State-sponsored cyber-attacks in India up by 278% in 3 years: Report
State-sponsored cyber-attacks in India have increased by 278% between 2021 and September 2023, according to a report published on Monday. The report, titled "2023 India Threat Landscape Report" and conducted by cybersecurity firm Cyfirma, found that services companies, including IT and BPO firms, were the most targeted, accounting for the highest share of attacks. The report also revealed that targeted cyber-attacks on government agencies rose by 460%, while startups and SMEs saw a staggering increase of 508%.
This research comes only weeks after US-based cybersecurity and intelligence firm Resecurity disclosed that personal details of over 81.5 crore citizens with the Indian Council of Medical Research (ICMR) were being sold on the dark web. The data includes crucial information such as Aadhaar and passport details, as well as names, phone numbers, and addresses. The report stated that a threat actor known as 'pwn0001' had posted a thread on Breach Forums offering access to millions of 'Indian Citizen Aadhaar and Passport' records.
According to the Cyfirma report, India is the most targeted country, accounting for 13.7% of all attacks, followed by the US with 9.6%, Indonesia and China with 9.3% and 4.5% respectively. The number of cyber-attacks on government agencies has significantly increased year-on-year, with a 95% rise in the second half of 2022 compared to the same period in 2021. State-sponsored cyber-attacks in India have also increased by over 100% in 2022 compared to 2021, making India the most targeted country that year.
The healthcare sector is the most targeted by hackers, followed by education, research, government, and military sectors. Data from the report indicates that an organisation in India was attacked an average of 1,866 times per week in 2022.
The most common types of cyber-attacks in India are /phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organisations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption, the study said.
“While sectors like BFSI, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don't know who to defend against, billions spent in cybersecurity will not yield expected results,” Kumar Ritesh, chief executive and founder, Cyfirma, said in a statement.
A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed with the former offering itself as hacker as a service (HaaS) for financial gains, the report noted.
Between January and July 2023, researchers observed 39 campaigns targeting various industries in India. Suspected groups such as FancyBear, TA505, Mission 2025, Stone Panda, and Lazarus Group are believed to be behind these campaigns. Of these 39 campaigns, 14 were orchestrated by Chinese state-sponsored groups for espionage purposes, 11 were planned by North Korean-backed hackers as hacker-as-a-service, and 10 attacks originated from Russian threat actors, of which only 4 were state-sponsored.
The study also noted that ransomware operators are continuously improving their techniques to intimidate and force victims to pay the ransom. Additionally, threats such as crimeware-as-a-service (CaaS), including SMS spoofing, phishing kits, custom spyware, and hackers for hire, are becoming increasingly prevalent.
Another study conducted by cybersecurity firm Tenable and published last week revealed that the majority of organisations in India are not well-prepared to face cybersecurity attacks and are not focusing on preventive measures. The survey found that Indian organizations were unable to prevent 42% of cyber-attacks on their businesses, successfully thwarting only 58% of attacks over the past two years.