Firstly we need to understand that what a cyber-attack is- A cyber-attack can be defined as the malicious activity or planned attempt by any organization or an individual to steal or corrupt the information of the system of another organization or individual. Cybercriminals or hackers generally use various methods to attack the system; some of them are malware, ransomware, phishing, denial of service, and other method.
Malware can be known as malicious software, which includes spyware, viruses, worms, and ransomware. Malware violates laws and launches a network through a vulnerability, generally happens when a person clicks on a minacious link or email attachment that then installs the risky software into your system without your permission. Once this software attacks your system, the malicious software can manage to do things such as installing some more malicious and additional harmful software, can obtain and spy all the information present on the hard-disk, can disrupt some component of the system, and can block your access to manage some important components of a computer network.
It is a cyber-crime in which a target receives an Email, telephonic call, or a text SMS by someone who pretends to be a lawful organization or institute to lure the targets into providing essential data and sensitive information such as banking details, credit card, and debit card details, personal information, and various account passwords. Then these details are used by the attacker to access the information-which can further result in financial loss, cyberbullying, cyber blackmailing, and identity theft.
This cyber-attack is also known as eavesdropping, takes place when attackers insert themselves in between transactions of two-party. Once the attacker interrupts the traffic, they can rectify and steal information. On less secure public Wi-Fi, attackers can indulge themselves between a visitor device and the network through the same Wi-Fi connection. Without having an idea, the user passes all information through the attacker- after the malware reaches inside the device, the attacker can install the malicious software to steal all of the victim data.
DoS is a cyber-attack that is meant to shutdown a server, networks, and machines by making it inaccessible to its right users. DoS floods the target with traffic, or it just sends the irrelevant information that triggers a crash of the server or network. Sometimes attackers can also use multiple compromised devices to attack. This is known as Denial-of-service (DoS).
Structured Query Language Injection is a cyber-attack that takes place when the attackers insert the malicious coding inside the server that takes over the SQL and forces the system server to disclose the crucial information and data. SQL Injection destroys the database, and the attacker can modify or delete the data stored on the database, causing persistent changes to the application behavior or content.
It is the most damaging DNS attack. Domain Name Systems turns into a hacking weapon. DNS tunneling is a cyber-attack where the hacker or attacker encodes the information of other protocols or programs in DNS queries and responses. DNS tunneling generally holds data payloads-which can be added to an attacked DNS server and is used to control applications and remote servers.
Reasons Behind Cyber-Attacks
- To gain business financial details.
- To gain customer financial information (for example- Bank details).
- To gain product design or trade secrets.
- To gain login credentials and email addresses of various customers or staff.
- To gain or steal sensitive personal information.
- To make a social or political point.
- To destroy a business competitor.
- For financial gains.
Cyber-warfare: It is a war caused on the Internet to leak out information.
Cyber-Attacks In India
According to the latest report, India has seen a 37 percent rise in cyber-attacks. India now ranks 27th globally in the number of cyber-attacks and 11th worldwide in the number of attacks caused by servers which were hosted in India, which accounts for 2,299,682 in number in 2020 itself as compared to 854,782 number of cases detected in 2019, which contains cases like leakage of data, connection to unsecured Wi-Fi networks, spyware, phishing attacks, and applications having weak encryption are some of the common mobile threats that are faced by the android user.
According to a report by cyber-security CISCO, 53% of all cyber-attacks that happened in India led to financial damages of more than ₹3,70,12,500 for organizations in 2018.
Biggest Cyber-Attacks In India
SIM Swap Scam
In Mumbai, two hackers were arrested for transferring almost 4 crore rupees from various bank accounts in August 2018. They illegally transferred money from the bank accounts of numerous individuals just by gaining SIM card information. Both the hackers blocked individual SIM cards, and with the support of fake documentation, they pulled out transactions with the help of online banking. Various company accounts were also in the target.
Hacking of Indian Healthcare Websites
In 2019, Health Care websites became the target of cyber-attack. As confirmed by US-based cybersecurity firms, hackers broke in and invaded a leading India-based healthcare website. The hackers were able to steal the information of about 68 lakh patients as well as doctors.
Hacking of UIDAI Aadhaar Software
In 2018, around 1.1 billion Aadhaar cardholder personal information was breached. According to data by UIDAI, more than 210 websites leaked the essential Aadhar details online. Data leaked included Aadhaar, mobile numbers, PAN, bank account numbers, IFSC codes, and mostly all the personal data of all individual Aadhaar cardholders. If it was not quite shocking, some anonymous hacker was selling the Aadhaar information of individuals for 500 rupees through WhatsApp.
ATM System Hacked
In 2018, cyber attackers targeted the ATM servers of Canara Bank. Almost around 20 lakh rupees were stolen from various accounts of Canara Bank account holders. There were around 50 targets estimated according to information provided by the source. The cyber attackers were able to steal the ATM details of around more than 300 account holders. Hackers were using skimmed devices to wipe out the information from debit cardholders. The transactions made by hackers from various accounts amounted from 10,000 rupees to a maximum amount of 40,000 rupees.
Cosmos Bank Cyber Attack in Pune
Attacked by hackers in the year 2018. The cyber-attackers pulled off almost 94.42 crore rupees from Cosmos Cooperative Bank, which shook the entire banking sector of India. Hackers were able to steal huge amounts by hacking the ATM server of the Bank and gathering the information of debit cardholders and visa details. Hackers from around 28 countries immediately withdrew all the money as soon as they were informed.
Cyber-Security Measures In India
In the road to creating a cyber-secure nation for all individuals and businesses, the Indian Government has reportedly set to disclose its cybersecurity strategy policy in January 2020 to achieve the target economy of $5 trillion.
With the increase in the number of breaches emerging in the country along with government websites getting hacked, the importance of developing a secure framework for all government organizations has never been crucial.
Steps Taken By Indian Government Towards Cyber-Security Strategy In 2020
Personal Data Protection Bill
The bill implies the processing and storage of any critical data related to individuals living only in India. It majorly states that the sensitive and essential personal information of the individual should be stored locally; however, it can only be processed abroad under some terms and conditions. The bill also focuses on making social media companies more accountable and urging them to solve issues related to the spread of irrelevant and offensive content on the internet.
Surrounded by the rising number of government website hacking, data theft, email phishing, and privacy breach cases in India, the Indian government has taken initiatives to conduct an audit on all of the websites and applications of the government. Under this initiative by the Indian government, around 90 security auditing organizations have been enlisted by the government for auditing the best practices of information security of the Indian government data.
The advancing Indian Computer Emergency Response Team (CERT-In), which is responsible for operating the national agency for handling cybersecurity, has helped in decreasing the rate of cyber-attacks on government networks and servers in India. The implementation of cybersecurity awareness and anti-phishing training across Indian government organizations and agencies has assisted employees working in government sectors in fighting cybercrimes. Apart from spreading awareness of the hazard caused by phishing attacks to the public, CERT-In has issued advisories and alerts regarding the latest cyber countermeasures and vulnerabilities to counter and tackle them.
Cyber Surakshit Bharat
India aims to strengthen the cybersecurity ecosystem in coordination with the government's vision for making Digital India. The Ministry of Electronics and Information Technology has come up with the Cyber Surakshit Bharat movement. This program is in association with the National e-Governance Division of India. Indian governance system has transformed digitalization rapidly; therefore, the requirement of good governance is important. With such an initiative by the government, there would be an increase of awareness against cybercrime and building the capacity for securing the CISOs and the frontline IT staff across all government organizations in India. Apart from just awareness, the first public-private partnership also includes a series of some workshops to make government employees fight against cybercrimes and help professionals with cybersecurity health tool kits to take down cyber threats.