A recent study revealed that approximately 5 million people worldwide have had their data stolen and sold on the bot market, with 600,000 from India.
It means that India, which is still waiting for a data protection bill to become law, is the most severely impacted country in the world, accounting for 12% of all data on bot markets, which are online marketplaces used by cybercriminals to sell data they have stolen.
It is noteworthy that these markets differ from other dark web markets in that they can obtain large amounts of data about a single person in a single location. After selling the bot, they guarantee the buyer that the victim’s information will be updated for as long as the device is infected by the bot.
The study by NordVPN of Lithuania’s Nord Security has revealed that the stolen information included user logins, cookies, digital fingerprints, screenshots, and other details.
According to researchers who have been tracking the data since the start of the bot markets in 2018, an Indian’s digital identity costs on average around Rs 490.
It was said that on the examined markets, at least 26.6 million stolen logins had been discovered and these included 720,000 logins for Google, 654,000 for Microsoft, and 647,000 for Facebook.
Additionally, researchers also discovered 667 million cookies, 81 thousand digital fingerprints, 538 thousand auto-fill forms, a tonne of screenshots from various devices, and webcam pictures.
Stolen data were found after examining three major bot markets which are the Genesis market, the Russian Market, and 2Easy.
It is understood that while bot markets are becoming more popular, cybercriminals are continuing to use some common malware like RedLine, Vidar, Racoon, Taurus, and AZORult to steal data.
Several cybersecurity experts in India have been highlighting such cyber challenges for years as the country is on the path of complete digitisation.
Even Dr Pavan Duggal, Supreme Court lawyer and chairman of the International Commission on Cyber Security Law, stated earlier that “cybersecurity is the need of the hour” considering the cyber challenges India has been facing.
For example, recently, there were two major cybersecurity incidents in India that triggered massive concerns regarding national security. In the first case, the online services of AIIMS Delhi were crippled on November 23 as a result of a cyberattack.
Only a few days later, it was reported that on November 30, the Indian Council of Medical Research (ICMR) website was subjected to approximately 6,000 hacking attempts in a 24-hour period.
Many experts also pointed out the issue that the country’s critical infrastructures are under massive cyber threat and this includes healthcare organisations, banking as well as finance sectors.
Kunal Bajaj, chief business officer, eSec Forte Technologies, told News18: “All stakeholders across business ecosystems are unanimous on the pressing need to preserve the data in the safest and secure way. Undoubtedly, this awareness will help users and companies not let their guard down and remain alert to cyberattacks which are increasingly becoming hi-tech and sophisticated."
“Although the complexity of the attacks is likely to intensify in 2023 and beyond, cyber experts are also coming up with novel technologies to protect systems against data leaks and hacking attempts," he noted.
Bajaj also said that the most reliable method of keeping these attacks at bay is to continuously upgrade systems, deploy new-age technologies, use trusted networks, and never click on suspicious emails without verifying the sender’s credentials. “These simple steps are quite basic but can prove instrumental in keeping you and your organisation safe from the malicious intent of cybercriminals," he said.
However, as the country is waiting for a data protection law, there is also a question that whether the recently proposed bill and the upcoming law would help India put an end to or ensure safety from such data thefts.
Meanwhile, Sandip Kumar Panda, CEO and co-founder of InstaSafe, told News18: “As bot markets are able to scrap so much data from the companies, there is a dire need for having a suitable cybersecurity measure. The proposed data protection bill will push companies to implement adequate cybersecurity measures around data protection and storage. Once the data protection bill is implemented, the companies will make sure to frequently audit their applications and servers to safeguard against bots and hackers."
Rocio Herraiz, Global Head of Communications at Noventiq, said that the cybersecurity atmosphere at this moment is something to be concerned about, and to start placing some measurements on a personal and professional level.
According to Herraiz, the proposed legislation can help to protect people’s personal data as well as companies’ information.
“This is because as per the bill, the individuals will have more power to give access to their own data, and it seems that the process of approval to provide information will have more steps, and therefore, will require the person to be more aware of the data that will be shared,” she added.
However, Herraiz said she doesn’t think that these measures will stop such activities completely. “I think that apart from the legislation, it is crucial to offer the right information to people and teach them certain steps they can follow to protect themselves such as don’t give your personal data or financial information via social media platforms, or to any organisation when they ask for it until you have proof that it’s a legitimate entity. The government in India is already helping by placing this bill, but the individuals need to also do their part to protect themselves," she noted.
Read all the Latest Tech News here