The Rise and Spread of Cyberwarfare

We live in an age where cyber warfare is not a future threat – out of the sets of a sci-fi movie but a clear and present danger. In a broad context the term ‘Cyberwarfare’ is used to denote the use of technological force to invade and cripple computer networks in which information is stored, shared or communicated online. 

Cyber warfare involves the actions by a nation-state or international organization to attack and damage another nation’s computers or information networks through computer viruses or denial-of-service attacks. Over the last decade, cyber security has become a global problem.

According to cyber security experts nearly 25% of all cyber-attacks are carried out for espionage to steal another country’s secrets but the victim is often clueless about who did it and when, if at all they will strike again. Another form of espionage involves the use of botnet or spear-phishing attacks to gain a foothold in a computer before extracting sensitive information.

The end objective of cyber-attacks is to catch enemies off guard, and weaken their defenses without confronting them in the physical battlefield. Cyber-attacks are bloodless, cheaper and less risky than physical attacks. All that cyber criminalsrequire is a computer and an internet connection.

The worst part of the story is that besides being expensive, conventional wars need a lot of planning, manpower, resources and logistics – whereas data breach incidents are like child’s play and can be organized at short notice every month. 

Cyber-attack can compromise an organization’s key functions and processes within a matter of seconds. One such entity is the Bombay Stock Exchange, the world’s fastest stock exchange that processes more than three crore (thirty million) transactions a day and operates at a speed of six microseconds.

India ranks third– as the most cyber-attacked country– after the USA and the UK. India has been at the receiving end of a growing number of cyber-attacks at the citizen level, as well as in critical installations and many important personalities are frequent targets.

India is on the hit list of some very sophisticated cyber criminals and groups of attackers from around the world. Almost 26,000 Indian websites have been hacked into in the last 10-month period.

The Internet Protocol (IP) addresses of computers from where the attacks appear to originate belong principally to Algeria, Brazil, China, France, Germany, Hong Kong, Indonesia, Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey, USA and Vietnam.

● A few months back Prime Minister Narendra Modi’s Twitter account was compromised and a fake tweet was put out claiming that “India has officially adopted bitcoin as legal tender”● More than 11.5 lakh incidents of cyber-attacks were reported in 2021. ● According to official estimates ransomware attacks have increased by 120 per cent in India.● On October 12, 2020, Mumbai was hit by a massive power outage. Train services were canceled, water supply was affected and hospitals went without electricity till the crisis was resolved two hours later.● Likewise, malware was deployed against nine human rights activists to log their keystrokes, record their audio, and steal their personal credentials.

This clearly shows that – no matter who you are – no organization or individual is safe from cyber-attacks. Cyber-attacks are not stray incidents and they are becoming increasingly common, everyday occurrences. Today not just government departments but power companies, oil and gas majors, telecom vendors, restaurant chains and even diagnostic labs are vulnerable to cyber-attacks. In a vast number of cases cyber-attacks are carried out by distributing compromised apps through parallel stores. These malwares and Trojans ‘silently’ infringe on the privacy of the users without being detected.

Last year several Government websites were hacked and the COVID-19 lab test results of thousands of Indian citizens were made publicly accessible on Google. Cyber criminals penetrated the computer systems of Geneva-based air transport data giant SITA and leaked the personal data of 4.5 million passengers. Likewise, the personal details of 190,000 students who appeared in a Common Admission Test were ‘stolen’. Similarly, the names, phone numbers, email id and credit card information of 180 million Domino’s India customers who ordered pizza orders were stolen and leaked. Apart from this, the data of 250 employees of the company working in IT, Legal, and Finance were also compromised. The hacker apparently sold the data to a reseller who posted the details on the dark web.

This is just a tip of the iceberg. Domino’s India isn’t the last Indian company to be hacked and prior to this the computer networks of BigBasket, Unacademy, Juspay, and WhiteHat Jr among others have been breached. Juspay processes the debit and credit card payments for companies like Amazon, Swiggy, MakeMyTrip among others. Though, luckily the leaked information does not include card numbers, PIN or password, cyber-attacks are mostly unreported and the number may be much larger than is publicly acknowledged.

In fact, any organization that possesses sensitive data or relies on real-time computation is a potential target of a cyber-attack.

Over the last couple of years, the world has become more digitized due to increased use of mobile phones, personal computers, and other e-devices. As a result, a vast amount of data is being generated and the bulk of our information and financial transactions has moved online. With most employees working from home, the number of cyber-attacks has increased around 300% in the last year.  According to an estimate Indian companies alone might have suffered losses of more than ₹1.25 lakh crore due to ransomware, malware, and other security breaches.