NEW DELHI :
A major cyberattack hit state-run Oil India Ltd on 13 April, targeting its Assam facility’s information technology (IT) systems. The company said the attack did not affect operations; however, media reports claimed that hackers demanded $7.5 million from the oil producer.
In a regulatory filing, Oil India said it has taken the necessary precautions.
Oil India isn’t alone. According to CyberPeace Foundation, a civil society organization, nearly 360,000 attacks on Indian oil companies were detected by threat intelligence sensors deployed to analyze real-time cyberthreats between October 2021 and 12 April. Its study said 19,342 threats were detected in February, the least in this period. October had the highest number of attacks at 117,000.
The study was part of CyberPeace Foundation’s eKawach programme, for which it partnered with Autobot Infosec Pvt. Ltd and CyberPeace Center of Excellence (CCoE) to deploy the SCADA Critical Information Infrastructure threat intelligence sensors, which are industrial control systems deployed on critical infrastructure.
A spokesperson for CyberPeace Foundation said, “Deploying the simulated network will play a key role in collecting data on attack patterns, different types of attack vectors for the different protocols, and the recent malicious activities.” An attack vector is a method used by hackers to exploit vulnerabilities and infiltrate a system or network.
The study signals the growing number of cyberattacks on the critical infrastructure of companies in India. Such attacks have increased in the past year worldwide as well. Several US firms, including Colonial Pipeline and JBS Foods, were hit by ransomware attacks in 2021.
This month, UK-based cybersecurity firm Recorded Future warned about a Chinese state-backed threat campaign targeting power companies in India. It had flagged similar attacks on power grids in the country in February.
“In recent months, we observed likely network intrusions targeting at least seven Indian state load despatch centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states,” the security firm said in a blog post on 6 April. It added that SLDCs were located in north India and in proximity to the disputed Indo-China border in Ladakh.
Last year, the firm said a Chinese state-backed hacker group called RedEcho had targeted power grids in India. “This latest set of intrusions, however, is composed of an almost entirely different set of victim organizations. In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics firm by the same threat activity group,” the company said in its post.
Further, CyberPeace Foundation also detected a significant increase in phishing and social engineering attacks on Indian organizations in the oil and refining industries. Such attacks are used to dupe users into sharing sensitive information like passwords and other access details. Hackers are even using WhatsApp to send phishing messages with malicious links in the name of Indian Oil Corp, the firm said.
Though CyberPeace Foundation didn’t attribute the attacks directly to any ransomware group or state-sponsored attack, the researchers pointed out that javascript code called hm.js was being executed from a Baidu subdomain hm.baidu.com, suggesting the involvement of Chinese hacker groups.
“With the number of ransomware attacks continuing to skyrocket, cybercriminals are expanding their targets by shifting focus towards critical infrastructure and evolving into deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation,” said Parag Khurana, country manager of Barracuda Networks, a cybersecurity firm.
A report this month from security firm Palo Alto Networks noted a 218% increase in ransomware attacks on Indian organizations in 2021. Barracuda Networks has also seen increased cyberattacks on critical infrastructure companies such as Oil India. Attacks on critical infrastructure in India accounted for 11% of all cyberattacks in 2021.
Khurana said attacks on critical infrastructure firms could cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unanticipated expenses.
Using cyberattacks to disrupt critical infrastructure started in 2010 when the US and Israel used the Stuxnet virus to target a nuclear facility in Natanz, Iran, to derail the country’s nuclear programme. The virus caused a malfunction in the uranium enrichment centrifuges, which affected the plant’s nuclear enrichment efficiency.
