Indian govt bodies world's top victims of cyber attacks in 2022: Report

Number of incidents up 8x YoY shows CloudSEK study; Railways, AIIMS, CDSL among more recent cases; political and religious motives surpass commercial in several cases

Government bodies in India suffered the highest number of cyber attacks at 82 in the year 2022. The figure was up eight fold over the previous year.

According to a report released by threat analytics company CloudSEK, there was an alarming increase in cyber attacks targeting government entities in India. The company's cyber threat monitoring system had registered just 11 attacks on Indian public sector organisations in 2021.

The cyber incidents intensified due to hacktivist group Dragon Force Malaysia's #OpIndia and #OpsPatuk campaigns, the report says.  

Government-linked institutions such as Indian Railways, All India Institute Of Medical Sciences (AIIMS), and security depository Central Depository Services Limited (CDSL) have recently suffered cyber incidents like data breach, ransomware attacks and denial of services. Earlier this week, personal details of nearly 30 million railway users were seen on dark web for sale.

Data generated by CloudSEK's contextual artificial intelligence tool XVigil shows that the number of attacks targeting the government sector has increased by 95 per cent in the second half of 2022, as compared to the same period in 2021.

Although the rise in cyber attacks was due to a variety of reasons, the primary motive of most threat actors was to exfiltrate data and make money selling it.  

The year 2022 saw a significant rise in hacktivist activity, which accounted for about nine per cent of the recorded incidents reported in the government sector. Ransomware groups were also very active in the sector, accounting for six per cent of the total incidents reported, with LockBIT as the most prominent ransomware operator.

"These statistics clearly suggest that cyberattacks in this particular industry are no longer limited to financial gains; rather, they are now used as a means of expressing support or opposition for a certain political, religious, or even economic goal," the report stated.

Apart from India, the US, Indonesia, and China have remained the most targeted countries in the past two years. Together these four countries accounted for around 40 per cent of the total reported incidents in the government sector.

Globally, the total attacks on the government bodies mounted to 651 in 2022. September was the month with highest number of attacks in 2022, with 89 incidents.

KelvinSecurity and AgainstTheWest remained the top threat actors for the second straight year. AgainstTheWest executed its activities under several groups in different countries such as Operation Renminbi, Operation Ruble, and Operation EUSec.

The report says the tool also recorded a rise in Advanced Persistent Threat (APT) groups and hacktivist campaigns over the past decade.

APT group refers to a state-sponsored threat actor that gains unauthorised access to a computer network and remains undetected for a long period. On the other hand, hactivism comprises hacking motivated by politics or social change.

The data generated by the AI platform is further analysed by researchers at the company to uncover the patterns and generate statistics on the same.

"XVigil scours the surface web, dark web, and deep web for cyber threats, brand threats, and infrastructure threats. This data is further analyzed to categorize them based on severity, category, and client relevance. For this report, we focused on the Government sector, because we observed a spike in the sector," said a researcher at CloudSEK.