G20 Summit website faced massive DDoS attack with 16 lakh bot hits per minute, reveals I4C CEO
Cyberattacks on the Government of India's G20 Summit website in September 2023 peaked at 16 lakh bot attacks per minute during the conference, constituting a DDoS attack attempt, according to I4C CEO Rajesh Kumar.
In September 2023, the dedicated website created by the Government of India for the G20 Summit faced a severe threat from cyber attackers aiming to disrupt the proceedings through a Distributed Denial of Service (DDoS) attack. The Indian Cybercrime Coordination Centre (I4C) CEO, Rajesh Kumar, has revealed that the website experienced a peak of 16 lakh bot attacks per minute during the summit, which was held at the Bharat Mandapam in New Delhi between 9-10 September last year. Despite the challenges, key government agencies, including the National Informatics Centre and the Computer Emergency Response Team, successfully thwarted the attack, showcasing India's commitment to cybersecurity and resilience in the face of evolving threats.
A DDoS attack is a malicious attempt to overwhelm a network or website by flooding it with an excessive amount of traffic, rendering it incapable of handling legitimate user requests. In this case, the attackers initiated their efforts months before the G20 Summit, targeting the dedicated website established for the event. The assailants' objective was clear – to disrupt the website's functionality during the summit, potentially causing chaos and undermining the conference's digital infrastructure.
The cyber onslaught commenced as soon as the G20 Summit website went live, with the attackers employing a variety of tactics to compromise its security. The attacks reached their zenith during the summit, with a staggering 16 lakh bot attacks per minute being recorded. The assailants engaged in relentless pinging, overwhelming the website and causing it to temporarily go offline.
"The attacks started the moment the website went up months ahead (of the summit). They peaked during the summit. The attackers were trying to do a DDoS attack on the day of the summit. There was a lot of pinging so the website went down," Rajesh Kumar told TOI.
Despite the intensity of the DDoS attack, the National Informatics Centre and the Computer Emergency Response Team, along with other cybersecurity agencies, acted swiftly to secure the G20 Summit website. Rajesh Kumar added, "When you do a DDoS attack, the attacker creates bots and they act on the attackers' behalf. They send multiple requests that the system can't handle."
The I4C CEO further noted that the agencies treated the DDoS attack involving 16 lakh bots as a singular security incident, underlining the complexity and scale of the threat they successfully neutralized.
The cyber onslaught on the G20 Summit website serves as a stark reminder of the evolving nature of cyber threats faced by governments and organizations worldwide. The incident highlights the need for continuous improvement and innovation in cybersecurity measures to stay ahead of malicious actors. Government agencies must collaborate, share intelligence, and invest in cutting-edge technologies to fortify digital infrastructure against emerging cyber threats.