The number of global internet users has hit a staggering 4.66 billion. When it comes to Pakistan over a third of the country’s 220 million population is online. In terms of internet inclusivity, this number is still very low but is expected to rise sharply in the coming years. Internet connectivity is vital in today’s age but this connectivity and ease has its pitfalls too. Cybersecurity issues have quickly become a day-to-day struggle not just for businesses and individuals but for States as well. In fact, 2020 was one of the worst years for cybersecurity.
Towards the end of 2020, US government officials accused Russian hackers of carrying one of the biggest cyber-raid against the country (a claim rejected by Russia). The highly sophisticated hack targeted federal government networks with the Treasury and Department of Commerce both being affected. The hackers compromised the corporate software management tool called SolarWinds. The software is used by 300,000 companies and agencies, 18,000 of these were compromised during the hack. Customers of SolarWinds include many of America’s Fortune 500 companies, the top US telecommunications providers, all five branches of the US military, the state department, the National Security Agency, and the Office of President of the United States.
2020 was also the year when the first known death from a cyberattack was reported. According to German authorities, a misdirected ransomware attack caused the failure of IT systems at a hospital in the German city of Duesseldorf. As a result, a woman who needed urgent admission died after she had to be taken to another city for treatment. This was not an isolated incident, the healthcare sector was increasingly targeted by cybercriminals in 2020. In October, a wave of ransomware attacks struck multiple hospitals in the US. Attacks against healthcare organizations are lucrative for hackers as it can threaten patient care and create an urgency to pay up.
In July some of the most prominent users of microblogging platform Twitter had their accounts compromised. Accounts of Joe Biden, Barack Obama, Elon Musk, Kanye West, Bill Gates, and Michael Bloomberg, as well as major corporate accounts like that of Apple and Uber, were hijacked to promote a bitcoin scam.
In Pakistan, the country’s intelligence apparatus identified a major cyberattack by Indian intelligence agencies in August. Inter-Services Public Relations (ISPR) said that the attack involved hacking personal mobiles and technical gadgets of government officials and military personnel. The military’s media affairs wing said that subsequently an advisory was sent to all government departments/institutions for identifying lapses and enhancing respective cybersecurity measures.
In another major incent, K-Electric suffered a targeted ransomware attack, resulting in the suspension of billing and online services of the company. The attackers reportedly demanded a $3.8 million ransom. Although the incident was downplayed by the company, it was reported that the stolen data was subsequently dumped on the dark web.
The reported data breach involving the sale of data of 115 million Pakistanis on the dark web also caused quite a stir last year.
According to technology news website ZDnet, the leaked data contained both personally-identifiable and telephony-related information. According to ZDnet’s analysis of the data, the oldest entries in the leaked files were from late 2013, suggesting that hackers either got their hands on an older backup file, or the breach took place in 2013. The vast majority of entries in the leaked files contained mobile phone numbers belonging to Jazz. Federal Investigation Agency (FIA) was then ordered by the Chairman of the Senate Standing Committee on Interior, Senator Rehman Malik to investigate the data breach.
Vehicle for hire and parcel delivery company – Bykea also experienced a data breach in 2020. Hackers managed to infiltrate and delete an entire database of the company. However, the company caught the breach early and avoided any major damage.
Cyberattacks today not just threaten individuals and organizations but a country’s national security and economy. Cybercrimes are predicted to inflict damages totaling $6 trillion USD globally in 2021. Pakistan’s lax cybersecurity regime and weak data protection laws make cybersecurity a major concern. Minister for Science and Technology Chaudhry Fawad Hussain recently hinted that his ministry is considering introducing a strong data protection law to protect citizens’ privacy.
The Minister’s remarks came in response to the new WhatsApp privacy policy that allows the sharing of consumers’ sensitive information.
Digital Rights Activists in Pakistan have been at odds with the government regarding its regulation of cyberspace be it the Prevention of Electronic Crimes Act, 2016 or the more recently introduced new set of social media rules. What is needed considering the growing threat is meaningful consultation with stakeholders to come up with a comprehensive national cybersecurity strategy.
