2000 Cyber Attacks Every 24 Hours On Indian Oil Companies: 3.6 Lakh Cyber Attacks Reported In 6 Months

A study conducted by CyberPeace Foundation, a civil society organisation found that Indian oil companies faced 3.6 lakh cyberattacks in six months.

The OIL Incident

The most noticeable and recent among these attacks were detected between October 2021 and April 12, 2022 on Oil India Limited’s (OIL) Assam headquarters.

The public company found a ransom note on one of the infected computers, demanding $7,500,000 (approximately Rs. 57 crore) despite the company saying that the attack did not affect operations.

It later said that it had taken the necessary precautions.

How Data Was Collected

A CyberPeace Foundation spokesperson said that they collect data on “attack patterns, different types of attack vectors” and gather useful information by deploying the “simulated network”.

An attack vector refers to a method used by hackers to exploit vulnerabilities and infiltrate a system or network.

The perpetrators mostly used FTP, HTTP, s7comm, Modbus, SNMP and BACnet as the attack vectors.

Quick Growth

The number of reported attacks grew to 3.6 lakhs within just six months

They analysed real-time cyberthreats between October 2021 and 12 April.

19,342 threats were detected in February, the least in this period. October had the highest number of attacks at 117,000.

April is expected to accumulate big numbers as 23,833 hits had been reported by just April 12.

Phishing Attack

A rise was recorded in phishing, social- engineering attacks on organisations.

Evidence of manipulated WhatsApp messages were found which lured people with a fake offer from Indian Oil.

This “offer” was hosted on a third-party server, different from the official domains.

These are used to fool users into sharing sensitive information like passwords and other access details.

Impact

The study reflects the dire condition of a growing number of cyberattacks on the critical infrastructure of companies in India.

Such attacks could cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unanticipated expenses.

They have increased in the past year worldwide as well including US firms, including Colonial Pipeline and JBS Foods which suffered ransomware attacks in 2021.

Chinese Attack On Indian Cos

This month, UK-based cybersecurity firm Recorded Future warned about a Chinese state-backed threat campaign targeting power companies in India.

It had flagged similar attacks on power grids in the country in February.

It said that in recent months it observed likely network intrusions targeting at least seven Indian state load despatch centres (SLDCs).

These SLDCs are responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states.

Detection

They were located in north India and in proximity to the disputed Indo-China border in Ladakh.

A Chinese state-backed hacker group called RedEcho had targeted power grids in India last year.

However, here it targeted a different set of victim organisations.

Apart from power grid assets, it posed a threat to the national emergency response system and the Indian subsidiary of a multinational logistics firm by the same group.

Javascript code called hm.js was being executed from a Baidu subdomain hm.baidu.com, which indicates the involvement of Chinese hacker groups.