India sees massive rise in cybercrimes rise post Demonetisation

As speculated by many cyber-security experts, there has been a huge rise in cybercrime incidents in India post demonetization scheme.

A joint study of ASSOCHAM-PwC reported that there were 39, 730 incidents of cybercrime in the 10 months of 2016. Also, 3.2 million debit cards were compromised during this period across the country when an ATM card hack hit the Indian banks. The incidents were reported till October by Indian Computer Emergency Response Team (CERT-In) as part of a study titled ‘Securing the cashless economy’.

Highlighting the role of application programming interfaces (APIs), the study pointed risk of malware injection through such APIs, it is therefore critical to ensure security of APIs.

As many people were forced to use plastic money and mobile wallets for payments, the hackers saw this as an opportunity and targeted many users. The study noted that there was a growth of upwards 100% in mobile wallet app downloads and 400% increase in wallet recharges.

The smartphone revolution has led to the emergence of e-commerce, m-commerce and other services, including app-based cab aggregators, who encourage digital payments for use of various services.

Cyber crime cops also said that after December 12, cyber fraud cases have witnessed a steady increase. "Now we are getting at least four cases of credit or debit card theft every week. Apart from these cases, we are also getting One-Time Password (OTP) frauds as well," said Raghuveer, ACP, cyber crime cell.

The cyber cops warned that cyber security incidents like phishing, scanning, website intrusions and defacements, virus code and denial of service attacks will continue to grow.

Even cyber security companies like Kaspersky Labs has also noted that there has been a spurt in various programs and games, which have a modified virus strain or Trojan aimed at stealing credentials from more than 2,000 Android financial applications across 27 countries, including India.
ASSOCHAM also reported that the number of mobile frauds is expected to grow by 65 % by 2017. Credit and debit card fraud cases have topped the charts of cyber crime and increased six times during the last three years.

The body observed that the data-encryption capability is unusual in most mobile ransom ware, as it focuses on blocking the device rather than the data, backed-up to the cloud. During the initial infection process, the Trojan demands administrator rights, permission to overlay other apps or to be a default SMS application - often leaving users with little or no choice but to comply. Among other things, these rights enable Faketoken to steal data, both directly, by contacts and files, and indirectly through phishing pages.

Earlier cyber threats in India were not as disruptive as they have become now and their ferocity will increase in future.

Hence, efforts are needed to enhance cyber security as businesses and citizens embrace this new digital wave. More intelligent transaction monitoring, crisis response, recovery strategies, increased digital footprints and security awareness of all the stakeholders will have to be carried out for a secure cashless society.

 Security assessment and testing will need to be embedded into the agile development life cycle. Agile security testing methods based on automation will have to be adopted. In many ways, a paradigm shift is needed in the way security testing is undertaken today.