Senior government officials in the Ministry of Defence and External Affairs Ministry have been targeted with a volley of phishing attacks. As per the reports, compromised government domain emails were used by hackers for carrying out hacking attacks.

It seems that the series of phishing attacks are not really stopping in India as various senior government officials have found themselves in midst of phishing attacks earlier this month. Cybercrime-related hacking and phishing attacks have become quite rampant especially after the coronavirus pandemic as many institutions have adopted remote ways of working from home.

According to a report in Hindustan Times, senior government officials in the Ministry of Defence and External Affairs Ministry have been targeted with a volley of phishing attacks. As per the reports, attackers used compromised government domain emails for carrying out hacking attacks.

Following this, the National Information Centre (NIC) has alerted the concerned branches of the potential security breach and notified all officials across ministries of the compromised emails. As of now, the extent of compromise of government computers is yet to be analysed. With this, NIC is also not sure about the level of intrusion made by attackers in government systems. Targets have been mostly the senior officials from three internal lists of the government mailing list.

Advanced phishing attacks

The bureaucrats who were attacked received the mails with documents which prompted them to click a link while eventually installing malware in their system. This enables hackers to get backdoor access into their systems. With this, the hackers can easily spy on the digital activities going on in the system while gaining access to sensitive data and information.

At present, the analysis shows that several emails were sent by using genuine domain names to the ministry officials. The hackers used @gov.in and @nic.in to make emails look authentic. These hacking attempt-induced emails were sent on February 10 which contained documents further asking them to click on certain files. Thereafter, NIC has raised alarm bells of the possible breaches that might have taken in the government systems.

A similar attack took place in 2008 as well where some dormant accounts were used to launch malicious attacks in the government’s digital systems. Currently, it is being estimated that hackers might have got access to at least one of the systems where they could have exploited the loophole in the security algorithm.

The most dangerous part of all this is that the emails were sent from authentic and genuine sources. This has raised serious security-related questions about over-identification of mails as genuine or malicious because many a time most people remain unaware about how to identify such attempts. Experts are now contemplating over the security provided by the two-step authentication process based on OTP for signing in.

By using genuine domains for emails, hackers can easily get into the inboxes while they can bypass filters and suspicious flags quite smoothly. In this way, they can lead to an organised chain of attack targeting multiple users at once.

Automated cybercrime tools

A recent report also hints that cybercrime attempts are increasingly being done on the basis of automated tools. Nearly 20 percent of hacking attempts are fuzzing attacks. Fuzzing attacks are automated processes of finding hackable software loopholes and bugs present in them. This is done by randomly feeding permutation of data into targeted programmes until a loophole in the system appears which provides access.

According to Barracuda networks, a cloud-enabled security solutions provider, the most used automated attacks are fuzzing attacks, injection attacks, fake bots along Distributed Denial of Service attacks (DDoS) attacks. While injection attacks and fake bots constitute 12 percent of the total hacking attempts, DDoS attacks consist of around nine percent of hacking attacks.

Besides this, during injection attacks, hackers use SqlMap to get into the apps where the hacking bots pretend to be Google while stealing information and data. Also, hackers have been found to target credit card numbers to carry out these attacks. Recent trends show that Visa is the most targeted card by these hackers to carry out hacking attempts.

Schools and Colleges – The easy prey

No doubt, that the pandemic has provided a golden opportunity to digital hackers as almost every institution from schools to colleges to offices has shifted its functioning online. According to the Barracuda Network report, in 2020 alone, there were more than 1,000 schools and colleges that witnessed online hacking attacks. Due to the pandemic, these institutions have become more vulnerable to such attempts.

Mostly, cybercriminals get access to these ids from either the dark web or from hacking. Moreover, the report suggests that 57 percent of malicious emails were sent from compromised internal accounts of these schools and colleges. Among these almost 86 percent of emails were carried from Gmail business accounts of various educational institutions. It was also found that the attackers used genuine headings such as Principal, Head of Department, etc.

Cybersecurity of Indian firms: A slippery slope

Indian firms are most vulnerable to hacking attempts in the world. As per a report by Acronis, a global technology company, 56 percent of companies noted that their IT costs have substantially increased. The firm conducted a global survey of 3,400 companies where 39 percent of the companies experienced video-conferencing attacks out of which 66 percent among Indian companies. With such numbers, India is at the top in reporting the most number of malware attacks followed by the US and the UAE.