The Major Cyber Breaches In India

Blog Credit : Trupti Thakur

Image Courtesy : Google

The Major Cyber Breaches In India

Cybersecurity has become a critical concern in today’s digital age, and India is no exception. As technology advances and digital infrastructure becomes more prevalent, the number of cyber-attacks and incidents has been on the rise. Recently, data was presented in the Lok Sabha, shedding light on the extent of cyber threats faced by government organizations and financial institutions.

Government Organizations Facing Cybersecurity Challenges

According to the data presented in the Lok Sabha, government organizations in India encountered a staggering 1,12,474  cyber security incidents until June this year. This highlights the severity of the cyber threats faced by various government entities in the country.

Financial Institutions: A Prime Target

Financial institutions have always been a prime target for cyber attackers due to the valuable information and assets they hold. In 2019, financial institutions in India faced a massive 700,548  cybersecurity incidents, underscoring the gravity of the cyber threats faced by the financial sector.

Persisting Challenges for Financial Institutions

The challenges for financial institutions did not wane over the years. Up until June 2023, financial institutions reported a substantial 429,847 cybersecurity incidents, signifying the persistent nature of cyber threats to the financial sector.

Central Ministries/Departments and State Government Organizations

It is not only financial institutions and government organizations that face cyber threats. Central ministries/departments and state government organizations encountered a total of 36 incidents until June this year. In the previous years, the numbers were 54, 59, 42, and 50 for the years 2019, 2020, 2021, and 2022, respectively.

Despite advancements in digital infrastructure, data breaches persist, posing substantial threats to both government and private organisations. Safeguarding the data of millions of citizens and users is a humongous task. Governments around the world, along with corporations, struggle to ensure that user data is kept safe. However, no security is fool-proof as evidenced by reports of data leaks around the world.

Here are some of the major data breaches in 2023.

20% of cyberattacks on organisations come from within: Report

MOVEit cyberattack

In May 2023, a ransomware gang abused a zero-day exploit to compromise the security of over 2,000 organisations worldwide according to a report from Emisoft. These included New York City’s public school system, British Airways and BBC.

Threat actors used an exploit in Progress Software’s enterprise file transfer protocol, MOVEit transfer, to steal data from government, public, and business organisations.

The company released a patch for the vulnerability after the damage was done. IBM was sued as its servers were breached. The attack and its fallout also prompted the U.S. Securities and Exchange Commission (SEC) to require public companies to issue disclosures within four days of discovering a cybersecurity incident.

Aadhaar data breach of 815 million citizens, India

In October, Resecurity, an American cyber security company, said that the personally identifiable information of 815 million Indian citizens, including Aadhaar numbers and passport details, were being sold on the dark web.

While threat actors declined to specify how they obtained the data – without which the source of the data leak is difficult to ascertain – threat actors claimed they had access to a 1.8 terabyte data leak impacting an unnamed “India internal law enforcement agency”.

17,000 WordPress sites hacked

Over 17,000 WordPress websites fell victim to a campaign that exploited known flaws in premium theme plugins. The attack campaign utilised a flaw to inject Linux backdoors into websites to redirect visitors to fake tech support pages, phony lottery winnings, and push notification scams; these were likely part of scams or sold as a service to scammers.

The attack was reportedly active since 2017 and affected nearly one million WordPress sites. The attack campaign came in waves – six waves to be precise – all of which used unique tactics to avoid detection.

Targeted themes on WordPress included Newspaper and Newsmag, putting a substantial number of websites at risk.

Boeing data leaked after ransomware attack

Internal data from Boeing, one of the world’s largest defence and space contractors, was published online by a cybercrime gang which extorts its victims by stealing and releasing data unless a ransom is paid.

Cybercriminals, in October, said they had obtained “a tremendous amount” of sensitive data from the aerospace giant and would dump it online if Boeing didn’t pay a ransom by November 2.

After the deadline, hackers published the data on their website, with Boeing confirming that “elements” of the company’s parts and distribution business had experienced a cybersecurity incident. The company further said that while it was “confident” that the event did not pose a threat to aircraft or flight safety, it declined to comment on whether defence information or other sensitive data had been obtained by hackers.

Genetics testing company suffers data breach

In October, Genetics testing company 23andMe sent emails to several customers to inform them of a breach into the “DNA Relatives” feature that allowed them to compare ancestry information with users worldwide.

The email from the company came after a hacker advertised millions of “pieces of data” stolen from the company’s online forum. The company later confirmed that customers’ data was being sold by hackers. The company attributed the data leak to a credential stuffing attack.

Other noteworthy data leaks in India

The year 2023 also witnessed some major breaches in data security in India. Early in the year, train ticketing platform RailYatri confirmed that it suffered a data breach in December 2022, shortly after the Railway Ministry denied that user data being sold on the dark web was leaked from the Railways’ side.

Earlier in the year, an alleged leak in the CoWIN portal was reported, when a bot on the messaging platform Telegram was returning the personal data of Indian citizens. The data reportedly contained details including names, Aadhaar and passport numbers of individuals who registered with the COVID-19 vaccine network for vaccination purposes.

While the Health Ministry denied reports of a data breach, and said the allegations were “mischievous in nature,” it added that the Indian Computer Emergency Response Team (CERT-In) was reviewing existing security infrastructure of the portal. Later that month, a man and a juvenile were apprehended in Bihar for their involvement in the alleged data leak.

Despite denials and reviews by relevant authorities, these events underscore the persistent challenges in securing sensitive information.

 

 

 

Blog By : Trupti Thakur