What’s a DDoS cyberattack that hit Karnataka’s Kaveri 2.0 portal? Premium

The Kaveri 2.0 portal experienced performance issues in December 2024 and January 2025.

Story so far: In January, web-based portal Kaveri 2.0, which streamlines property registrations in Karnataka, faced sporadic, crippling server outages. As a result, property registration and document-related citizen services went almost to a standstill in the state. On investigating the outage, the Revenue Department and E-Governance Department concluded that it was not due to “technical glitches” but a “motivated Distributed Denial of Service (DDoS) attack” on Kaveri 2.0 - a portal launched in 2023 to reform land registration. The sustained cyberattack on the portal, orchestrated by unidentified miscreants, highlights the vulnerability of critical online services to cyber threats.

Following the incident, K. A. Dayananda, Inspector General of Registrations and Commissioner of Stamps (IGR & CS) lodged a complaint with the cyber-crime police. The Cybercrime, Economic offences, Narcotics (CEN) police registered a case under the Information Technology Act, 2000, against the unidentified miscreants.

“The Kaveri 2.0 faced some performance issues during December 2024. Upon analysis and inputs from the Centre for Smart Governance [CSG], it was found that these issues were caused by a malicious DDoS attack using automated tools or bots,” the FIR said.

A DDoS attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. Unlike a Denial of Service (DoS) attack, which typically involves a single source, a DDoS attack leverages multiple compromised systems, often infected with malware, to generate the traffic. These compromised systems are collectively known as a botnet. Such attacks may be aimed at saturating the bandwidth of a particular site, exploiting weaknesses in the network protocol stack, or targeting specific weaknesses in applications or services.

DDoS attacks can lead to a service downtime, which is the primary goal of a DDoS attack -- to render a service unavailable, leading to a disruption or potential loss of revenue. While DDoS attacks do not directly steal data, they can be used as a distraction while other forms of cyberattacks, such as data breaches, are executed. Organisations that fall victim to DDoS attacks may suffer reputational damage, as customers and partners question their ability to protect against cyber threats.

The Kaveri 2.0 portal, a critical application for property registrations, experienced performance issues in December 2024 and January 2025. Fake accounts were created, and entries were made into the database using these accounts, overwhelming the system. The attack involved 62 email accounts originating from 14 IP addresses, highlighting the distributed nature of the assault.

In January 2025, a similar attack occurred, with extremely high traffic observed from citizen-side users for encumbrance certificate (EC) searches, which was eight times more than usual. At one point, the portal received 6.2 lakh requests from malicious users in just two hours, using random keywords to perform searches. This surge in traffic crippled the portal, significantly reducing the number of registrations.