NEW DELHI:The war on black money has provoked a vicious counter-war against India’s net security. Between December 9 and 12, at least 80,000 cyber attacks targeted Indian networks, exposing the risks faced by the government’s cashless campaign.
According to top intelligence sources, till November 28, the average of two lakh vulnerabilities per day increased to five lakh, climbing to six lakh by the first week of December. The threat from online guerilla outfit Legion—which claims to have accessed over 40,000 servers in India—to paralyse the banking system has prompted a 360 degree security audit of all information infrastructure including the financial networks.
“Between November 22 and 26, we observed 3,35,000 attacks on Indian networks by the cyber hackers from China, Pakistan, Singapore, the US, Russia, Romania, Ukraine, Dubai and Sweden,” intel sources said. These have originated from lesser-known groups like Suckfly, Lazarus, Odinaff and Danti. Interestingly, an intelligence note reviewed by The Sunday Standard warns against the technical vulnerability of mobile phones, too.
“They are equally vulnerable to malware attacks and data leakages as ordinary Internet connected computers. Android and iOS platform-based smart phones are known to have multiple vulnerabilities which are being widely exploited by the attackers and adversaries,” said the note.
According to cyber security firm Kaspersky Lab, India ranks seven among the top 10 countries attacked by mobile malware. Mobile banking Trojans like ZeuS are the most common malware used by hackers to steal money from bank accounts.
“Earlier, criminals used to crack banks. But it’s too expensive, complicated and risky. Now, they defraud Internet users by stealing money from them and unfortunately they are very successful in doing that,” said the lab report.
Sources said the Indian cyber security apparatus is focused on countering unstructured enemies like individuals, un-targeted malicious software and human error. There is very little protection against structured adversaries like big hacker groups and cyber warriors sponsored by state actors like China, which increasingly target computers and smart phones. A former officer of the National Technical Research Organization (NTRO), V K Mittal, said the existing Internet security architecture is inadequate to completely shift to digital economy.
“The existing phones provide software based security and not the hardware which simply means that they can be easily exploited. For the digital economy, the infrastructure must be strengthened by the agencies,” Mittal said.
A report from cyber security firm Symantec reveals that India is heavily affected by cyber threats and figures among the top 10 affected countries. The note said “the cyber criminals could be located anywhere in the world and they can target a particular user system or a particular service… It is extremely difficult to prove whether the cyber criminal is an individual a gang, a group of state actors or a nation state.