2019 cyberattacks on Sri Lanka

The 2019 cyberattacks on Sri Lanka were a series of powerful cyberattacks on at least 10 Sri Lankan domestic websites with the public domains of .lk and .com. The cyberattack is speculated to have been conducted on 18 and 19 May 2019, the day following the Vesak festival and amid the persistent temporary social media ban in the country. The website of the Kuwaiti Embassy operating in Sri Lanka was also affected by the cyberattacks. The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with Sri Lanka Signals Corps.

Background
Sri Lanka, an island nation located in South Asia, has experienced its share of socio-political challenges over the years, including ethnic conflicts and political instability. In this context, cybersecurity emerged as a critical concern for the country's stability and national security.

As Sri Lanka embraced digitalization, recognizing the potential rise in cybersecurity threats and the rapid expansion of information and communication technology (ICT) infrastructure, the nation took proactive steps. The Sri Lanka Coordination Centre (CERT|CC) was established as the country's official National CERT under the auspices of the ICT Agency of Sri Lanka. This institution's primary mission was to fortify Sri Lanka's resilience against emerging cyber threats and to adapt to the changing cybersecurity landscape.

As noted by Sri Lanka CERT, the nation has a documented history of prior cyber incidents. This history includes a range of incidents reported to Sri Lanka CERT during the year 2016, as detailed in the APCert report of 2016. This historical context may serve as a noteworthy indicator of the potential for future significant cyberattacks, such as the 2019 cyberattack.

The Event
In May 2019, Colombo experienced a series of cyberattacks that targeted multiple Sri Lankan websites, including those with the .lk and .com domains. Notably, the cyberattacks extended beyond national borders to affect a foreign embassy located in Sri Lanka.

The Sri Lanka Computer Emergency Readiness Team (SLCERT) reported that among the victims of these cyberattacks were the websites of the Kuwait Embassy in Colombo, the Tea Research Institute in Talawakelle, The Rajarata University in Mihintale, and 10 private institutions. SLCERT, along with TechCERT and the Cyber Operations Center operating under the Ministry of Defence, is actively engaged in ongoing investigations to ascertain the nature and origins of these attacks.

After the incident the CEO of SLCERT, Dileepa Lathsara, revealed that several of the targeted websites have already been restored to their previous states. These cyberattacks were particularly impactful on websites that possessed minimal cybersecurity safeguards, highlighting the importance of enhanced cybersecurity measures. SLCERT emphasizes the need for the general public to prioritize the security of their websites to prevent future incidents.