Government officials are under threat of a phishing campaign as ids of official government domains such as @nic.in and @gov.in fell into the wrong hands. However, these government domains were not breached directly; the hackers got to the IDs of these domains through separate data breaches at Air India, Big Basket, and Dominos. These data breaches in turn gave the hackers access to a list of hundreds of Union government email IDs and passwords.
The government sent out a warning to all officials using the government domains to check for data leakages and email compromises. But days after the warning went out, the actual phishing campaign began, in the form of malicious web links sent to several government officials through WhatsApp and SMS. The link was: https://covid19india.in which took the officials to a spoofed page which used the domain @gov.in. The page requested the officials to generate a digital certificate of Covid-19 vaccination.
But before the so-called certificate could be generated, the fraudulent website requested the officials to fill out their email and password.
Cyber security researchers looking into the case further explained how the hackers had spoofed the highly rare domains of @gov.in and @nic.in to make the victim government officials trust in the authenticity of the page.
Why were these government domains breached?
The domains @gov.in and @nic.in are not dished out just about anybody. They are reserved just for the highest-level government officials who become eligible for it only because of their standing and position in the government.
It is obvious that the domain breach was planned in two stages. The first stage was the cyber attack on popular organizations like Air India, Big Basket, and Dominos. Whether this was a lucky guess or whether some research went into it on the hackers’ part, we may never know. But the fact of the matter is that the data breaches at these organizations leaked a large volume of customer email IDs and passwords, including among them the credentials of some top-level government officials.
Around Mid-May, Air India informed passengers that the tech company which handled its passenger service system had been subject to an attack, putting around 45 lakh data points maintained by the system at risk.
Similar attacks were also reported at the same time on other organizations like Big Basket and Dominos. When the companies took stock of the damage done, it was realized that a lot of the data lost contained sensitive details of @nic.in and @gov.in domains. These were sure to be misused for further attacks on the government.
Proactively, the government issued rapid warnings and alerts. It explicitly declared that emails coming from @gov.in and @nic.in domains, asking the receivers to click on a link or download an attachment, should be treated with suspicion. Just because the domains sound and look official and authentic, users should not panic or get excited and engage with the emails.
The government also advised users to change their passwords and emails associated with organizations like Air India, Big Basket, Dominos etc.
Another interesting thing that happened after these attacks is the realization by governmental agencies that these times call for strict and urgent security training and data security awareness.
That’s high-level governmental stuff… why should I bother?
The most worrying thing for the government after this series of attacks was the leakage of data of @nic.in and @gov.in domains. However, what was forgotten in the heat of governmental attacks was the fact that the entire database of the target organizations was hacked, including the data of citizens as well.
Also note how the data breach at one company caused a government domain breach for another entity altogether. Any business today collects at least some data of its user, be it for digital outreach initiatives, user personalization, or for lead conversion. If the data at your organization is lost, it can set off a chain reaction that affects your partners, your associate companies, and of course, your system users. This will lead to obvious loss of customer trust, a drop in the business, and issues with your business regulatory compliance.
Keep your data safe by keeping cyber threats at bay.
Most cyber attacks are perpetrated through emails, making it highly necessary for organizations for protect their email gateways. Logix Cloud Email ATP uses intelligent scanning and threat protection to ward off most major email threats.
Coupled with DMARC Monitor, your domain will become immune to domain spoofing and phishing attempts.
Of course, there are other ways for a hacker to infiltrate a system, and they may already be misusing your website to serve malware to its visitors. It’s essential to know the security posture of your website to monitor your web application health. Our Web Security Assessment services will help you with that.
Total online security is one of the wisest investments you can make for your business, for ensuring the safety of your customers and also your own data. What’s stopping you from taking the first step?
More security resources and articles on our blog.