India, US, Indonesia, and China accounted for 45% of total cyberattacks on government agencies worldwide in the second half of 2022, according to a report by cybersecurity firm CloudSek, released on 30 December. The number of attacks on government agencies were up 95% year-on-year, the report claims.
India was the most targeted country in 2022 as attacks on government agencies more than doubled. CloudSek attributed this to an increase in activities of Malaysia-based hacktivist group Dragon Force, which ran campaigns such as #OpIndia and #OpsPatuk against India in retaliation to the controversial comments by an Indian politician on Prophet Mohammed.
Another hacker group Khalifah Cyber Crew intensified attacks on India in protest against alleged “Muslim discrimination” by the government, the report said.
Hacktivism is a form of cyberattack where the hacker’s motivation is not financial gains but to promote a political agenda or protest against certain policies. Last year, attacks on China also increased due to its aggressive stance towards Taiwan and the Uyghur community.
Attacks on government agencies in China declined to 4.5% of all attacks from 13.10% last year. On the other hand, in India, US, and Indonesia, the share of all attacks grew from 6.3% to 13.7%, 7.4% to 9.6%, and 4.6% to 9.3%, respectively,
In 2022, hacktivism accounted for 9% of the cyberattacks on the government sector.
In addition to hacktivism, government agencies in India are also increasingly being targeted by phishing campaigns, according to the report.
CloudSek also found that ransomware groups were very active and accounted for 6% of the attacks on governments. LockBIT, which provides ransomware-as-a-service (RaaS) was the most prominent ransomware operator. Its targets this year include government agencies in the US, Canada, and Italy. In November, a Russian national was arrested in Canada for alleged involvement in LockBIT ransomware campaigns in the US.
Last month, India’s top government-run hospital All India Institute of Medical Science (AIIMS) was also hit by a cyberattack causing disruption of online services that lasted over two weeks.
India’s nodal cybersecurity agency Computer Emergency Response Team (CERT-In) found in its investigation that five AIIMS’ servers were compromised during the attack and nearly 1.3 terabytes of data was encrypted by hackers.
“The ratio of government-sponsored attacks has also multiplied; however, there is no exact figure for this increase since these attacks are mostly untraceable. This growth can be primarily attributed to the advent of RaaS models,” CloudSek said.
Attacks on Russia increased 600% in 2022 in retaliation to its invasion of Ukraine, making it the fifth most targeted country.
Cyberattacks on government agencies are not new. Many of these attacks state sponsored and are aimed at stealing sensitive information or cripple critical infrastructure of other countries. Indian entities are often targeted by hacker groups with links to China. Similarly, many of the attacks on US agencies often originate from Russia or North Korea.
According to IBM’s ‘Cost of Data Breach Report 2022’, the average cost of data breaches in the government sector has increased from $1.93 million in 2021 to $2.07 million this year.
Experts believe that state-sponsored hackers will go after cloud services next year due to growing digital transformation. “Nation states will begin to target cloud service provider (CSP) managed services as companies migrate more of their attack surface to these managed services,” said Bob Huber, chief security officer at Tenable, a cybersecurity firm.