Panaji: In 2016, banks had reportedly announced a leak of personal information of 3.2 million debit cards. In 2018, Pune-based Cosmos Bank lost Rs 94 crore in a malware attack. In 2019, the Kudankulam plant was attacked using malware.
India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February 2021. In a major cyber-attack, over 2,000 websites were hacked by hacker groups from Indonesia and Malaysia earlier this month.
The two hacker groups named by police include Dragon Force Malaysia and Hacktivist Indonesia. Over 670,000 cases related to cyber security were reported in India till June this year, Union minister Ajay Kumar Mishra informed Lok Sabha.
Artificial Intelligence (AI) applications are transforming existing threats, creating new classes of threats, and further emboldening enemies of India to exploit their vulnerabilities. India witnessed over 18 million cyber-attacks and threats, at an average of nearly 200,000 threats every day, in the first three months of 2022, according to US-based cyber security firm, Norton. The company states in its Cyber Safety Pulse Report that the quarter spotted nearly 60,000 phishing attempts through this quarter, as well as over 30,000 tech support scams in this time.
Norton noted that deepfakes and cryptocurrency-related scams were among the most prevalent around the world, during this quarter. Attackers even combined multiple tactics to use deepfakes in creating propaganda linked to the ongoing Russia-Ukraine crisis–and use this trap to call for donations in crypto tokens to wallets.
On 12 October 2020, Mumbai, the country’s financial capital, was hit by a massive power outage. Train services were cancelled, water supply was affected and hospitals had to rely on generators. Commercial establishments in Mumbai, Thane and Navi Mumbai struggled to keep their operations running until the crisis was resolved two hours later.
Cybersecurity experts suspected the hand of China’s People’s Liberation Army (PLA), which was engaged in a major standoff with the Indian Army in Ladakh. The needle of suspicion pointed towards 14 Trojan horses, a kind of malware which might have been introduced into the Maharashtra State Electricity Transmission Company servers. Malware in the AI era will be able to mutate into thousands of different forms once it is lodged on a computer system. Such mutating polymorphic malware already accounts for more than 90% of malicious executable files. Norton also stated that crypto scams are also expected to rise this year, amounting to over USD 29 million lost last year in just Bitcoin breaches. Through Q1 2022, Norton noted over 1 billion cyber threats around the world, at an average of over 11 million attacks every day. Phishing attacks amounted to approximately 16 million threats around the world in this quarter.
AI systems will extend the range and reach of enemies into India just as terrorism brought threats closer to home. The most dangerous face of AI is its ability to act with micro-precision at a macro-scale. It will be more effective and swifter. AI will lead to the further enhancement of cyber-attacks and digital disinformation campaigns. More than 11.5 lakh incidents of cyber-attacks were tracked and reported to India’s Computer Emergency Response Team (CERT-In) in 2021. According to official estimates, ransomware attacks have increased by 120 per cent in India. Power companies, oil and gas majors, telecom vendors, restaurant chains and even diagnostic labs have been victims of cyberattacks.
There is no doubt that enemies of India will be using machine learning, planning, and optimization to create systems to manipulate citizens’ beliefs and behaviour in undetectable ways is a gathering storm. Most concerning is the prospect that enemies will use AI to create weapons of mass influence to use as leverage during future conflicts, in which every citizen and organization becomes a potential target.
The magnitude, precision and persistence of the enemy’s misinformation operations will increase with AI-related technologies. We must be alert to the fact that AI can produce original text-based content and manipulate images, audio and video. AI can also construct profiles of individual preferences, behaviours and beliefs to target specific audience with specific messages. Through AI, enemies of India will be able to send a million unique and individualised messages—configured on the basis of detailed understanding of a targeted individual digital lives, emotional states and social networks.
The expanding application of existing AI cyber capabilities will make cyber-attacks more precise and tailored, further accelerate and automate cyber warfare, enable stealthier and more persistent cyberweapons, and make cyber campaigns more effective on a larger scale.
A recent Deloitte study stated India will have 1 billion smartphone users by 2026. The country was home to 1.2 billion mobile subscribers in 2021, of which about 750 million were smartphone users. As on January 2021, India had 448 million social media users. A cyber threat report by Sectrio, the cyber security division of IT services firm Subex, shows that in 2021, India not only faced attacks on its critical infrastructure and digital financial systems but also on its numerous small businesses.
India is facing increased cyber-attacks because of the extensive use of stolen AI-based tools that are helping create malware that are highly stealthy and adaptive, the large presence of legacy unpatched systems, the growing availability of connectivity and bandwidth, the rapid expansion of digital threat surfaces, ever increasing volume of digital transactions in the country, regional geopolitical tensions, growing penetration of financial services and the expanding footprint of APT (advanced persistent threat) groups such as TA406 and APT29.
Owing to growing cyber-attacks India will need to develop and apply an adversarial Machine Learning threat framework to address how key AI systems could be attacked and should be defended. The government requires an analytical framework that can help to categorize threats to government AI systems and assist analysts with detecting, responding to, and remediating threats and vulnerabilities.