India, a nation celebrated for its technological prowess, finds itself trapped in the sights of cybercriminals. The numbers are staggering – 13.7% of all cyber attacks worldwide are directed at India. Government agencies, healthcare providers, educational institutions, and even small businesses face unrelenting attacks.
The recent India Threat Landscape report by CYFIRMA highlights a number of threats targeting India and strategies to counter them.
The Gravity of the Threats
According to the findings, India emerged as the primary target for cyber attacks, accounting for a staggering 13.7% of all incidents, surpassing the United States with 9.6% and Indonesia and China with 9.3% and 4.5%, respectively.
Notably, the onslaught on government agencies witnessed a drastic surge, escalating by 95% in the latter half of 2022 compared to the same period in 2021. One of the most alarming trends is the significant increase in state-sponsored cyber attacks. State-sponsored cyber attacks in India skyrocketed by over 100% in 2022, underscoring the escalating nature of these threats.
This underscores the critical importance of acknowledging the gravity of cyber threats and the need for comprehensive cybersecurity measures.
Within specific sectors, hackers hone in on healthcare, followed closely by education, research, government, and military domains. The data paints a grim picture, revealing that Indian organizations faced an average of 1,866 attacks per week in 2022.
Among the prevalent attack methods, phishing attacks, malware assaults, and ransomware incidents were rampant, with a staggering 78% of Indian organizations falling victim to ransomware attacks in 2021, 80% of which resulted in critical data being encrypted.
“It is no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence on the world stage and push from Western economies to favor India over other large countries, a young and tech-savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare, and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don’t know who to defend against, billions spent in cybersec will not yield expected results,” said Kumar Ritesh, CEO and Founder, Cyfirma.
Rising Geopolitical Tensions
India’s strategic significance has never been more pronounced, attracting the attention of threat actors from across the globe. A concerning development has emerged, where North Korean threat actors are joining forces with China and Russia, forming a dangerous alliance for financial gains. This alliance has taken the form of hacker-as-a-service (HaaS), allowing North Korea to offer its hacking expertise to the highest bidder.
Between January and July 2023, CYFIRMA conducted extensive monitoring and analysis of external threat landscapes, uncovering a staggering 39 campaigns targeting various sectors in India. These campaigns are believed to be the work of well-known groups such as FancyBear, TA505, Mission 2025, Stone Panda, and Lazarus Group.
Fourteen of these campaigns were arranged by China’s state-sponsored groups, driven by espionage motives. Additionally, North Korean hackers orchestrated 11 campaigns, leveraging the HaaS model. Meanwhile, Russian threat actors launched ten attacks, with only four being state-sponsored, underscoring the collaborative and sophisticated nature of contemporary cyber threats faced by India.
Attack methods used by threat actors
1. Ransomware: One prominent threat is ransomware, where malicious operators continually refine their techniques, aiming to intimidate organizations and coerce them into paying ransoms. This practice follows a 4-layer approach: first infiltrate the target organization’s network, then exfiltrate and encrypt sensitive data, followed by a demand for ransom accompanied by public shaming, and finally, leaving behind traces for potential future attacks.
2. Crimeware-as-a-Service (CaaS): Another concerning trend is the rise of Crimeware-as-a-Service (CaaS), encompassing various threats such as SMS spoofing, phishing kits, custom spyware, and hacker-for-hire services.
3. Carpet Bombing: Small and medium-sized enterprises (SMEs), once considered immune to cyber threats, are now victims of carpet bombing, highlighting the indiscriminate nature of cyber warfare.
4. Supply chain disruption: It remains a pervasive issue, with threat actors consistently targeting software supply chains.
In response to these escalating attacks, governments and organizations must adopt comprehensive Enterprise Threat and Log Management (ETLM) tools. These tools serve as a crucial bridge, correlating gathered intelligence with various aspects such as infrastructure, digital footprint, brand, industry, technology, and geolocation. By unifying diverse capabilities, these tools provide a prioritized action plan, enabling entities to formulate effective response strategies against the growing menace of cyber threats.
Actionable steps for entrepreneurs to avoid cyber attacks
A. Invest in robust cybersecurity frameworks that encompass threat intelligence, secure coding practices, and regular security audits.
B. Educate your employees about the latest cyber threats, phishing attempts, and safe online practices.
C. Conduct regular security audits of your systems, networks, and applications. Stay proactive in applying security patches and updates to mitigate known vulnerabilities.
D. Instill a cybersecurity-conscious culture within your startup. Encourage open communication about security concerns, promote reporting of suspicious activities, and reward employees for adhering to security protocols.
CYFIRMA is an external threat landscape management platform company headquartered in Singapore. They combine cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. Their AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients prepare for impending cyber attacks.