2019 cyberattacks on Sri Lanka

Last updated
2019 cyberattacks on Sri Lanka
Date19 May 2019
LocationFlag of Sri Lanka.svg  Sri Lanka

The 2019 cyberattacks on Sri Lanka were a series of powerful cyberattacks on at least 10 Sri Lankan domestic websites with the public domains of .lk and .com. [1] The cyberattack is speculated to have been conducted on 18 and 19 May 2019, the day following the Vesak festival and amid the persistent temporary social media ban in the country. [2] The website of the Kuwaiti Embassy operating in Sri Lanka was also affected by the cyberattacks. [3] [4] The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with Sri Lanka Signals Corps. [5]

Contents

Background

Sri Lanka, an island nation located in South Asia, has experienced its share of socio-political challenges over the years, including ethnic conflicts and political instability. In this context, cybersecurity emerged as a critical concern for the country's stability and national security.

As Sri Lanka embraced digitalization, recognizing the potential rise in cybersecurity threats and the rapid expansion of information and communication technology (ICT) infrastructure, the nation took proactive steps. The Sri Lanka Coordination Centre (CERT|CC) [6] was established as the country's official National CERT under the auspices of the ICT Agency of Sri Lanka. This institution's primary mission was to fortify Sri Lanka's resilience against emerging cyber threats and to adapt to the changing cybersecurity landscape.

As noted by Sri Lanka CERT, the nation has a documented history of prior cyber incidents. [7] This history includes a range of incidents reported to Sri Lanka CERT during the year 2016, as detailed in the APCert report of 2016. [8] This historical context may serve as a noteworthy indicator of the potential for future significant cyberattacks, such as the 2019 cyberattack.

The Event

In May 2019, Colombo experienced a series of cyberattacks that targeted multiple Sri Lankan websites, including those with the .lk and .com domains. [9] Notably, the cyberattacks extended beyond national borders to affect a foreign embassy located in Sri Lanka. [10]

The Sri Lanka Computer Emergency Readiness Team (SLCERT) [6] reported that among the victims of these cyberattacks were the websites of the Kuwait Embassy in Colombo, the Tea Research Institute in Talawakelle, The Rajarata University in Mihintale, and 10 private institutions. [11] The attacks were primarily website defacements, where attackers altered the content of the websites. SLCERT, along with TechCERT and the Cyber Operations Center operating under the Ministry of Defence, is actively engaged in ongoing investigations to ascertain the nature and origins of these attacks.

After the incident the CEO of SLCERT, Dileepa Lathsara, revealed that several of the targeted websites have already been restored to their previous states. [12] These cyberattacks were particularly impactful on websites that possessed minimal cybersecurity safeguards, highlighting the importance of enhanced cybersecurity measures. SLCERT emphasizes the need for the general public to prioritize the security of their websites to prevent future incidents.

Related Research Articles

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003.

The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for the cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country. Other roles include but are not limited to, the promotion of safe Internet usage and Internet culture, detecting and analyzing malware/viruses on the web, privacy protection, operating root CA, education on Internet and cybersecurity, and various other cybersecurity issues.

Freedom of religion in Sri Lanka is a protected right under Chapter II, Article 9 of the constitution of Sri Lanka. This applies to all religions, though Buddhism is given the foremost place under the 1978 Republican Constitution. Sri Lanka is regarded by its Supreme Court as being a secular state.

The EINSTEIN System is a network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

<span class="mw-page-title-main">Abhaya Induruwa</span>

Abhaya Induruwa is the inaugural Professor V K Samaranayake Endowed Professor of Computing, University of Colombo School of Computing, Sri Lanka. Having served as the Director of Cyber Innovation Hub he recently retired from the Canterbury Christ Church University in the United Kingdom where he researched into security and forensic investigation of Internet of Things (IoT). Currently he is engaged in promoting IoT in digital agriculture as a disruptive technology, primarily in developing countries, leading to smart agriculture resulting in higher yields in food production. Induruwa is considered the father of Internet in Sri Lanka.

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

This page lists notable events that took place in the year 2019 in Sri Lanka. The year 2019 had the fewest non-working holidays in the country as most of the public holidays fell on weekends.

AusCERT is a non-profit organisation founded in 1993 that provides advice, education and solutions to cybersecurity threats and vulnerabilities.

The 2020 cyberattacks on Sri Lanka were a series of cyberattacks on at least 5 Sri Lankan national websites with the top-level domains of .gov and .com. The cyberattack is speculated to have been conducted on 17 and 18 May 2020. The cyber-attack was also launched on the leading news website of Sri Lanka. The website of the Chinese Embassy operating in Sri Lanka and the website of Cabinet Office in Sri Lanka were also affected by the cyberattack. The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with the Information Technology Society of Sri Lanka (ITSSL). ITSSL believes that this cyber attack conducted by a group called 'Tamil Eelam Cyber Force'.

<span class="mw-page-title-main">2021 cyberattacks on Sri Lanka</span>

The 2021 cyberattacks on Sri Lanka were a series of cyberattacks on at least 10 Sri Lankan national websites including Google.lk domain.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">OIC Computer Emergency Response Team</span> Affiliated organ of the Organisation of Islamic Cooperation

The OIC Computer Emergency Response Team, commonly known as OIC-CERT, is a computer emergency response team and one of the 17 affiliated organs of the Organisation of Islamic Cooperation. Focused on global cybersecurity in the 27 member and non-member states, it is considered the world's third-largest computer emergency response team coordinated by the 27 countries. The OIC-CERT is primarily focused on providing emergency support in cyber resilience with global collaboration with its associated members and information security organizations. It also encourages member states to implement cybersecurity policies by their respective CERTs.

Brunei Computer Emergency Response Team, commonly known as BruCERT, is a computer emergency response team and national cybersecurity organization of Brunei Darussalam. Affiliated with the OIC Computer Emergency Response Team, the Asia Pacific CERT (APCERT), Forum of Incident Response and Security Teams (FIRST) and other international organizations in the information technology sector, it is tasked with preventing, analysing, and maintaining cybersecurity in addition to serving as a national research centre for IT infrastructure in the country.

Group-IB is a privately held cybersecurity company, established in 2003 and headquartered in Singapore. The company creates cybersecurity technologies to investigate, prevent, and fight cybercrime.

References

  1. "Cyber attack on several SL websites - Sri Lanka Latest News". Sri Lanka News - Newsfirst. 2019-05-19. Retrieved 2019-05-19.
  2. "Sri Lanka websites including Kuwait embassy face intense cyber attacks". International Business Times, Singapore Edition. 2019-05-19. Retrieved 2019-05-19.
  3. "The digital virus threat". rajeevyasiru.com. 15 May 2020. Retrieved 2020-05-31.
  4. "Cyber attack on several Sri Lankan websites including Kuwait Embassy". www.adaderana.lk. Retrieved 2019-05-19.
  5. "Cyber Attack on several Sri Lanka websites" . Retrieved 2023-08-21.
  6. 1 2 "Sri Lanka CERT" . Retrieved 2023-10-07.
  7. "A Sri Lankan hacking case study" . Retrieved 2023-10-07.
  8. "APCert 2016 Report" (PDF). Retrieved 2023-10-07.
  9. "Cyber attack on several Sri Lankan websites including Kuwait Embassy" . Retrieved 2023-10-07.
  10. "Cyber attack on foreign embassy and other web sites in Sri Lanka" . Retrieved 2023-10-07.
  11. "Cyber attack on several websites including Kuwait Embassy" . Retrieved 2023-10-07.
  12. "UPDATE: Cyber attack on several SL websites restored" . Retrieved 2023-10-07.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.