| Date | 19 May 2019 |
|---|---|
| Location |  Sri Lanka |
The 2019 cyberattacks on Sri Lanka were a series of powerfulcyberattacks on at least 10 Sri Lankan domestic websites with thepublic domains of .lk and .com.[1] The cyberattack is speculated to have been conducted on 18 and 19 May 2019, the day following theVesak festival and amid the persistent temporary social media ban in the country.[2] The website of the Kuwaiti Embassy operating in Sri Lanka was also affected by the cyberattacks.[3][4] The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along withSri Lanka Signals Corps.[5]
Sri Lanka, an island nation located inSouth Asia, has experienced its share of socio-political challenges over the years, including ethnic conflicts and political instability. In this context, cybersecurity emerged as a critical concern for the country's stability and national security.
As Sri Lanka embraced digitalization, recognizing the potential rise in cybersecurity threats and the rapid expansion of information and communication technology (ICT) infrastructure, the nation took proactive steps. The Sri LankaCoordination Centre (CERT|CC)[6] was established as the country's official National CERT under the auspices of the ICT Agency of Sri Lanka. This institution's primary mission was to fortify Sri Lanka's resilience against emerging cyber threats and to adapt to the changing cybersecurity landscape.
As noted by Sri LankaCERT, the nation has a documented history of prior cyber incidents.[7] This history includes a range of incidents reported to Sri Lanka CERT during the year 2016, as detailed in the APCert report of 2016.[8] This historical context may serve as a noteworthy indicator of the potential for future significant cyberattacks, such as the 2019 cyberattack.
In May 2019, Colombo experienced a series ofcyberattacks that targeted multiple Sri Lankan websites, including those with the .lk and .com domains.[9] Notably, the cyberattacks extended beyond national borders to affect a foreign embassy located in Sri Lanka.[10]
TheSri Lanka Computer Emergency Readiness Team (SLCERT)[6] reported that among the victims of these cyberattacks were the websites of the Kuwait Embassy in Colombo, the Tea Research Institute in Talawakelle, The Rajarata University in Mihintale, and 10 private institutions.[11] The attacks were primarily website defacements, where attackers altered the content of the websites. SLCERT, along with TechCERT and the Cyber Operations Center operating under the Ministry of Defence, is actively engaged in ongoing investigations to ascertain the nature and origins of these attacks.
After the incident the CEO ofSLCERT, Dileepa Lathsara, revealed that several of the targeted websites have already been restored to their previous states.[12] These cyberattacks were particularly impactful on websites that possessed minimal cybersecurity safeguards, highlighting the importance of enhanced cybersecurity measures. SLCERT emphasizes the need for the general public to prioritize the security of their websites to prevent future incidents.
