India, the US, Indonesia, and China accounted for 45% of the total cyberattacks on the government sector worldwide in the second half of 2022, according to a new report by cybersecurity firm CloudSek, released on Friday.
The number of attacks on the government sector increased by 95% during this period as compared to last year, the report claims.
India was the most targeted country in 2022 as attacks on government agencies more than doubled. CloudSek attributed this to an increase in activities of Malaysia-based hacktivist group Dragon Force, which ran campaigns such as #OpIndia and #OpsPatuk against India in retaliation to the controversial comments by an Indian politician on Prophet Mohammed.
Another hacker group Khalifah Cyber Crew intensified attacks on India in protest against alleged “Muslim discrimination” by the government, the report said.
Hacktivism is a form of cyberattack where the hacker’s motivation is not a financial grain but to promote a political agenda or protest against certain policies. Last year, attacks on China also increased due to its aggressive stance towards Taiwan and the Uyghur community.
Unlike India, the US, and Indonesia, where the share of all attacks grew from 6.3% to 13.7%, 7.4% to 9.6%, and 4.6% to 9.3%, respectively, attacks on government agencies in China declined to 4.5% of all attacks from 13.10% last year.
In 2022, hacktivism accounted for 9% of the cyberattacks on the government sector.
In addition to hacktivism, government agencies in India are also increasingly being targeted by phishing campaigns, according to the report.
CloudSek also found that ransomware groups were very active and accounted for 6% of the attacks on governments. LockBIT, which provides ransomware-as-a-service (RaaS) was the most prominent ransomware operator. Its targets this year include government agencies in the US, Canada, and Italy. In November, a Russian national was arrested in Canada for alleged involvement in LockBIT ransomware campaigns in the US.
Last month, India’s top government-run hospital All India Institute of Medical Science (AIIMS) was also hit by a cyberattack causing disruption of online services that lasted over two weeks.
India’s nodal cybersecurity agency Computer Emergency Response Team (CERT-In) found in its investigation that five servers were compromised during the attack and nearly 1.3 terabytes of hospital data was encrypted by hackers.
“The ratio of government-sponsored attacks has also multiplied; however, there is no exact figure for this increase since these attacks are mostly untraceable. This growth can be primarily attributed to the advent of RaaS models,” CloudSek said.
Attacks on Russia increased by 600% in 2022 in retaliation to its invasion of Ukraine, making it the fifth most targeted country.
Cyberattacks on government agencies are not new. Many of these attacks are often carried out at the behest of governments to steal sensitive information or cripple the critical infrastructure of other countries with which they are not on good terms. Indian entities are often targeted by hacker groups with links to China. Similarly, many of the attacks on US agencies often originate from Russia or North Korea.
According to IBM’s ‘Cost of Data Breach Report 2022’, the average cost of data breaches in the government sector has increased from $1.93 million in 2021 to $2.07 million this year.
Experts believe that state-sponsored hackers will go after cloud services next year due to growing digital transformation. “Nation states will begin to target cloud service provider (CSP) managed services as companies migrate more of their attack surface to these managed services,” said Bob Huber, Chief Security Officer at Tenable, a cybersecurity firm.