India needs to beef up its cyber defence capabilities, in the light of a relatively higher number of inbound cyber-attacks from China, days after the deadly June 15 night brawl in the Galwan Valley, said Kumar Ritesh, CEO of Singapore based cybersecurity research firm Cyfirma.
It has noted a 300% surge in Cyber-attacks till about last week. Earlier, the number of attacks was lower and concentrated around just a few companies. Now threat for security has grown manifold covering a wide variety of companies, especially more public sector units (PSUs).
The hackers are also said to be planning to target central government ministries like the ministry of foreign affairs, ministry of defence, and ministry of information and broadcasting.
Are We Already in the Middle of Cyber Warfare?
Recently, massive cyber virus attack brought down the National Highways Authority of India (NHAI)’s systems including servers, email and IP phones for nearly 24 hours on Monday (29 June), reports Times of India.
As per a statement issued by the NHAI, the attack came into effect on Sunday night. The systems were shut down immediately upon detection of the attack from a safety point of view and have now been restored.
Singapore-based Cyfirma found that nearly 40,000 cyber-attacks have been launched, in the last six days. China is aggressively pursuing a diverse range of tactics — from cyber-attacks to recruiting insiders for economic espionage, Indian security agencies have warned. However, such attempts have not generated a catastrophic impact in terms of damaged infrastructure as of now.
“In our research, these cybercriminals are looking at the defacement of websites using weaknesses in the web application, data exfiltration (sending data from the host system to the hacker’s) using specialized malware, denial of service, impersonating companies’ website and launching malicious phishing campaign,” Ritesh explained.
Who are the Chinese Hackers?
Cyfirma has found that suspected hacking groups include Gothic panda and stone Panda, two well-known hacking groups with direct affiliation to the PLA. Almost 93 per cent of Chinese hacking groups are funded by the People’s Liberation Army or the Chinese external affair ministry, said Ritesh.
Gothic panda, the Chinese threat actor group has targeted aerospace, telecommunication, transportation, and manufacturing sectors of other countries in the past. Meanwhile, Stone panda is involved in stealing international trade secrets from countries such as India, Japan, Canada, and the United States.
Chinese state-sponsored hacking groups are one of the largest in the world. They first started in the 1990s and have grown bigger over the years. Chinese threat actors supported by the state government include scientists and hacktivists. These groups are made up of intelligence operatives and patriotic hackers.
An apocryphal story from China is that the next thing a child is taught in school after the Marxism-Leninism is computers. China, which is increasingly emerging as the fount of cybercrimes in the world, has long been recruiting young-adults; following the footsteps of Israel Talpiot program, which, launched in 1977 to boost the country’s technological prowess.
How Cyfirma uncovered Chinese hacker’s plot to target Indian Cyberspace
“The whispering in the dark web and hacker forums have increased in volume & intensity with actual mentions of Indian targets,” reportedly said Kumar Ritesh. He also pointed out a discussion in the ‘dark web’— (part of the internet that is not indexed by search engines) about teaching India a lesson, especially media houses that have been critical of the Chinese army.
“As of last night, in last 24 hours, we have noticed a list being put up by hackers on a dark web forum to target following media houses include Times of India, Republic TV, NDTV, Hindustan times, X-TV, Aaj Tak and Dainik Jagran,” he added.
According to Cyfirma, a host of companies that are part of the target list include Jio, MRF Tires, Sun Pharmaceutical, Airtel, Cipla, Intex Technologies, Hero MotoCorp, Dabur, Apollo Tires, SBI, ICICI Bank, Air India, LIC, Nuclear Power Corporation, Indian Oil, Amul, Karbonn Mobiles, Micromax, BSNL, HAL, SAIL, Wipro and others are being targeted by Chinese hackers.
Cybersecurity firm Cyfirma said it had alerted the Indian Computer Emergency Response Team (Cert-In), the country’s nodal cybersecurity agency, for cyberattacks, and some of the firms whose names were on the list.
Meanwhile, the Reserve Bank of India (RBI) has issued a warning to ensure safety while transacting online. “In recent days there are reports of users falling prey to fraudsters who are luring them on fictitious pretexts, such as alleged completion of KYC requirements, impersonating identities and websites of banks and payment system operators, etc,” the central bank said in a statement.
Is India prepared for the fifth-dimension of war
In today’s economic climate, no one can afford physical war. War is waged in the form of cyber, trade, & potentially supply chain conflicts. “calling cyber warfare a fifth-dimension of war after land, air, water, and space”, Lt. General (retd.) D.S. Hooda told IANS that India is ranked third in terms of facing cyber warfare but comes at 23rd position when preparedness to deal with them.
India’s defensive posture is rational albeit short-term. A robust response to this conundrum would be to make serious improvements in India’s defence posture.
The announcement of Defence Cyber Agency in March of last year is a promising start but such an initiative may be insufficient to deter China given the meagre spending devoted to cyber defence.
Steps to be taken
Part of the problem is that India is trying to go at it alone, according to an article published in The Diplomat that said the creation of a multi-nation cyber coalition (MNCC), a common defence partnership for countries in Asia to bolster cyber co-operation against a common-foe.
India’s efforts to ramp-up cyber defence would have a better, long-term deterrent capability if the country joined forces with other countries such as Japan, China’s enduring rival, and countries that are at the highest risk of attacks from China, according to a Cyber policy analyst.
China’s Cyber-attack strategy
“Cyber-attack is part of China’s strategy in the event of war, and that the country executes it in three phases,” explained Jayadev Ranade, a Security Expert and President of Centre for China Analysis & Strategy, in an interview to The Quint.
Phase 1 of China’s attack involves destroying command and control systems in the military. Phase 2 attacks involve destroying civil networks such as electricity, railways, hospitals and Phase 3 of attacks involve destroying the rest of the networks, such as financial institutions. China has not spared anyone in this matter and is also cyber spying against America, added Ranade.
According to security expert Jayadev Ranade, “India is prepared to deal with cyber-attacks, although we have delayed it. Ranade believes that as long as we keep buying routers, chips, etc from China, we will keep giving them kill switch to enter into our critical communication system. Despite risks, India’s response has been one of restraint, or what might amount to turning the other cheek.