Indian Firms Wake Up to Vulnerabilities Amid China’s Cyber Threat

In the aftermath of the clash between Indian and Chinese soldiers in Galwan Valley, advisories from the government as well from CERT-In have warned of possible cyber attacks from malicious actors.

The advisories though have not specifically attributed the threat to China. However, CERT-In, on 19 June, has indicated that “malicious actors are planning large scale phishing attack campaigns against Indian individuals and businesses”.

While experts have asked how a cyber attack could be predicted the way it has been done, many large companies, including banks and financial organisations, have nonetheless moved swiftly to upgrade their security infrastructure.

The Quint spoke with three cyber intelligence experts on the current threat landscape, how serious the malicious activity has been thus far and how vulnerable organisations are to potential attacks.

Experts told The Quint there is a sense of urgency among organisations to bolster their IT security soon after the tensions between India and China escalated on 15 June after 20 Indian soldiers lost their lives in Ladakh’s Galwan Valley in a combat with People’s Liberation Army troops.

“The management got to a point where they said okay this is a real threat and we need to address it,” he added.

There has, however, been a sharp rise in phishing attacks since the advent of the COVID-19 pandemic in January. As the global COVID-19 pandemic rages, an attendant crisis of coronavirus-related cyber attacks has also proliferated.

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

“You get rogue traffic from China all the time. Most banking companies do block IPs from China but in recent times they have seen a significant increase since the advent of the COVID-19 pandemic,” said Akhil Reni, founder of WeSecureApp, a cybersecurity company.

Maharashtra cyber security cell has also issued an advisory after over 40,300 hacking attempts were made allegedly by China-based entities in the last 5 days

An Uneasy Quiet

On Friday, 19 June, Australian Prime Minister Scott Morrison announced that government and institutions are being targeted by sophisticated state-backed cyber attacks.

According to a BBC News report, Morrison said the cyber attacks were widespread, covering "all levels of government" as well as essential services and businesses. While Morrision declined to make any public attribution, cyber intelligence experts have long linked such attacks to China.

Experts in India said that Australia’s announcement by the prime minister himself raised further flags of similar attacks on Indian infrastructure as well.

While experts told The Quint that many of the attacks over the last few months have been located to servers based in China, there has been no significant spike yet in the last few days but possibility remains high.

“What Australia witnessed was a straight Distributed Denial of Service (DDoS) attack. The phishing attack advisory in India hasn’t really panned out so far and attackers don’t warn you before sending phishing mails,” said Yash Kadakia, founder Security Bridge, a Mumbai-based cybersecurity company.

Kadakia points out that the news of an imminent cyber attack has led many companies to take their vulnerabilities seriously.

“Every morning I have a message from one of the CISOs speaking about the current threat. I think they are all sort of expecting there will be more attacks now but nothing significant has happened as yet,” he added.

Reni said that his clients have seen attacks different from the regular phishing attempts and expects it to increase in the weeks to come.

Budget Woes

Cyber intelligence experts explain that a major reason behind India Inc’s vulnerability arises from difficulty in securing adequate budgets to bolster their infrastructure. They also point out that many companies have not considered information security as a priority area and remain highly vulnerable in the face of attacks.

Kadakia said the current atmosphere of looming cyber threat has actually led to a few companies expedite the approval of budgets. “In the current climate companies are getting more money and taking greater precautions. Irrespective of the China risk their data was at risk,”

However, budgets for a robust information security architecture among large companies still remain an afterthought, experts say.

“Chief Information Security Officers (CISO) in India have not been able to realise any real increase in budgets so far. They are still probably working on as-is budgets and finding it difficult to roll-out new projects in the current environment,” Rajesh Kumar, Director, cybersecurity, Netrika Consulting.

Akhil Reni, whose start-up specialises in designing and executing security roadmap for organisations said not all companies are able to increase their budgets but many have spent a good amount this year. “When I say ‘good amount’ it is compared to last year. There has been 20-30% increase in cyber security budgets lately,” said Reni.

Companies Waking Up To Poor Security

Banks and financial organisations are among the most vulnerable to attacks. A common issue among many of them has been a lack of understanding of the range of vulnerabilities. Experts said in the wake of COVID-19 related phishing attempts companies have now grown cautious about attacks related to siphoning of fund through phishing or whaling that impact immediate financial transactions.

“Also, these can result in increased DDoS attacks – either direct or indirectly through zombies created by phishing and malware. This is actually the real intent of any such state-sponsored malicious actors and may be used for deadly attacks to deface the government and large corporates,” Kumar added.

Kadakia points out that DDoS attacks, the kind that Australia faced is really hard to prevent. “There isn’t really a patch for that and it’s always going to be a problem irrespective of whatever controls you put into place,” Kadakia said.

A few proactive companies, as Reni points out, have taken steps to educate and train employees by simulating attacks internally.

“For example, there has been a social engineering attack recently. The bank simulated the same social engineering attacks on employees and see if they click on these links. If they do click on the malicious links then company is training them further,” Reni said.