Data gathered by CloudSEK’s contextual AI digital risk platform XVigil show that the number of attacks targeting the government sector has increased by 95% in the second half of 2022, as compared to the same period in 2021.
India, USA, Indonesia, and China continued to be the most targeted countries in the past two years. Together these four countries accounted for ~40% of the total reported incidents in the government sector. There are three interesting findings observed in the variations in the number of attacks from 2021 to 2022.
In 2022, attacks on the Indian government intensified to the point where it became the country that was most frequently targeted in this sector. This expansion is the result of the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous hacktivist groups joined and supported these campaigns, which laid the path for subsequent ones. However, this increase has other causes besides the growing hacktivism. Government agencies in India have become popular targets for extensive phishing campaigns.
Motives & Factors Behind Attacks
The primary motive of most of the threat actors is exfiltrating data and selling it for monetary benefits, yet it is not the only reason they target governments. This change is clearly evident from the emergence of various APT groups and hacktivist campaigns over the last decade.
The year 2022 saw a significant increase in hacktivist activity accounting for about 9% of the recorded incidents reported in the government sector. These statistics are clearly suggestive of the fact that cyberattacks in this particular industry are no longer limited to financial gains; rather, they are now used as a means of expressing support or opposition for a certain political, religious, or even economic goal.
Ransomware groups were also very active in this industry accounting for 6% of the total incidents reported, with LockBIT as the most prominent ransomware operator.
While a majority of attacks were essentially on the same old theme, focused on compromised data and access, there were also a few attacks conducted to help highlight the various flaws in the country’s security posture and help improve it. A series of such attacks was observed against Indonesia. The ratio of government-sponsored attacks has also multiplied; however, there is no exact figure for this increase since these attacks are mostly untraceable. This growth can be primarily attributed to the advent of RaaS models. Threat actors have started developing and advertising services of dedicated criminal infrastructure which can be bought by the government (or individuals) and used for various nefarious purposes.