India threat landscape report highlights cybersecurity concerns

• Cybersecurity in India suffers as state-sponsored cyberattacks on India increase by 100% in 2023.
• Healthcare sector most targeted in India followed by education, research, govt and military sector.
• Cyfirma research shows 39 active campaigns against India in 2023 coming from state-sponsored threat actors – China, North Korea, Pakistan, Russia.

While China, Iran, North Korea and the US continue to dominate the global threat landscape, India is also witnessing an increasing number of cybersecurity incidents. Be it ransomware or state-sponsored attacks, India has emerged as the most targeted country by criminals in 2023.  

In fact, earlier this year, Gartner predicted that end-user spending on security and risk management in India is forecasted to total US$2.65 billion in 2023, an increase of 8.3% from 2022. This was mainly due to the increasing adoption of digitalization and cloud infrastructure, as well as growing concerns on the rising number of ransomware attacks. Stringent government measures on digital data protection and security breach reporting are also pressing chief information security officers (CISOs) to increase their security and risk management spending for 2023. 

Despite this, cyberattacks have been increasing in India. In what is potentially the largest data breach in India, the data of around 81.5 million Indian citizens from the Indian Council of Medical Research (ICMR) was reported to be compromised. The Indian government is currently investigating the data breach. 

According to CYFIRMA’s India Threat Landscape report 2023, India is the most targeted country, with 13.7% of all attacks, followed by the US with 9.6%, then Indonesia and China with 9.3% and 4.5% respectively.  

Taking a deeper look into the report, there was a 95% increase in cyberattacks targeted at Indian government agencies in 2022 as compared to 2021. The number of state-sponsored cyberattacks in India increased by more than 100% in 2022 compared to 2021. 

Looking at industries in the subcontinent, healthcare is the sector most targeted by hackers, followed by education, research, government and military sectors. The data from the report shows that organizations in India were attacked 1,866 times per week on average in 2022. 

As expected, the most common types of cyberattacks in India are phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.  

“It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence on the world stage and the push from Western economies to favor India over other large countries, as well as a young and tech savvy population with low cybersecurity maturity has played a key role in hackers coming after critical assets and government agencies with an intent to breach them and harm India’s strategic interests,” commented Kumar Ritesh, CEO & Founder of Cyfirma.

Ritesh also pointed out that while sectors like financial services, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape.  

“We believe that unless you know who to defend against, billions spent in cybersecurity will not yield expected results,” added Ritesh.  

Not just a cybersecurity problem  in India

As India’s geopolitical importance grows, more threat actors are targeting India with cybersecurity threats. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed, with the former offering itself as hacker-as a-service (HaaS) for financial gain.  

For example, the report revealed that between January to July 2023, as part of its external threat landscape monitoring and analysis, Cyfirma observed 39 campaigns targeting various industries in India.  

Known groups like FancyBear, TA505, Mission 2025, Stone Panda and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by Chinese state-sponsored groups with an intent of espionage. 11 of these campaigns were planned by North Korea-backed hackers as part of HaaS. And 10 attacks originated from Russian threat actors, of which only 4 were state-sponsored.  

Apart from that, there have also been internal threats that have caused some panic among Indians. This included reports of the Indian government using spyware to block or spy on content from opposition politicians, journalists and others. While these are more government-related issues, they’re still considered a cybercrime.

 The Indian threat landscape  

Here’s a look at the key trends and attack methods being used by threat actors in India 

• Ransomware: ransomware operators are continuously improving their techniques with an intent to intimidate and force victims to pay ransoms. At present, ransomware operators are suspected to follow a 4-layer approach of targeting organizations, which includes infiltrating into the target organization’s network, followed by exfiltrating and encrypting data. They then demand ransom and “Name & Shame” and leave behind footprints in the targeted organizations – so they can come back and attack them again.
• Crimeware- as-a service: CaaS threats include SMS spoofing, phishing kit, custom spyware, hackers for hire, exploit kit.
• Carpet bombing of SMEs:  SMEs are not spared by cyberwar – businesses of all sizes are targeted.
• Supply chain disruption: software supply chain will continue to be targeted 

With the rising tide of cybersecurity attacks in India, it is critical for government agencies and organizations to engage a comprehensive cybersecurity tool which can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation.  

---

---

---

---