July 25, 2019
Nepal is a country of unity in diversity blessed with Himalayan beauty. But the rampancy of cybercrimes in the country is somehow overlooked. According to CISCO Global Cyber Security Summit 2018 and Computer Association of Nepal, 800 cybercrimes were detected and reported last year, but only 11 of them were filed in court.
Whether or not these 800 security incidents are just the tip of an iceberg has yet to be fact-checked, but the Information Security Response Team Nepal (NPCERT) reveals that the financial sector, as with many other countries, is the most frequently attacked.
The high volume of cyberattacks on Nepalese networks is indicative of the country’s lax cybersecurity infrastructure amid a rapidly growing Internet population. Since 2000, the number of Internet users in Nepal has climbed 521 times to 18,248,461. As of 2019, nearly half of them access the internet through their mobile devices, according to the MIS Report (13 April-May 15 2019) published by Nepal Telecommunication Authority.
This mobile internet usage pattern brings more security issues compared with fixed-line broadband. With the heavy reliance on smartphones, on which security often comes as an after-thought, by implanting malware into smartphones hackers can exploit the vulnerabilities, steal sensitive user information, and hijack them into botnets. According to Nexusguard’s Q1 2019 Threat Report, over 60 percent of global botnets are formed by infected mobile devices.
(Extracted from the MIS Report (13 April-15 May 2019), Nepal Telecommunication Authority)
Nepal’s high mobile internet usage is somehow reflected by the country’s high ranking in global mobile malware attack statistics, according to a report by Kaspersky. Nepal ranks fourth globally, accounting for about 30 percent of mobile malware attacks captured, suggesting that mobile devices and very soon Internet of Things (IoT) devices will make cybersecurity a major concern to the country.
From this observation, we believe that a large number of smartphones in Nepal have already been infected and that they can be converted into mobile botnets at will to perform cybercrimes, including DDoS attacks, within and beyond the border. To protect Nepal’s infrastructure networks from increasingly powerful DDoS attacks launched by mobile devices, it requires carrier-grade capacity, throughput, reliability and scalability.