The Covid-19 pandemic has given hackers a whole new set of vulnerable businesses to attack in India.
Though banking, financial services, and insurance (BFSI) remained the industry most targetted by cyberattacks in 2020—facing 60% of the total threats globally—the sectors that were working tirelessly to battle Covid-19 also came on hackers’ radar.
In India, “manufacturing and pharma companies have become big targets over the last year, primarily because of supply chain focus around new initiatives to combat Covid-19,” Sudeep Das, technical leader of IBM Security for India and South Asia, told Quartz.
In 2020, India was the second-most attacked country in Asia after Japan, accounting for 7% of all attacks worldwide, data show.
The trends in India are in line with what’s happening across the globe. Cyberattacks on healthcare, manufacturing, and energy worldwide doubled from the year prior, with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains, according to IBM’s 2021 X-Force Threat Intelligence Index released on Feb. 24.
IBM monitored over 150 billion security events per day in more than 130 countries.
“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organisations were pushed to the front lines of response efforts for the first time—whether to support Covid-19 research, uphold vaccine and food supply chains, or produce personal protective equipment,” said Nick Rossmann, global threat intelligence lead at IBM Security X-Force. “Attackers’ victimology shifted as the Covid-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness, and persistence of cyber adversaries.”
Sectors under cybersecurity threat
India saw some high-profile cyberattacks that were targeted at the pharmaceutical sector, particularly at companies that are working around coronavirus-related vaccines and medicines.
For instance, Hyderabad-based Dr. Reddy’s, which was conducting trials for Sputnik V and is eventually supposed to distribute the Russian vaccines, was a victim of a data breach in mid-October. A fortnight later, Mumbai-based pharma company Lupin, which was producing favipiravir—a drug prescribed by doctors to treat mild to moderate Covid-19 symptoms—faced a similar attack.
In October, Bengaluru-headquartered edtech firm Edureka reportedly suffered a breach that exposed the data of 2 million users. In November, a security researcher found that a bug in the coding platform WhiteHat Jr had left the personal information of 280,000 users exposed.
Beyond large-scale attacks on enterprises, individuals were being targeted.
Of vaccines and working-from-home
Most of the cyber attacks were reported between May and July, as per IBM. While Covid-related online attacks likely began in the months before, too, that’s when they grew big enough to be identified by experts.
“When we see big-ticket announcements around budget or vaccines or interesting social announcements, those are the times a surge in attacks happens. During that time frame, people were looking for information about the vaccine and vaccine distribution chain,” explained Das.
“Work-from-home also triggered larger ransomware-based attacks,” he added.
In India and abroad, ransomware—malicious software that infects computers and displays messages demanding ransom to restore access—was the most common type of attack. And recently, it is not only being used to collect ransoms for unlocking desktops but also for data exfiltration. An added threat now is that hackers are taking the data and selling it in the open market.
Besides ransomware, spoofing attacks increased in a year of social distancing and remote work. Brands offering collaboration tools such as Google, Dropbox, and Microsoft, or online shopping brands such as Amazon and PayPal, were among the top 10 spoofed brands in 2020, IBM found.
“So much business is running on Google and Amazon so they did have a major impact on Indian customers and businesses,” said Das. Amazon Web Services (AWS), which launched in May 2016 in Mumbai, has amassed a large and diverse clientele. In the middle of the pandemic, Google offered G-Suite tools at no cost to small businesses for a month.
Outside of work, phishing emails around Covid-19—mass blasts for consumers—were targeting individuals, IBM found. In June, the Indian government even issued an advisory warning against unsolicited emails and links related to coronavirus.
Indian companies fight back
While vulnerabilities are aplenty, they have also served as a wake-up call for Indian companies.
“The business need of digitisation is driving security adoption in a direct matter, rather than an afterthought, which was the case before last year,” said Das.
Typically, Indian companies have been slow to respond to cyberattacks and breaches, taking around nine days versus seven days globally. But over the last year, the adoption of cybersecurity practices has accelerated, and become more nuanced. “The market is moving out of compliance-driven sectors to threat-driven ones,” said Das. “The conversation not driven by what RBI (Reserve Bank of India) is telling us. People are looking into threat vectors.”
And now that companies have gotten a taste of work-from-home and spent money on setting up checks and balances to make it work—virtual private network (VPN), identity access management, privileged access management, and so on—there will be no turning back.
“I don’t think there will be a reversal of the transformation we’re doing right now as a compulsion for Covid-19,” said Das. “Digitisation, around work-from-home, around the adoption of hybrid cloud—all of these have got impactful business outcomes. In a post-pandemic world, their adoption will continue at the same pace.”