The ministry of residence affairs (MHA) has issued an advisory to all banks relating to hacker teams concentrating on the banking and finance sector in gentle of the G20 summit in New Delhi on September 9 and 10. The ministry has mentioned that because the occasion approaches, malicious risk actors are more likely to goal the banking sector.
Authorities have noticed that varied cyber risk actor teams have been claiming credit score for Distributed Denial-of-Service (DDoS) assaults on the banking sector. On Thursday, a DDOS strike was tried on a serious Indian financial institution by a overseas group.
“In view of the above, Banks are requested to closely monitor their IT infrastructure for such attempts as they are likely to intensify in the coming days,” MHA’s advisory said.
Agencies are monitoring cyberspace and have found that a full-fledged operation has been initiated by various hacker groups, mainly those that have religious inclinations.
During the analysis it has been found that these groups are also taking support from various other hacktivist groups and countries, attacking government-private websites, leaking data of government websites, stealing data, making websites unavailable, sending huge traffic packets, DDoS attacks, defacement attacks, and user account takeover, etc.
The groups are using various hashtags to target Indian cyberspace, such as #OPINDIA, #CYBERERRORSYSTEM, #JAMBICYBERTEAM, #GARUDASECURITY, etc.
Sources said that multiple agencies are working together to protect India’s cyber infrastructure, and so far nothing major has been done by these groups except attacking a few government websites.
Multiple media reports have indicated that Indian agencies are on high alert to secure cyberspace, with a particular emphasis on protecting government websites from potential cyberwarfare, including threats from China-Pakistan cyber warriors. But apparently, the G20 event is attracting more cybercriminals, including those from Indonesia.
Recent developments have added a new layer of concern to the New Delhi event. Indonesian hacktivist groups, including Ganonsec and Jambi Cyber Team, have announced their intentions to target Indian organisations and launched a campaign named ‘OpIndia’, pledging to disrupt India’s digital infrastructure. The announcement of the cyberattack was made by the Indonesian hacktivists on their Telegram channel.
FalconFeedsio, a cyber threat intelligence platform, has reported on this escalating threat on social media site X. In a post on September 7, they shared the screenshot of the Telegram message. It reads: “We invite all Muslim hackers and hacktivists. You join our Operation India. Are you ready to join #OpIndia? Date:- 9 and 10 September 2023. “Same Date on G20 summit”. Great #Team_Herox #ACEH_ABOUT_HACKED_WORLD #GanoSec_Team. Soon….”
Another post from the same source on September 6 reads, “Religious hacktivist groups from Indonesia to start campaign against India in context of upcoming G20 event. The campaign named opIndia claims to target Indian websites on 9th and 10th of September.”
The screenshot shared by FalconFeedsio included a poster for this marketing campaign and a textual content that said: “ARE YOU READY TO PARTY IN INDIAN EVENT KTT G20? Note: Don’t blame us as a result of that is the reply to your challenges who need to goal Indonesia. Look this time it is going to be extra full of life than earlier than. #OPINDIA #HacktisitIndonesia”.
The X handle on September 5 alerted the Indian Computer Emergency Response Team (CERT-In) by posting a threat alert, which included a screenshot of another Telegram message, stating: “Hacktivist Indonesia – Ganonsec – Jambi Cyber Team #OpIndia 9 September 2023 sampai waktu tidak ditentukan (which roughly translates to ‘until time is not specified’).”
CERT-In is on the forefront of India’s cybersecurity efforts for the G20 summit. As reported, one key cybersecurity method being adopted is the “zero belief” principle, which involves continuous monitoring of all IT assets. The home ministry’s cyber unit has strongly advocated for this model, emphasising stringent authentication and authorization for every device and individual accessing private networks.
Additionally, this approach is not limited to individuals within a private network, such as an employee working remotely or on a mobile device at an off-site conference. It also extends to any person or endpoint outside of the network, regardless of whether they have previously accessed it. This strategy shifts away from the traditional “trust but verify” mindset to a extra cautious “by no means belief, at all times confirm” stance.
Similarly, a few more decisions have been taken to ensure cyber safety such as limiting the number of simultaneous management connections in hotels, firewall-based login to access the network, and restrictions in connecting external devices to the internet in respective locations.
The G20 summit is an annual meeting of the heads of state and government of the world’s 20 largest economies and these meetings are major targets for cyberattacks, as they provide an opportunity for attackers to disrupt or gain access to sensitive information. Some notable cyberattacks occurred during previous G20 events.
For instance, a spear phishing assault was launched in the course of the Paris G20 summit in 2011, concentrating on French authorities officers. Then, in 2014, the private knowledge of some attendees on the Brisbane G20 summit was leaked on-line, which included their names, e-mail addresses, and telephone numbers. Also, hackers focused the pc programs in Germany within the weeks main as much as the 2017 Hamburg G20 summit. Indian authorities are taking all such threats significantly and are actively monitoring the state of affairs.
Source web site: www.news18.com
