Cyber Attacks In India Surge In Post Border Face Off

Sujha Sundararajan

August 8, 2020

The clashes between Indian and Chinese troops at Galwan valley that took the lives of soldiers from both sides, and have led to increasing cyber threats and attacks on Indian establishments in cyberspace as well.

In a post-covid scenario, businesses are forced to go digital that give ways to whole new attack vectors, at a time when private applications and systems are available outside the protected corporate network for those who are working from home.

CYFIRMA, a Singaporean threat discovery and cybersecurity firm, issued early warnings in June regarding its observations on rising cyber threats on the dark web by hacker communities due to the Indo-China border faceoff.

According to the research, hackers on the dark web discussed extensive target lists including government agencies and private companies. The hackers’ intentions were obvious to exfiltrate sensitive data and create brand and reputational damage.

“Hackers’ motivations are centered around smearing India’s reputation, to cause productivity loss, create operational damage and seek financial gains,” a CYFIRMA spokesperson told ABR.

Government websites that were on the list of perpetrators were Ministry of Defence, Ministry of Foreign affairs, Ministry of Information and Broadcasting and Nuclear Power Corporation.

Apart from government websites, the target list had names of major banks like UCO, ICICI and State Bank of India; Air India, Wipro, Amul, Life Insurance Corporation, Asian Paints, among others.

“The targets may not be limited to the lists published as the threat has increased. Hackers could be planning a nationwide cyber attack,” the company’s warnings noted.



As a result, CYFIRMA has sent out an urgent action notice to CERT IN, the national nodal agency for responding to computer security incidents, to send out a public advisory to all, given the scale of the potential cyberattack.

The cyber criminals also expressed frustration with India and statements such as “teach India a lesson” and “this is one nation who doesn’t listen to us” were observed on the dark web.

CYFIRMA noticed two target lists put up by the cyber criminals on the dark web chat. The first list mentioned names of media houses including Times of India, NDTV and Republic TV.

While, the second list had names of telcos such as Airtel, pharmas including Cipla and Sun Pharmaceutical, smartphones like Micromax, tires including Apollo and MRF, and construction companies such as L&T.

“We have been monitoring India cyber threat profile for the last six months. We saw a huge escalation in hackers’ interest towards Indian government agencies and conglomerates from February onwards,” CYFIRMA researchers said.

Upsurge in Hacks

CYFIRMA researchers noticed an increase in cyber attacks mainly because India has become an attractive target due to certain reasons. Lack of cybersecurity maturity that can be exploited by hackers, geopolitical situation especially coming from China and Pakistan, Indian IT firms having customer and personal identifiable information, are some of the factors behind it.

“Industries which possess huge personal and customer identifiable information, such as telcos, online retailers, and financial institutions are attractive targets for hackers,” they said.

Financially-backed and motivated cyber attackers are particularly interested on Indian government organizations and private companies. Researchers noticed that these hackers are mostly state-sponsored actors coming from China, Pakistan and North Korea.

“Geopolitical supremacy, war hysteria and historical differences will spur state-sponsored hackers to accelerate their cyber-attack campaigns,” CYFIRMA’S spokesperson told ABR. “We will notice corporate espionage using multiple attack vectors, and a range of tactics including phishing, malware, and ransomware.”

The Criminal Masterminds

Researchers uncovered that Chinese hacking groups ‘Gothic Panda’ and ‘Stone Panda’ are behind the master plan to target Indian government and private websites. A clear set of Initial Coin Offerings (ICOs) were predominantly used for hosting command and control (C&C) centres, malware and malware hashes, attributing to these hacking groups.

The perpetrators intended to:

  • Exfiltrate data using specialized trojans,
  • Deface websites using weakness in web applications,
  • Launch malicious phishing campaigns and mimic companies’ websites, and
  • Denial of service

The malware masterminds’ shared IP addresses were mostly attributed to Gothic Panda and Stone Panda. These are prolific Chinese threat actor groups that have targeted aerospace, defense, construction companies, telecom, transportation and manufacturing sectors in the past.

Stone Panda for instance, has traditionally shown interest in stealing international trade secret and supply chain information from various high-tech firms across India, USA, Canada and Japan.

Better Safe than Sorry

When ABR reached out to CYFIRMA’s researchers for better solutions and prevention of such attacks, they said that businesses must build a basic level of cyber hygiene by focusing on 4 pillars – people, technology, process and governance. Businesses must secure themselves for post-covid world, beyond blocking IP addresses and hashes.

Few steps for prevention:

  • Companies and government departments must educate people about cyber threats and risks,
  • When it comes to tech, these firms must use good anti-virus, VPN solutions, web control and must incorporate a layered defense approach by bringing in gateway-based security solutions.
  • Businesses must perform threat profiling and creation of the threat segmentation process as well as keep core content encrypted and data backed up daily.
  • Incorporate good Cyber threat visibility and intelligence program.

“Cyberattacks are expected to increase exponentially in volume and sophistication, yet defenses remain rudimentary,” cyber analysts from the Singaporean cybersecurity firm stated.

Addressing lack of cybersecurity skills and resources is a key challenge for organizations to curb such cyber hacks. Organizations must optimize resources further and bring in skills such as threat hunting and cyber intelligence research, as well as management positions.

“This would call for a change in cybersecurity strategy, pivoting towards an intelligence-based approach to managing cyber risk,” they spoke.

Improving the regulatory environment by making incident reporting mandatory, enforcing data privacy and protection policy, attack vector assessment, are few other steps that can curb cyber attacks.

India Bans Chinese Apps, What Next?

India is on sound legal ground in citing national security to ban those Chinese apps as they pose a clear security threat at a time when both the troops are facing off at the Line of Actual Control.

The government banned 59 mobile apps last month as they are engaged in what the Ministry of Information Technology calls as “prejudicial to sovereignty and integrity of India, defense of India, security of state and public order.” The banned Chinese mobile applications include TikTok, ShareIt, UC Browser, Kwai, Baidu Map, WeChat, Weibo, Cam Scanner, among others.

According to an official, the government had considered every aspect before taking this decision. The spokesperson said, “these apps have been there for a long time, and there are some privacy and security issues with them including risks of data going out of the country.”

In line with Prime Minister Narendra Modi’s “Vocal for Local,” – to use domestically made products, and promote them – Indian startups are already coming up with new apps that can fulfill the demands met by those banned apps.

Speaking at a webinar last week, Union IT minister Ravi Shankar Prasad said that “200 new mobile applications have come” after the prime minister had asked for new Indian-made apps.

This is a ‘welcome move’ for cybersecurity experts as they see it as an opportunity to develop Indian alternatives leveraging the country’s IT strengths.

They also say that this move is only a start and would follow greater scrutiny of companies, device makers and apps with exposure to China, which can trigger such attacks.

Indian cyberspace is on high alert owing to increased security risks from the border face off with China. Cybersecurity experts noted that in the near future, the government is planning to monitor and focus on banning companies that are funded by Chinese investors.

“Banning Chinese apps is possibly a pre-emptive step to what could be large-scale surveillance,” Siddharth Vishwanath, leader of cybersecurity at PwC India, told EconomicTimes.

Sources: CYFIRMA, TimesOfIndia, PressInformationBureau, IndianExpress, EconomicTimes

Follow Asia Blockchain Review on:

About the author
Sujha Sundararajan

Contributing Author

Sujha has been writing and reporting on cryptocurrencies and blockchain technology developments since 2014. Her work has appeared in CoinDesk, CCN, EconoTimes and Fintech News Malaysia. She is also an accomplished Indian classical singer and loves baking cakes.

    Related Article
    Blockchain Enables Verification of COVID-19 Immunity
    Given the virus is not going to disappear in a hurry and we are some time away from vaccinating the ...

    November 21, 2020

    Illicit Cryptocurrency Activity: A Concern
    Market regulators such as SEC has accepted cryptocurrencies as a financial instrument and are consta...

    November 20, 2020

    IBM Using Blockchain to Help Businesses Reopen during COVID-19
    IBM’s healthcare unit, IBM Watson recently announced that they will soon be launching an app to supp...

    November 20, 2020

    Canadian Pacific Railway Collaborates with TradeLens
    Canadian Pacific Railway recently collaborated with TradeLens in a bid to improve its efficacy as an...

    November 19, 2020

    We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us