While cyber attacks and cyber crimes have been growing steadily in India, the country has typically not been known for harbouring threat actor groups, or hacker and cyber criminal collectives, as organised entities. It is this that appears to have put India on the map of cyber crime hotspots being monitoring, according to Google’s Threat Analysis Group report published yesterday. The report states that India has seen a drastic rise in “hack for hire” firms, who are spoofing the World Health Organisation (WHO) to cash in on the Covid-19 pandemic’s mayhem and paranoia, in a bid to steal sensitive user data.
Shane Huntley of Google’s Threat Analysis Group writes in the report, “The accounts have largely targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the UK. The lures themselves encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website. The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers.”
The first report by the Google Threat Analysis Group states that 1,755 individuals were sent warnings about being victims of government-backed cyber espionage campaigns. In a heat map also published by Google, India appears to have considerable cyber crime activity for the month of April, preceded only by USA, Bangladesh and a few South-East Asian countries. The rise of these ‘hack for hire’ firms will raise alert in terms of organised cyber crime circles in India, which may be operating as a consortium behind the veils. Google also noted “coordinated influence operations” being run by government-backed actors across the world, but does not mention India explicitly in the list of nations being prey to this.
Ever since the onset of Covid-19, we have reported exhaustively about the rising volume of various cyber crimes looking to cash in on the Covid-19 panic. We have also heard from top cyber cops about the lack of resources in fighting cyber crime in India. If this does come into prominence, India will likely see a significant uptick in its efforts to ramp up legal and operational efforts against organised cyber crimes in India. Going forward, it will be interesting to see how this saga pans out.