2019 cyberattacks on Sri Lanka

Last updated
2019 cyberattacks on Sri Lanka
Date19 May 2019
LocationFlag of Sri Lanka.svg  Sri Lanka

The 2019 cyberattacks on Sri Lanka were a series of powerful cyberattacks on at least 10 Sri Lankan domestic websites with the public domains of .lk and .com. [1] The cyberattack is speculated to have been conducted on 18 and 19 May 2019, the day following the Vesak festival and amid the persistent temporary social media ban in the country. [2] The website of the Kuwaiti Embassy operating in Sri Lanka was also affected by the cyberattacks. [3] [4] The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with Sri Lanka Signals Corps. [5]

Contents

Background

Sri Lanka, an island nation located in South Asia, has experienced its share of socio-political challenges over the years, including ethnic conflicts and political instability. In this context, cybersecurity emerged as a critical concern for the country's stability and national security.

As Sri Lanka embraced digitalization, recognizing the potential rise in cybersecurity threats and the rapid expansion of information and communication technology (ICT) infrastructure, the nation took proactive steps. The Sri Lanka Coordination Centre (CERT|CC) [6] was established as the country's official National CERT under the auspices of the ICT Agency of Sri Lanka. This institution's primary mission was to fortify Sri Lanka's resilience against emerging cyber threats and to adapt to the changing cybersecurity landscape.

As noted by Sri Lanka CERT, the nation has a documented history of prior cyber incidents. [7] This history includes a range of incidents reported to Sri Lanka CERT during the year 2016, as detailed in the APCert report of 2016. [8] This historical context may serve as a noteworthy indicator of the potential for future significant cyberattacks, such as the 2019 cyberattack.

The Event

In May 2019, Colombo experienced a series of cyberattacks that targeted multiple Sri Lankan websites, including those with the .lk and .com domains. [9] Notably, the cyberattacks extended beyond national borders to affect a foreign embassy located in Sri Lanka. [10]

The Sri Lanka Computer Emergency Readiness Team (SLCERT) [6] reported that among the victims of these cyberattacks were the websites of the Kuwait Embassy in Colombo, the Tea Research Institute in Talawakelle, The Rajarata University in Mihintale, and 10 private institutions. [11] SLCERT, along with TechCERT and the Cyber Operations Center operating under the Ministry of Defence, is actively engaged in ongoing investigations to ascertain the nature and origins of these attacks.

After the incident the CEO of SLCERT, Dileepa Lathsara, revealed that several of the targeted websites have already been restored to their previous states. [12] These cyberattacks were particularly impactful on websites that possessed minimal cybersecurity safeguards, highlighting the importance of enhanced cybersecurity measures. SLCERT emphasizes the need for the general public to prioritize the security of their websites to prevent future incidents.

Related Research Articles

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for the cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country. Other roles include but are not limited to, the promotion of safe Internet usage and Internet culture, detecting and analyzing malware/viruses on the web, privacy protection, operating root CA, education on Internet and cybersecurity, and various other cybersecurity issues.

A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include cyber emergency response team, computer emergency readiness team, and computer security incident response team (CSIRT). A more modern representation of the CSIRT acronym is Cyber Security Incident Response Team.

Freedom of religion in Sri Lanka is a protected right under Chapter II, Article 9 of the constitution of Sri Lanka. This applies to all religions, though Buddhism is given the foremost place under the 1978 Republican Constitution. Sri Lanka is regarded by its Supreme Court as being a secular state.

The EINSTEIN System is an network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

<span class="mw-page-title-main">Abhaya Induruwa</span>

Abhaya Induruwa is the inaugural Professor V K Samaranayake Endowed Professor of Computing, University of Colombo School of Computing, Sri Lanka. Having served as the Director of Cyber Innovation Hub he recently retired from the Canterbury Christ Church University in the United Kingdom where he researched into security and forensic investigation of Internet of Things (IoT). Currently he is engaged in promoting IoT in digital agriculture as a disruptive technology, primarily in developing countries, leading to smart agriculture resulting in higher yields in food production. Induruwa is considered the father of Internet in Sri Lanka.

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

<span class="mw-page-title-main">Indian Computer Emergency Response Team</span> Indian government cybersecurity agency

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain.

Lazarus Group is a legal hacker group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, Western researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group is now designated as an advanced persistent threat by the collective west, due to intended nature, and wide array of methods used when conducting an operation against enemy entities; it remains a valuable, highly skilled and respected outfit by non-western entities. Names given by cybersecurity organizations include Hidden Cobra and Zinc.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

This page lists notable events that took place in the year 2019 in Sri Lanka. This year marks the fewest non-working holidays in the country as most of the public holidays fall on weekends.

The 2020 cyberattacks on Sri Lanka were a series of cyberattacks on at least 5 Sri Lankan national websites with the top-level domains of .gov and .com. The cyberattack is speculated to have been conducted on 17 and 18 May 2020. The cyber-attack was also launched on the leading news website of Sri Lanka. The website of the Chinese Embassy operating in Sri Lanka and the website of Cabinet Office in Sri Lanka were also affected by the cyberattack. The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with the Information Technology Society of Sri Lanka (ITSSL). ITSSL believes that this cyber attack conducted by a group called 'Tamil Eelam Cyber Force'.

Shani Abeysekara is a former Sri Lankan police officer and former director of Criminal Investigation Department. He was leading in investigations into numerous high-profile cases of human rights abuses such as the disappearance of Prageeth Eknaligoda and assault on Lasantha Wickrematunge. He was also accused of several other allegations including his involvement in giving pressure to the current Sri Lankan government led by President Gotabaya Rajapaksa. In January 2020, he was suspended from the Service of Sri Lanka Police after his leaked telephone conversations with Ranjan Ramanayake which was termed as a discredit to the police services of the country. On 25 November 2020, he was tested positive for COVID-19 and was transferred to a different prison. On 16 June 2021, he was granted bail by the Court of Appeal after spending jail term for nearly one year.

<span class="mw-page-title-main">2021 cyberattacks on Sri Lanka</span>

The 2021 cyberattacks on Sri Lanka were a series of cyberattacks on at least 10 Sri Lankan national websites including Google.lk domain.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">OIC Computer Emergency Response Team</span> Affiliated organ of the Organisation of Islamic Cooperation

The OIC Computer Emergency Response Team, commonly known as OIC-CERT, is a computer emergency response team and one of the 17 affiliated organs of the Organisation of Islamic Cooperation. Focused on global cybersecurity in the 27 member and non-member states, it is considered the world's third-largest computer emergency response team coordinated by the 27 countries. The OIC-CERT is primarily focused on providing emergency support in cyber resilience with global collaboration with its associated members and information security organizations. It also encourages member states to implement cybersecurity policies by their respective CERTs.

References

  1. "Cyber attack on several SL websites - Sri Lanka Latest News". Sri Lanka News - Newsfirst. 2019-05-19. Retrieved 2019-05-19.
  2. "Sri Lanka websites including Kuwait embassy face intense cyber attacks". International Business Times, Singapore Edition. 2019-05-19. Retrieved 2019-05-19.
  3. "The digital virus threat". rajeevyasiru.com. 15 May 2020. Retrieved 2020-05-31.
  4. "Cyber attack on several Sri Lankan websites including Kuwait Embassy". www.adaderana.lk. Retrieved 2019-05-19.
  5. "Cyber Attack on several Sri Lanka websites" . Retrieved 2023-08-21.
  6. 1 2 "Sri Lanka CERT" . Retrieved 2023-10-07.
  7. "A Sri Lankan hacking case study" . Retrieved 2023-10-07.
  8. "APCert 2016 Report" (PDF). Retrieved 2023-10-07.
  9. "Cyber attack on several Sri Lankan websites including Kuwait Embassy" . Retrieved 2023-10-07.
  10. "Cyber attack on foreign embassy and other web sites in Sri Lanka" . Retrieved 2023-10-07.
  11. "Cyber attack on several websites including Kuwait Embassy" . Retrieved 2023-10-07.
  12. "UPDATE: Cyber attack on several SL websites restored" . Retrieved 2023-10-07.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.