Phishing attacks are not uncommon in this digital era, especially since the COVID-19 pandemic broke and reliance on online services grew multifold. Taking advantage of this trend, hackers bolstered their efforts in cybercrimes to the extent that there were no limitations on choosing their victims. If the recent phishing attacks were any indications, hackers even targeted various central ministry officials and even had success with it.
Indian Express has reported that several employees of various central ministries were targeted by phishing attacks using government domain email addresses, including gov.in and nic.in. The report claims that these attacks are getting more targeted and sophisticated as examples of such emails go on to portray the extent of tailored clickbait attacks.
Clickbaiting phishing emails
Anisha Dutta reported that the latest round of cyberattacks was launched this month, shortly after the tragic death of CDS Bipin Rawat, his wife Madhulika Rawat and 11 others in an IAF chopper crash near Coonoor in TN. One phishing email reviewed by IE carried a click-bait subject line that read: "Internal report: Gen Bipin Rawat's incident-inside job." This email was sent to various employees of a ministry department through malicious nic.in domain name. The email carried a link, prompting the recipients to click in order to access the said "internal report."
Another email, also reviewed by Indian Express, was sent to central government employees in October, a month after PM Narendra Modi's US visit. The email was sent using a compromised gov.in email ID, making the recipients fall for it. The subject of the email: "Viral video PM Narendra Modi slapped in USA Visit" was designed to target recipients to click on a malicious link.
Seeing this uptick in malicious emails, the NIC unit of the ministry sent out an advisory to all employees, alerting them about five compromised email IDs and asked them to refrain from clicking on any links. It was revealed that the ministry discovered the breaches sometime last year and have since been fixed. But there's no way of knowing for sure, a senior ministry official noted.
"The control of a server and mailing capacities went beyond our control sometime last year for a short time but was brought back immediately. It is impossible to gauge if it has been completely fixed. To control all such compromised emails, we will have to do a forensic audit which will require the server to be restarted. A clean slate will take no activities for one week, which is not possible," an official was quoted as saying by Indian Express.
NIC taking cognisance
Hackers have been at it since February this year, when it was first reported that a number of senior government officials were targeted in a phishing campaign using compromised domain IDs. The officials were sent emails with documents, which if clicked, would install a malware on the system to grant backdoor access for spying. Using purported invitation for a dinner to prompting to log in on a mirrored government website, hackers would use such methods to gain access to sensitive information and files.
The National Informatics Centre (NIC) provides government officials with email addresses with two domain names and there's a multi-layer verification system, including approvals from NIC authorities and the ministries they work for, to get an nic.in or gov.in email ID. In wake of these attacks, the NIC is planning to introduce multi-factor authentication for at least 3 lakh officials.