakistan-based hacking group ‘Team Insane PK’ spearheaded approximately 2,450 targeted cyberattacks, with over half of them being distributed denial-of-service (DDoS) attacks.

The campaign targeting government servers resulted in the compromise of 100 GB of sensitive data, as reported by FalconFeeds.

DATA BREACH

One of the most significant data breaches of the year affected Indian citizens when, on October 9, a user on Breach Forum claimed access to a staggering 815 million records containing Aadhaar and passport details, although the authenticity of the data could not be verified.

In January, hackers successfully acquired the email addresses of over 200 million Twitter users, raising concerns about the security of social media platforms and the privacy of user data. Verification of the data's authenticity remained unconfirmed in this case as well.

MALWARE AND DDoS ATTACKS

Around 400 million attempted malware attacks were detected in 2023, as per the DSCI, which also pointed out that malware was identified as the malicious element behind one in 38,000 detections. This ratio rose to one per 650 detections when it came to ransomware—a category of malware that gains access to systems and renders them unusable to their legitimate users unless a ransom is paid.


Out of the total malware detections, ransomware was identified behind 7.4 lakh suspected attacks, adware behind 15 lakh, and the cryptojacking method behind 52 lakh such attempts, says the India Cyber Threat Report 2023. While adwares refer to advertisements containing malware, cryptojacking involves unauthorised access to computers for cryptocurrency mining.

The automotive supply chain, government, and education are the top three industry segments with the highest malware detections per installation base across the industry.

Globally, file transfer service MOVEit and the UK’s postal service Royal Mail were among the biggest victims of malware attacks in 2023.

DDoS ATTACKS ON GOOGLE, AMAZON AND CLOUDFLARE

In October, Google reported the largest DDoS attack—a method that focusses on overwhelming a service to the point where it crashes. The cybercriminals sent 398 million requests per second to Google's servers in this attack by utilising the ‘HTTP/2 Rapid Reset’ technique. It was 7.5 times larger than the previous year's assault.

E-commerce giant Amazon and internet security and performance company Cloudflare also fell victim to a similar attack, exposing the vulnerability of servers to unauthorised requests. Grant Bourzikas, the chief security officer of Cloudflare, stated that the attackers utilised a botnet comprising approximately 20,000 machines while attacking the IT services company.

DDoS attacks were deployed in the ongoing Israel-Palestine conflict as well. When Hamas was launching rockets at Israeli cities following the October 7 assault, their sympathisers launched a DDoS attack on Rocket Alert, an application that sends alerts to residents in case of incoming rockets.

INDIANS FLEX CYBER MUSCLE

In 2023, the Indian cybersecurity landscape has made its presence felt across the globe, targeting entities and governments perceived as anti-India. In a report, US-based network performance service provider Netscout identified India as the fifth-largest source of cyberattacks, contributing 6.9 per cent of global incidents in 2023.

A Tata fund-backed firm, Indusface, stated that out of 2 billion attempted cyberattacks it analysed, more than 1.6 billion attacks originated from India in the third fiscal quarter of this year, registering an increase of 70 per cent over the previous quarter.

No comments:

Post a Comment