CERT-in received 26,121 reports of Indian websites being hacked in 2020, of which 59 websites belonged to central ministries/departments or to state governments. In 2018 and 2019, 17,560 websites and 24,768 websites were hacked, with 110 and 54 of them being central or state government websites.
The data was tabled by Sanjay Dhotre, Minister of State in the Ministry of Electronics and IT (MEITY) in Parliament on Thursday in response to a question from AIADMK politician A. Vijayakumar.
According to logs made available to and analysed by CERT-in, the IP addresses of the originating computers belonged to various countries including China, North Korea, Pakistan, USA, and Russia. Attacks also came from IP addresses in Algeria, Brazil, France, Germany, Hong Kong, Indonesia, Netherlands, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey, Vietnam, etc.
Last week, MEITY stepped up vigil of cyberattacks of Indian companies in vaccine, logistics, pharmaceuticals, and power and has asked them to report any and all major cybersecurity incidents to CERT-in, reported the Indian Express. Since cyberattacks on Dr Reddy’s Laboratories and Lupin Ltd last year, MEITY and CERT-in have been conducting meetings with critical companies in the abovementioned sectors. Companies are reportedly receiving training for their staff for protection against cyberattacks, assessing weaknesses, and detecting attack attempts.
Earlier this month, a Chinese state-backed hacking group targeted the IT systems of Serum Institute of India and Bharat Biotech, which are manufacturing India’s Covishield and Covaxin vaccines for COVID-19, reported Reuters. Goldman Sachs-backed Cyfirma said Chinese hacking group Stone Panda had identified “gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India”. Chinese hackers are also rumored to have played a role in attacking India’s power grid, which reportedly may have caused a blackout in Mumbai last year.
- What we know about National Cyber Coordination Centre from IT Committee report
- Addressing challenges with network security preparedness
- Due Process Not Followed In The Kerala-Sprinklr Deal, No Clarity On Data Privacy: Expert Committee