New Study Shows Increasing Cyber Attacks On India's Critical Infrastructure

A new study conducted by CyberPeace Foundation, along with Autobot Infosec and CyberPeace Center of Excellence, has found that Indian oil companies faced 3.6 lakh cyberattacks in the last six months.

Among these most noticeable in recent weeks has been the targeting of Oil India Limited. On April 13, it was reported that PSU major Oil India Limited's registered headquarter at Duliajan in Assam's Dibrugarh district was purportedly under a cyber-attack which led the company to shut down all its computers and IT systems at the office.

The next day, the company received a ransom demand of $75,00,000 (roughly Rs. 57 crores) from the perpetrator. Subsequently, a case was registered under various sections of the Indian Penal Code and the Information Technology Act, 2000, after the company complained to the police.

The report highlighted that from the observed activity, October 2021 had 11,763 attacks. This figure jumped to 55,871 in November 2021, while December registered a fall with 20,714 attacks. January 2022 saw the figure going up once again with 52,298 breaches. Similarly, February and March recorded 19,342 and 69,998 hits, respectively. As of April 12, there have been 23,833 hits.

The study said the threat actors mostly used FTP, HTTP, s7comm, Modbus, SNMP and BACnet as the attack vectors.

The study yet again signals the increased targeting of critical infrastructure of Indian companies. Such attacks have increased in the past year worldwide as well. CyberPeace Foundation also detected a significant increase in phishing and social engineering attacks on Indian organizations in the oil and refining industries. Such attacks are used to dupe users into sharing sensitive information like passwords and other access details. Hackers are even using WhatsApp to send phishing messages with malicious links in the name of Indian Oil Corp, the firm said.

Earlier in the month, UK-based cybersecurity firm Recorded Future warned about a Chinese state-backed threat campaign targeting power companies in India. It had flagged similar attacks on power grids in the country in February. Similar reports came in last year as well when the firm said that a Chinese state-backed hacker group called RedEcho had targeted power grids in India.

Officially, China denied any involvement, and China's foreign ministry spokesman claimed China does not tolerate hacking. Union Power Minister R.K. Singh observed India's cyber defence capabilities thwarted China's attacks, revealing why cyber defence remains India's first line of protection against attacks and where investment by the Indian state has been substantial.

However, Kartik Bommakanti, a Fellow with the Strategic Studies Programme, ORF, contends that the concentration of the targets is also indicative of the level of effort China is making in probing for weaknesses in India’s electricity infrastructure. “The attacks may have only been a dry run by the Chinese cyber-attack teams in preparation for something more devastating down the line,” notes Bommakanti.

He further highlights that there is evidence to suggest cyber espionage as well. “Cyber espionage is critical because it would have helped assess and determine the nature of the intricate characteristics of the cyber network on which the electricity grid in Northern India close to the border with China is based. Cyber espionage is a vital prerequisite for cyber-attacks, even if these latest attacks by China failed to inflict any serious damage,” reckons Bommakanti.

He suggests that India’s primary or possibly only response measures appear to be defensive at present, and India should now also invest in more offensive cyber means as a response.