Cyberattacks in ‘Digital India’ make country look like a ‘House of Cards’, say experts

cyberattack-India

In the last year alone, cyberattacks in India burgeoned three-fold to 1.16 million

Neeladri Bhattacharjee | April 15, 2021

“It takes ten seconds to crush a man’s ambitions,” Frank Underwood had once said. Hackers, during cyberattacks, take less than that, and here, we are talking about people’s data – phone numbers, passwords, bank details, precisely everything.

In India, every 1 in 4 individuals use weak passwords, according to cybersecurity firm Kaspersky. Extrapolating it for the country’s total population, nearly 345 million Indians remain susceptible to cyberattacks at a time when the government is pushing for Digital India.

The most commonly used password – 123456, followed 12345678 (according to NordPass, a password management service).

As a result, it was no surprise as India became subject to one of the highest number of cyberattacks in Asia Pacific in 2020. Some of them were global attacks with India as a subset, while some had India at the cynosure.

Cyberattacks : What are they?

Before running into specifics, the definition of a cyberattack needs to be cleared. The Oxford dictionary defines cyberattack as “the act of trying to damage or destroy a computer network, computer system or website by secretly changing information on it without permission”.

Prominent cyberattacks in India recently

Maharashtra power grid attack: Maharashtra suffered a power-grid failure in October 2020, which was solved within a few hours. However, investigating the power outage, Maharashtra Cyber Cell found out that there it was a cyberattack.

The report submitted by them mentions that 14 Trojan Horses and 8 GB of unsubstantiated data was installed in the Maharashtra State Electricity Board (MSEB) system. Sources of the malware installer remain unverified.

This has been supported by cybersecurity firm Recorded Future, who have attributed most part of the attack to China-sponsored hacking group Red Echo.

Mobikwik Data Breach: Five years after demonetization, even small shops have shifted to digital method of payment. Among several e-wallets such as PayTm, PhonePe and Google Pay, MobiKwik is another e-wallet and online payment platform with over 50 million downloads in India.

Last month, an 8.2 TB database of 9.9 crore Indians from MobiKwik’s servers were stolen and put up for sale on dark web for 1.5 Bitcoins or $86,000. The leak was first found by cybersecurity analyst Rajashekhar Rajaharia and substantiated by French hacker Robert Baptiste, who goes by the pseudonym Eliot Alderson.

MobiKwik, however has denied the claims and have put the blame on its customers in an official statement on Twitter.    

Facebook Data Breach: Facebook suffered one of the largest data breaches in history as 533 million records from its server were put in public domain this month. Initially put up for sale in Dark Web, the data set was made public in a low level hacking forum for free.

The data set has Egypt as the most affected country, while 11 million Americans and 6 million Indians were in that list, with their contact details such as email addresses and mobile numbers out in the open for public access.

Mark Zuckerberg, the founder of Facebook himself was in the list as well. The data however had no direct potential for targeted attacks, said Troy Hunt, the founder of security website www.haveibeenpwned.com .

Facebook has, like MobiKwik, denied all allegations of a data breach calling it mere ‘scraping’ and not data theft or breach.

Mike Clark, the company’s Product Management Director has instead put the onus on its customers, asking them to do regular privacy check-ups on their profiles and updating “How People Find and Contact You” settings.  

Solutions and what should you do?

“Use two-step verification and use it as much as possible,” says Souvik Mal, a cyber security analyst at National Cyber Security, “Most mobile applications now have a provisions for a two-step verification. One just needs to enable it and they can be safe on their end.”

“Tech Companies too have to take some responsibility and work on security,” he added. In fact, they are working on the same.

According to a recent forecast by research firm Gartner, spending on information security is expected to reach $2.08 Billion in 2021, a 9.5 increase to that last year, while cloud security is expected to see a growth of over 250 percent.

Sandeep Sengupta, the Managing Director of Indian School of Ethical Hacking said that government laws were also a necessity in India. “We do not have a concrete data protection law in India, unlike Europe, which has the General Data Protection Regulation (GDPR). Without proper legislation, a large scale attack and we’ll fall apart like a house of cards,” he said.

As the world continues to work from home, the importance of data security has become of the most crucial issues every country must look into. As India pushes its Digital India initiative ahead, it must fill in important gaps in its data ecosystem until it is too late – sooner or later.

cyber-attack-comic