Over the years, Nepal has experienced a rise in cyber threats which is always a major challenge to its cyber system and security. Be it government servers or financial institutions, no organization today is safe from these dangerous threats. This extensive blog contains the brief discussion of cyber warfare in incidents, vulnerabilities and countermeasures in Nepal.
The Growing Threat of Cyber Attacks:
The information technology sector of Nepal has changer significantly over the last decade including the usage of internet, smartphone penetration and digital uses for payment. While making a lot of sense, these advancements avert many disadvantages, it opens the doors for hackers who look for weaknesses to enrich themselves or cause some harm. There are diverse types of cyber threats in Nepal which include viruses, Trojan, phishing, hacks, leaks, ransom, and DDoS attacks.
1. As The Lawmaker Enters Singha Durbar Server Under Siege
Being the central server of Nepal’s administrative hub, Singha Durbar server has been constantly attacked by hackers. Despite regaining access to official website after a recent breach the mentioned server is still dealing with Distributed Denial-of-Service (DDoS) attacks. These attacks saturate the system with requests depriving it of the ability to provide some basic services. Remarkably, even foreign travelling was affected by the shutdown of the immigration server.
2. Cybersecurity Brochure: Some of the Most Frequent Hacks
Cyber threats range from a moderate level to a severe level and the country that is in discussion here is Nepal. Some commonly reported incidents include:
a. ATM Attacks
Banks facing ATM hacks, customer data and money at risk.
b. Ransomware
Instead, ransomware infects computers and mobile devices, includingworkflow-halting files and demands the victims to pay for thsir release.
c. Spear Phishing
Phishing scams can be complex and are normally directed at an individual or an organization and end up compromising the company’s database.
d. Privacy Leaks
People’s information disclosures are detrimental to privacy and can lead to negative outcomes.
e. Social Media-Related Crimes
Ranging from harassment to identity theft, social network site reveals malicious act.
3. Notable Breaches
Several high-profile breaches have shaken Nepal’s cybersecurity landscape:
a. Paradox Cyber Ghost (2017)
By hacking 58 government websites, Paradox Cyber Ghost revealed the weakness in the Nepalese online environment.
b. NIC Asia Bank SWIFT System Hack (2017)
An unknown person hacked NIC Asia Bank’s SWIFT system to siphon off millions of dollars.
4. Strengthening Defenses
To combat cyber threats, Nepal must:
a. Enhance Infrastructure
The other action is to strengthen the organizations’ cyber defense mechanism such as intrusion detection systems and firewall.
b. Promote Awareness
Increase awareness of public, entities and government about safe use of internet.
c. Foster Collaboration
Coordinate with global organizations and other regional countries to exchange threats information.
What Makes Nepal Vulnerable?
Limited Cybersecurity Awareness: Most people who use the internet have little knowledge of the safety precautions that they should implement and therefore become victims to cyber predators.
Inadequate Infrastructure: The IT structure of Nepal is still not well developed and the country does not have very strong defense mechanisms against hi-tech attacks.
Outdated Laws: Current antecedent laws on cybercrimes may not sufficiently cover the emerging threats in the cyberspace.
Limited Technical Expertise: Nepal currently lacks adequate number of qualified cybersecurity professionals so as to prevent and control cyber security threats.
The Major cyber attacks incident in Nepal
The history of cyber incidents in case of Nepal can be dated back to a decade ago, that is, early 2010 AD. While the exact first incident remains unclear due to many unreported cases, here are some notable early cybercrimes:
1.Online Swindling (July 2013):
In July 2013, an example of which had an adverse effect on an adolescent woman was identified involving online swindling. She parted with Rs. 110,000 for an online airline ticket booking but got only Rs. 15,000 back only after seeking the help of a lawyer.This in.cident revealed dangers of financial transactions via the Internet.
2.First Known Cyberbullying Case (October 2014):
The first reported case of cyber bullying was incident was on October 7, 2014 at Kathmandu School of Law.
This incident created awareness about cyber bullying and the danger that people face on the cyber space.
3.Hacking of Government Websites (2017):
It has been discovered that one of the most notorious cyber groups in the recent past is “Paradox Cyber Ghost”, and they hacked 58 government websites in the same year 2017 with the aim of leaking sensitive information and successfully made a huge security leakage.
This event as a perfect example to demonstrate the necessity of strong protection from cyber threats for the government institutions.
4.SWIFT System Hack (2017):
In the same year, the SWIFT system of NIC Asia Bank, the Nepalese bank, was intervened by an unknown person. About USD 4.4 million was the money withdrawn from a user’s accounts and passed to six various nations. Most of the funds were recovered by the bank.
5.Recent Data Breach (2020):
In this paper, Foodmandu-an e-commerce company which operates an online food delivery service in the Kathmandu valley, had its data attacked in March 2020. Hacktivists comprised of more than 50000 users’ information such as name, address, email and phone number and then released them online.
6.Hacking of the President’s Official Website (2021):
In this year 2021 the official website of Nepal president was hacked. It pointed out vulnerability and highlighted the need for protecting official sites from hacking.
7.Massive Cyber Attack on Government Websites 2023:
Potentially in a single and unprecedented hack, about 3500 government websites hosted in the National Information Technology Center – the official data center of Nepal – got hacked. This cyber attack underlined the increasing need of innovative security measures to maintain the security of vital computer networks. It affected its social functions, forcing governments to immediately fix the problems.In particular, the learning data of Nepal Rastra Bank Source code is available in the Dark Web.ernment websites hosted at the National Information Technology Center—Nepal’s exclusive data center—were simultaneously compromised. This cyber onslaught underscored the critical necessity for enhanced cybersecurity protocols to safeguard sensitive digital infrastructure. The attack disrupted essential services, prompting urgent remediation efforts by authorities.
8.Nepal Rastra Bank Source code,Data available in Dark Web
The Nepal Rastra Bank (NRB), the central bank of Nepal in 2024 was a victim of an operation through which some sensitive information went on the Dark Web. This unfortunate incident, NepaLeaks, put out restricted financial information and breached issues of cyber security and data management. The information and data sell on 14 lakhs nepalese rupees.the leak emphasized that needing better protection for financial data and information in Nepal so that such data and information cannot be leaked. Again, the authorities and the financial institutions shall continue practicing caution in order to avoid such a leakage in future.