Indian oil companies faced 3.6 lakh cyberattacks in six months, a study conducted by CyberPeace Foundation, a civil society organisation, along with Autobot Infosec and CyberPeace Center of Excellence, has found.
One of the most noticeable and recent among these attacks, detected between October 2021 and April 12, 2022, was on Oil India Limited's (OIL) Assam headquarters.
The government-owned oil and gas extraction company reported the breach earlier this week. It also found a ransom note on one of the infected computers, demanding $7,500,000 (approximately Rs. 57 crore).
The study was part of the eKawach program of CyberPeace Foundation to implement a comprehensive threat intelligence network that could analyse and capture data on internet traffic, in real time.
Autobot Infosec is a cybersecurity consultancy, while CyberPeace Center of Excellence is a community-driven think tank.
Deploying the "simulated network" would allow them to collect data on, "attack patterns, different types of attack vectors" and gather useful information from the "recent malicious activities", CyberPeace Foundation spokesperson said in a statement to the press.
The number of reported attacks grew to a staggering 3.6 lakhs within just six months. From the observed activity, October 2021 had 11,763 hits, in November, it climbed to 55,871, while December was relatively calmer at 20,714. January 2022 the breaches hit 52,598.
In February, 19,342 hits were recorded and they more than tripled in March to 69,998. April, too, could also accumulate big numbers as 23,833 hits had been reported by April 12.
The study said the threat actors mostly used FTP, HTTP, s7comm, Modbus, SNMP and BACnet as the attack vectors.WhatsApp messages that lured people with a fake offer from Indian Oil. The team found that the "offer" was hosted on a third-party server, different from the official domains.