G20 Summit Confronts Cybersecurity Challenges from China and Pakistan, Indonesian ‘OpIndia’ Campaign; Authorities Take ‘Zero Trust’ Approach
The Ministry of Home Affairs (MHA) has issued a notice to all banks about hacker groups targeting the banking and financial sector in light of the G20 summit held in New Delhi on September 9 and 10. The ministry has said that as the event approaches, malicious threat actors are likely to target the banking sector.
Authorities have discovered that several cyber threat actor groups have claimed credit for distributed denial of service (DDoS) attacks on the banking sector. On Thursday, a foreign group attempted a DDOS strike on a major Indian bank.
“In view of the above, banks are requested to closely monitor their IT infrastructure for such attempts as they are likely to increase in the coming days,” the MHA advisory said.
The agencies monitor cyberspace and have observed that several hacker groups, mainly with religious leanings, have launched full-scale operations.
During the analysis, it has been found that these groups also take support from various other hacktivist groups and countries, attack government private websites, leak information of government websites, steal information, make websites unusable, send huge traffic packets, DDoS attacks, defacement. attacks and hijacking of user accounts, etc.
Various hashtags are used by groups to target Indian cyber space like #OPINDIA, #CYBERERRORSYSTEM, #JAMBICYBERTEAM, #GARUDASECURITY etc.
Sources said several agencies are working together to protect India’s cyber infrastructure and so far these groups have not done anything major except for attacks on a few government websites.
Several media outlets have indicated that Indian agencies are ready to secure cyberspace, with particular emphasis on protecting government websites from potential cyberwarfare, including threats from Chinese and Pakistani cyberwarriors. But apparently the G20 event attracts more cybercriminals, including from Indonesia.
Recent developments have added another layer of worry to the New Delhi event. Indonesian hacktivist groups, including Ganonsec and Jambi Cyber Team, have announced plans to target Indian organizations and launched a campaign called OpIndia that promises to disrupt India’s digital infrastructure. Indonesian hacktivists announced the cyber attack on their Telegram channel.
FalconFeedsio, a cyber threat intelligence platform, has reported this growing threat on social media site X. On September 7, they shared a screenshot of a Telegram message. It reads: “Calling all Muslim hackers and hacktivists. You will join our operation in India. Are you ready to join #OpIndia? Date: – September 9 and 10, 2023. “Same day as the G20 Summit”. Great #Team_Herox #ACEH_ABOUT_HACKED_WORLD #GanoSec_Team. Soon….”
Another post from the same source on September 6 says: “Religious hacktivist groups from Indonesia to launch campaign against India ahead of upcoming G20. Campaign called OpIndia claims to target Indian websites on September 9-10.”
A screenshot shared by FalconFeedsion featured this campaign poster and text that stated, “ARE YOU READY TO LAUNCH IN INDIA EVENT KTT G20? Note: Please don’t blame us as this is the answer to your challenges who want to target Indonesia. See, this time it’s more alive than before. #OPINDIA #HacktisitIndonesia”.
On September 5, the X-handle alerted the Indian Computer Emergency Response Team (CERT-In) by sending a threat alert that included a screenshot of another Telegram message stating: “Hacktivist Indonesia – Ganonsec – Jambi Cyber Team #OpIndia September 9, 2023 sampai waktu tidak besikta (which roughly means ‘until the time is not specified’).”
CERT-In is at the forefront of India’s cyber security efforts at the G20 summit. As discussed, one key approach to cyber security is the zero-trust principle, which involves continuous monitoring of all IT assets. The Ministry of the Interior’s cyber unit has strongly advocated this model, emphasizing strict authentication and authorization for every device and private individual. networks.
Additionally, this approach is not limited to individuals on a private network, such as an employee working remotely or on a mobile device outside of a conference. It also extends to any person or endpoint outside the network, regardless of whether they have previously used it. This strategy moves away from the traditional “trust but verify” mindset to a more cautious “never trust, always verify” attitude.
Likewise, a few other decisions have been made to ensure cyber security, such as limiting simultaneous management connections in hotels, firewall-based login for online access, and restrictions on connecting external devices to the Internet in similar locations.
The G20 summit is an annual meeting of the heads of state and government of the world’s 20 largest economies, and these meetings are major targets for cyberattacks because they offer attackers the opportunity to disrupt or gain access to sensitive information. There have been some notable cyber attacks during previous G20 events.
For example, during the G20 summit in Paris in 2011, a spear phishing attack was launched against French government officials. Then in 2014, the personal details of some attendees at the G20 summit in Brisbane were leaked online, including their names, email addresses and phone numbers. Hackers also attacked German computer systems in the weeks before the 2017 G20 summit in Hamburg. Indian authorities take all such threats seriously and are actively monitoring the situation.