Cyber Attack Alert: Attackers see huge potential in India amid the pandemic.

India becomes favourite destination for cyber criminals amid Covid-19

The COVID-19 pandemic was an exceptionally uncommon event that altered the lives of billions of citizens globally resulting in a new norm living in the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime-related circumstances which not only affected society but business too. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks.

The pandemic of COVID-19 and the imposed lockdown, has led to more people being confined at home with many more hours to spend online each day and therefore increasingly them to rely more on the Internet to access services, they normally obtain offline. Although the dangers of cyber-crime have been there for many years, the increase in the percentage of the population connected to the Internet and the time spent online, combined with the sense of confinement and the anxiety and fear generated from the lockdown, have provided more opportunities for cybercriminals to take advantage of the situation and make more money or create disruption. One such Common cybercrime technique is phishing. Phishing is the fraudulent practice of inducing individuals to reveal personal information, such as passwords and credit card numbers through fake websites or emails. A sharp surge of fake or inappropriate drugs and medical equipment sold at a very high price to allegedly cure the Coronavirus is also seen in an increasing number of websites by well-designed cybercriminals, the scam involves impersonating public authorities such as the World Health Organisation, and organizations such as supermarkets and airlines targeting support platforms such as PPE and offering Covid-19 cures. These cybercriminals often target the public, who are now socializing and spending more time online in general, as well as the increased population of people who are working from home Besides this such scams, can be sent by text or e-mail, and in most cases, a URL pointed to a fake institutional website that requests debit/credit card details.


The year 2020 saw one of the largest numbers of data breaches and the numbers seem to be only rising. The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020. In July 2020, India recorded its highest number of attacks at 4.5 million. In February 2021—nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks. India alone witnessed 9.04 million attacks in February 2021. The total number of attacks recorded in India during Jan & Feb 2021 was around 15 million. On the bad side, this disturbing trend in India has been firms’ failure to acknowledge that a breach has happened, which then makes individual users wonder if their data is safe at all. For instance the recent data breach at the payment firm Mobikwik, It was reported that the data breach incident has affected 3.5 million users, exposing know-your-customer documents such as addresses, phone numbers, Aadhaar card, PAN cards and so on The leaked documents, posted on the dark web on Monday, claimed to have 8.2 terabytes (TB) of data.


When someone’s personal health is involved, the need for information can be easily aroused especially, when the issues are protective measures, alleged treatment methods, vaccination, or supposed information from government sources. In this way, internet users lose their suspicion and fall prey to scams or malware and get the upper hand, and tend to bring the customer into their confidence. This targeted manipulation of people is what is called “human hacking“.Sending out huge numbers of so-called “phishing mails“ is another popular method used by these hackers. By using forged emails and providing a fake pretext, made to look as credible as possible, internet users are persuaded to enter passwords or other sensitive data or to open an email attachment infected with malware.

These well-versed cybercriminals are primarily interested in obtaining demographic and financial information, in order to make money with digital identity data In this process, hospital IT systems can be deliberately compromised. In addition, hospitals and other healthcare sector facilities are also becoming the targets of this so-called vicious circle. These hackers operated by impersonating biomedical companies and sending phishing emails to corporate executives and global organizations involved in vaccine storage and transport, The goal was to try to get hold of the recipients’ account credentials and gain unauthorized access to internal communications, as well as information about the process, methods and plans to distribute a Covid-19 vaccine. As governments are preparing to roll out vaccines, criminal organizations are planning to disrupt supply chains, where the manufacturers of Covid-19 vaccines are being targeted primarily and not just the nation or states. These cybercriminals popularly identified as “ransomware groups “as well. Pharmaceutical companies making these vaccines are also vulnerable to theft of their confidential data and trade secrets. Criminals use malware to encrypt the stored data of their victims in order to blackmail them afterwards. As a result of this, data will be decrypted in return for a ransom payment. Apart from this, the states can also use cyber operations for the purpose of sabotage in times of peace, i.e. corrupting software and operating processes in order to weaken an economic or political system. In this way, the state doing the sabotage expects to profit from influencing a given situation, which as a result is becoming a big threat to many nations.


Corona virus-related scams and developments resulting from cybercriminals will remain at a high level as long as the virus dominates the headlines. Cybercriminals will adapt their activities, depending on how the pandemic develops which will just further deteriorate the existing condition. It is only through a joint effort of the population, businesses, and organizations that this threat can be reduced to an acceptable level. For Cybersecurity researchers who uncover breaches, policy reforms are needed as many face threats of legal prosecution without legislative protection. Enacting cybersecurity legal policies will give all stakeholders a frame of reference and guide them towards building a more resilient digital economy. Incident reporting should also be made mandatory


Leave a Comment

Your email address will not be published.