India becomes favourite destination for cyber criminals amid Covid-19
With pandemic disrupting businesses and with remote working
becoming reality, cyber criminals have been busy exploiting vulnerabilities.
Year 2020 saw one of the largest numbers of data breaches and the numbers seem
to be only rising.
According to Kaspersky’s telemetry, when the world went into
lockdown in March 2020, the total number of bruteforce attacks against remote
desktop protocol (RDP) jumped from 93.1 million worldwide in February 2020 to
277.4 million 2020 in March—a 197 per cent increase. The numbers in India went
from 1.3 million in February 2020 to 3.3 million in March 2020. From April 2020
onward, monthly attacks never dipped below 300 million, and they reached a new
high of 409 million attacks worldwide in November 2020. In July 2020, India
recorded its highest number of attacks at 4.5 million.
In February 2021—nearly one year from the start of the
pandemic—there were 377.5 million brute-force attacks—a far cry from the 93.1
million witnessed at the beginning of 2020. India alone witnessed 9.04 million
attacks in February 2021. The total number of attacks recorded in India during
Jan & Feb 2021 was around 15 million.
A data breach, irrespective of the modus operandi, has grown many
folds in India. However, the disturbing trend in India has been firms’ failure
to acknowledge that a breach has happened, which then makes individual users
wonder if their data is safe at all.
Take the instance of the recent data breach at the
payment firm Mobikwik. It was reported that the data breach incident
has affected 3.5 million users, exposing know-your-customer documents such as
addresses, phone numbers, Aadhaar card, PAN cards and so on. The company, till
now, has maintained that there was no such data breach. It was
only after the regulator Reserve Bank of India (RBI) asked Mobikwik to get the
forensic audit conducted immediately by a CERT-IN empanelled auditor and submit
the report, that the company is working with requisite authorities.
Rajshekhar Rajaharia, cybersecurity researcher who first tweeted
about the MobiKwik issue, and many such breaches in India said: “Most
companies, small or big, accept that they have been breached, especially when
evidence of a data breach comes forward. In my experience, this makes their
customers trust them even more. In the case of MobiKwik, it is surprising why
they are not admitting to having been breached. They have threatened legal
action against cybersecurity researchers and the fact that the leaked data has
now been taken off the dark net is possibly giving them a false sense of
security.”
Comments
Post a Comment