With millions of Indians becoming active on digital platforms, India has become a prime target of the cybercriminal. Last month saw one of the most devastating breaches when Aadhaar data of 815 million was seen on sale on the dark web.
According to CYFIRMA’s India Threat Landscape report 2023, India is the most targeted country, with 13.7% of all attacks followed by the US with 9.6%, Indonesia and China with 9.3% and 4.5% respectively.
Read more: Establishing a unified defense strategy for converging IT & OT environments
The number of cyberattacks on government agencies has increased significantly year-on-year. In the second half of 2022, there were 95% more cyberattacks on government agencies than in the same period in 2021. The number of state-sponsored cyberattacks in India increased by more than 100% in 2022 compared to 2021. India was the most targeted country in 2022 as attacks on government agencies more than doubled.
The majority of Indians are not typically well-versed in privacy matters, and interactions with government, quasi-government, financial institutions and service providers often involve sharing physical copies of Aadhar/Passport without clear accountability for how this data is stored, used, or protected. I hope this fuels the debate on government and its institutions’ accountability in regard to its citizens Personally Identifiable Information (PII) data
Kiran Vangaveti, Founder and CEO of BluSapphire
Kiran Vangaveti, Founder and CEO of BluSapphire, says accountability within government institutions must be brought into account, “As India positions itself as the world’s leading digital economy, this breach is indeed a cause for disappointment and regret. Its impact extends to over 50% of the population. The enforcement of India’s Data Privacy Act (DPDP) now places a significant spotlight on the Confidentiality, Integrity, and Accountability.
“Given the speculation that the source of the breach may be the government entity ICMR, it prompts a discussion about accountability within government institutions, an aspect that was not well captured in the DPDP. The majority of Indians are not typically well-versed in privacy matters, and interactions with government, quasi-government, financial institutions and service providers often involve sharing physical copies of Aadhar/Passport without clear accountability for how this data is stored, used, or protected. I hope this fuels the debate on government and its institutions’ accountability in regard to its citizens Personally Identifiable Information (PII) data.”
Geo-political Attraction
The Cyfirma report identifies healthcare as the most targeted sector by hackers followed by education, research, government and military sectors. The data from the report shows that an organization in India was attacked 1,866 times per week on average in 2022.
The most common types of cyberattacks in India are phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.
India’s growing prominence at the world stage and push from Western economies to favour India over other large countries, a young and tech savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests
Kumar Ritesh, CEO & Founder, Cyfirma
Kumar Ritesh, CEO & Founder, Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence at the world stage and push from Western economies to favour India over other large countries, a young and tech savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests.
“While sectors like BFSI, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don’t know who to defend against, billions spent in cybersec will not yield expected results.”
Read more: The significance of cloud cost optimization in today’s business environment
India’s geo-political importance has never been greater than it is today. This has given way to threat actors uniting against India. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed with the former offering itself as hacker as a service (HaaS) for financial gains.
Between January to July 2023, as part of the external threat landscape monitoring and analysis, CYFIRMA observed 39 campaigns targeting various industries in India. Known groups like FancyBear, TA505, Mission 2025, Stone Panda and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by China State sponsored groups with an intent of espionage. 11 of these campaigns were planned by North Korea backed hackers as part of HaaS. While 10 attacks originated from Russian threat actors, of which only 4 were state sponsored.
India’s Threat Landscape
Key trends and attack methods being used by threat actors include ransomware operators, who are continuously improving their techniques with an intent to intimidate and force victims to pay the ransom. At present, ransomware operators are suspected to follow a 4-layer approach of targeting organizations which includes:
- Infiltrate into the target organization’s network.
- Exfiltrate and encrypt data.
- Demand ransom and “Name & Shame”.
- Leave behind footprints in the targeted organizations to come back and attack again.
Crimeware-as-a-service (CaaS) threats include SMS spoofing, phishing kit, custom spyware, hackers for hire, and exploit kit. Then there is Carpet Bombing of SMEs, who are not spared by cyberwar, businesses of all sizes are targeted. This also includes supply chain disruption by targeting software supply chain.
With the rising attacks, it is critical for the govts and Organizations to engage a comprehensive ETLM tool, which can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation. Because when you unify different capabilities, you get a prioritized list of actions to prepare an effective response plan.
