Cyber Attacks in Cashless India – Ransomware just the start

Cyber Attacks in Cashless India – Ransomware just the start

Cyber Attacks in Cashless India – Ransomware just the start

Image Source

In November last year India went through a demonetization drive when the government banned the Rupees 500 and 1000 notes. It caused a lot of near term pain with some serious liquidity crisis in a primarily cash driven economy. However, sanity returned in a few months with various private and public sector initiatives driving the move to a cashless economy. But the lack of governance and awareness on cyber has left the consumers and banks exposed to large scale cyber attacks. The recent ransomware attacks were very successful in India, and that feels like just the start.

Wannacry Ransomware attacks were reported across about 48000 computers in India with 60% of targeted victims being institutions and 40% being consumers. On investigation, it was revealed that the weak link that allowed many of the attacks was Windows XP and unpatched Windows operating systems used by institutions. However, about 70% of the country’s ATMs run on these operating systems and largely remain unpatched, hence posing a huge risk to consumer banking credentials.

During the attacks, Cyber Peace Foundation (CPF), which is running a research project monitoring cyber attacks, saw nearly a 56-fold increase in breach attempts at sensors installed across eight states in the country. Computer Emergency Response Team (CERT-In) asked the Reserve Bank of India (RBI), stock exchanges, the National Payments Corporation of India (NPCI) and other vital institutions to safeguard their systems against the ransomware.

Just a few weeks after the demonetization announcement, Prime Minister Mr.Narendra Modi announced the BHarat Interface for Money (BHIM) mobile application, which was downloaded 17 Million times within two months of launch. PayTM, India’s leading mobile payments service crossed the 200 Million users mark earlier this year, and have most recently launched PayTM bank with about $1.4 Billion raised from Softbank valuing the firm at $7 Billion. The “Jan Dhan Yojna” scheme successfully brought about 200 Million unbanked consumers into banking. Post demonetization, bitcoin has started to be more widely used.

This is all great news, but it feels like the country is doing it all too fast, without the right governance, and more importantly consumer awareness on cyber risks. Over the last few years, India has consistently been identified as one of the most vulnerable countries to cyber attacks as the digital infrastructure was growing at a crazy pace without the necessary controls in place. The country has about 300 Million internet users of which about 150 Million are only using mobile internet. However many of these phones use vulnerable operating systems and are easily hacked.

One of the common modes of cyber attacks in the country happens through malicious applications on smart phones. This occurs when users download mobile applications that come with some online offers, and allow access levels to the applications that in turn allow the hacker to ask the users’ contacts to make payments using mobile wallets. With a booming e-commerce industry projected to reach $64 Billion by 2021, banks and payments providers lack the capability to keep Cyber attackers at bay.

Challenges in handling cyber attacks are different depending on if the victim was a bank/firm or a consumer. The problem with banks is the secrecy they maintain about cyber attacks on their systems. A few months ago, data of about 3.2 million debit cards was lost in what is claimed to the India’s biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were all hit by the breach of debit cards. RBI has hence mandated banks to reveal any cyber attacks that banks have had to suffer. Cyber attacks cost Indian businesses about $4 Billion every year as per latest estimates.

Banks in India have also managed to set up shadow or decoy systems which resemble the actual systems and have developed honey pots to trap such hack attempts. However, they still lag behind their western counterparts in sophisticated techniques and forensics needed to counter cyber attacks.

Still, banks are much more prepared to handle cyber attacks than consumers who are easily manipulated. This is primarily because consumers lack awareness of cyber attacks and social engineering techniques by the hackers are getting more and more sophisticated. There are measures from the government (unlike old times) to bring awareness to people on Cyber risks. 90% of the consumers are unaware that the government runs a 24X7 TV channel “Digi-Shala” that focuses on digital payments.

When Demonetization was announced, the Modi supporter in me felt super thrilled about the possibilities as the economy accelerated towards a cashless state. Even the near term pains faced by the common man felt justified in some ways, but it feels like India is ill-prepared to take on cyber risks inspite of efforts from the government and central bank. Watch this space.

His Excellency Mr. Ranil Wickremesinghe, Prime Minister of Sri Lanka, Ministers from India and abroad, Secretary General of ITU, Other distinguished dignitaries, Delegates from over 120 countries Students, Ladies and Gentlemen.

I welcome you to New Delhi, for the Global Conference on Cyber Space. I also welcome all those who are joining this event remotely from across the world, over the internet.


We all know how cyberspace has transformed the world over the last few decades. The senior generation among the gathering here, would recall the bulky mainframe computer systems of the seventies and eighties. A lot has changed since then. Email and personal computers brought about a new revolution in the nineties. This was followed by the advent of social media, and the mobile phone as an important vehicle of data storage and communication. Expressions such as the Internet of Things, and Artificial Intelligence, have now become commonplace. These indicate that change continues, perhaps at an even faster pace now.

These rapid developments in the digital domain have mirrored immense change in India as well. Indian IT talent has been recognized worldwide. Indian IT companies have made a name for themselves globally.

Today, digital technology has emerged as a great enabler. It has paved the way for efficient service delivery and governance. It is improving access, in domains from education to health. And it is helping to shape the future of business and economy. Through each of these ways, it provides the less privileged sections of society, a more level playing field. On a macro-scale, it has contributed to emergence of a flat world, where a developing nation like India can compete on a level footing with developed nations.


Technology breaks barriers. We believe it validates the Indian philosophy of “Vasudhaiva Kutumbakam” – the world is one family. This expression reflects our ancient, inclusive traditions. Through technology, we are able to give meaning to this expression, and indeed to the best of democratic values.

We in India, give primacy to the human face of technology, and are using it to improve what I call, “ease of living.” Empowerment through digital access, is an objective that the Government of India is especially committed to. “Digital India” is the world’s largest, technology-led transformative programme which is paving the way for our citizens to avail digital services. We are using mobile power or M-power to empower our citizens.

I am sure most of you are already aware of Aadhaar, which is the unique biometric identity of a person. We have used this identity to liberate our people from queues and cumbersome processes. Three factors: first, financial inclusion through our Jan-Dhan bank accounts; second, the Aadhaar platform; and third, the Mobile phone, have greatly helped reduce corruption. We call this the J.A.M. or JAM trinity. Through better targeting of subsidies, the JAM trinity has prevented leakages to the tune of nearly 10 billion dollars so far.

Let me share a few examples of how digital technology is becoming a great facilitator for “ease of living.”

Today, a farmer can access a variety of services, such as soil-testing results, expert advice, and a good price for his produce, at the click of a button. Digital technology is therefore contributing to increased farm incomes.

A small entrepreneur can register on the Government e-Marketplace, and bid competitively for supply of goods to the Government. As he expands his business, he also contributes to lowering the cost of procurement for Government. This leads to increased efficiency, and greater value for public money.

Pensioners no longer need to present themselves in front of a bank officer, to provide proof of life. Today, a pensioner can leverage the Aadhaar biometric platform, to provide this proof with minimal physical effort.

Women form a significant part of the IT workforce. Digital technology has facilitated several new enterprises led by women. In this way the IT sector has contributed towards gender empowerment.

Citizens of India are increasingly adopting cashless transactions. For this, we created the Bharat Interface for Money – or BHIM App. This App is helping the movement towards a less cash and corruption free society.

These examples show the power of technology in improving governance.


We are using the digital domain to facilitate participative governance, or Jan Bhagidari. When we assumed office in May 2014, many people, particularly youngsters expressed a keen desire to share their ideas and work for the nation. It is our firm belief that there are millions of Indians, whose transformative ideas can go a long way in taking India to new heights.

Therefore, we launched the citizen engagement portal, MyGov. This platform enables citizens to share their thoughts and ideas on important issues. In many key policy areas, we received thousands of valuable suggestions. Many logo and emblem designs for various Government initiatives today, are the result of crowd-sourcing, and competitions on MyGov. In fact, even the official app for the Prime Minister’s Office, is the result of a competition floated on MyGov, which received brilliant responses from youngsters. MyGov is a prime example of how technology strengthens democracy.

Let me turn to another example. On assuming office, I realized that important government projects and initiatives often suffer on account of unnecessary silos in government functioning, and the lack of focused decision-making. Therefore, we devised a cyberspace based platform, called PRAGATI or Proactive Governance for Timely Implementation. PRAGATI, in Hindi, literally means progress.

On the last Wednesday of every month, I meet top Union and State government officials for a PRAGATI Session. Technology breaks silos. Sitting in our respective offices, aided by the cyber world, we discuss and resolve important governance issues. I am happy to share with you that the PRAGATI sessions have resulted in faster decision-making, through consensus, in the larger interest of the nation. PRAGATI has put back on track infrastructure projects worth billions of dollars which were stuck in red-tape.

I have even tried something of my own, through the Narendra Modi Mobile App. This App deepens my connect with citizens. The suggestions I get through the App are very useful.

Today, we launched the UMANG Mobile App, which will provide over a hundred citizen-centric services. At the back-end, these services will be catered for by many different departments of the Union and State Governments. This integrated approach will add an automatic layer of “peer performance pressure”, in the working of these departments.


We shall be happy to share our experiences and success stories with the global community. On the other hand, India is keen to find scalable models and innovative solutions in education and health, using digital technology. We also wish to make cyberspace an enabler for the differently-abled. Recently, during a thirty six hour Hackathon, college students suggested solutions to chronic problems that were put forward by Ministries. We look forward to learn from global experiences and best practices. We believe that growth happens only when we all grow together.

Cyberspace remains a key area for innovation. Our startups today, are looking to provide solutions to common everyday problems, and improving the lives of people. I am confident that the global investor community, will recognize the immense potential waiting to be tapped from India’s startup pool. I invite you to invest in this space, and be a part of the unfolding story of Indian startups.


The internet, by nature, is inclusive and not exclusive. It offers equity of access, and equality of opportunity. Today’s discourse is being shaped by Facebookers, Tweeples, and Instagrammers. Social media platforms are making cyberspace participative for all. News that experts tell us from studios, is now supplemented by experiences highlighted on social media. This transition, to a blend of expertise and experience, is the contribution of the cyber world. The internet has become the ideal platform for youngsters to showcase their creativity, capability and capacity – be it an insightful blog, a beautiful musical rendition, artwork, or theatre… the sky is the limit.


The theme of the Conference: “Secure and Inclusive Cyberspace for Sustainable Development” also highlights the importance of securing this vital asset for mankind. The global community needs to approach the issue of cyber-security with confidence, as much as with resolve. Cyberspace technologies must remain an enabler for our people.

The quest for an open and accessible internet often leads to vulnerability. Stories of hacking and defacement of websites are the tip of an iceberg. They suggest that cyber attacks are a significant threat, especially in the democratic world. We need to ensure that vulnerable sections of our society do not fall prey to the evil designs of cyber criminals. Alertness towards cyber-security concerns, should become a way of life.

One of the major focus areas should be the training of well-equipped and capable professionals to counter cyber threats. Cyber-warriors who will remain on the alert against cyber-attacks. The term “hacking” may have acquired an exciting, even if dubious overtone. We need to ensure that cyber protection becomes an attractive and viable career option for the youth.

On a related note, nations must also take responsibility to ensure that the digital space does not become a playground for the dark forces of terrorism and radicalization. Information sharing and coordination among security agencies is essential to counter the ever-changing threat landscape.

Surely, we can walk the fine balance between privacy and openness on one hand, and national security on the other. Together, we can overcome the differences between global and open systems on one hand, and nation-specific legal requirements on the other.


Emerging digital technologies could impact our future in ways that we cannot yet foresee. Important questions of transparency, privacy, trust and security may need to be addressed. Digital technology serves to empower mankind. We must ensure that it continues to stay that way.

The large multi-stakeholder participation at this event, is proof of the global endorsement that this platform has received. Nation states, the industry, academia and civil society, all need to work towards a formal collaborative framework. This will enable a secure cyberspace which improves quality of life.


This conference is perhaps the biggest ever such event in terms of numbers. I am told that all the background and logistics have been handled digitally. I hope delegates from around the world found it a smooth and seamless experience.

I conclude by wishing you fruitful and productive deliberations and outcomes. I once again welcome you, and wish the conference all success.

Thank you.