Over 20 days since the Indian government’s decision to abolish Articles 370 and 35A in the erstwhile state of Jammu & Kashmir, the increased volume of cyber attacks on India and its infrastructure has not slowed down. While reports of heightened attacks following India’s decision has already been published, the volume of persistent attacks is a matter of considerable concern. Furthermore, while most of the attacks are believed to be the work of private groups based abroad, there remains a possibility that the increased attacks have the hand of Pakistan-based cybercriminals, who may be collaborating with Turkish and Chinese cyber attackers to focus efforts on India.

Speaking to News18, Faran Jeffery, deputy director and South Asia desk head of the Islamic Theology of Counter Terrorism, said, “India has seen an uptick in cyber attacks since the Indian government's latest move on Kashmir. Recently, the official website of the Bihar Education Department was hacked, and ‘RootAyyildiz Turkish Hacker’ claimed responsibility for posting messages praising Pakistan and Islam. Before that, Twitter accounts of Indian celebrities were also hacked by Turkish hackers. We may also see Pakistani hackers collaborating with Turkish and Chinese hackers (right now). So far, most attacks have been coming from Pakistani or Turkish hackers, most of who appear to be working without state backing. But in case of China, most Chinese hackers are state backed in some way.”

Prayukth KV, head of IoT marketing at Subex, cites information surveyed from the Subex honeypot. He told News18, “Right now, we have seen a definite spike in attacks from various sources with masked IPs in the last three or four weeks, although the quality of malware has not been very varied. However, the volume of attacks has definitely increased, and it has not come down as tension settled a little. This somewhat shows that the agenda is not purely data or financial gain, and the threat actors are using these attacks as a sort of warning, that if any decision is not taken to their favour, they can really scale up the attack on anything they wish in critical infrastructure, leading to warfare.”

Jeffery’s view, however, differs slightly, despite maintaining a similar tone. He said, “These cyber attacks most of the time don't do much (more) than cause unnecessary headaches to the target. But, in some cases, where public or government data is hacked, these attacks could prove to be more than just a headache. The end objective of these cyber attacks is to give a tough time to India in the cyber world. India has little to worry about, as long as these cyber attacks are coming from hacker groups and not state backed hackers.”

Elaborating on which sectors seem to be facing the highest amount of attacks, Prayukth stated, “At this point, all of these attacks are targeting connected critical infrastructure. These include critical infrastructure, such as smart cities, utilities, transportation, etc. Defence and oil and gas are constantly targeted, as always. However, what’s important to note is that a sector like agriculture is not targeted.” According to Prayukth, the reason for this is that despite its importance, breaches on smart agriculture infrastructure do not create national impact the way sectors such as transportation, utility resources, defence and oil are noticed. As a result, these attacks are more about creating an impact right now.

Tracing an attack to its origin is also rather difficult, since most IPs (internet protocol addresses) are always masked through virtual networks. As a result, it might be difficult to understand which attacks are being targeted from external state-backed sources, and otherwise too. As Prayukth stated, “A lot of infrastructure in India will come online in the next 5-7 years, because of which the hackers are studying how these networks are evolving. They are also probing our defences to prepare better. Imagine, when airports come online, attacking such a system can create a massive disruption in daily life.”

Given the focus on critical infrastructure, it remains to be seen how the Indian government reacts to the rising threat of cybercrime, especially with the steady advancement of technology. According to various sources, India has been steadily scaling up its cybersecurity efforts, but given the rise in attacks, further clarity remains warranted on this issue.