CYFIRMA launches India threat landscape report

• India is the most targeted country, with 13.7% of all cyber attacks directed at it.

• The US, Indonesia, and China are the next three most targeted countries by threat actors.

• Government agencies across nations emerge as the topmost target, with 95% of the cyberattacks aimed at them.

• State-sponsored cyber attacks increased by 100% in India in 2022.

• The healthcare sector is most targeted in India, followed by education, research, government, and military sectors.

• Cyfirma research shows 39 active campaigns against India in 2023 coming from state-sponsored threat actors from China, North Korea, Pakistan, and Russia.

• Threat actors actively targeting India include FancyBear, Mission 2025 (China), TA505 (Russia), Transparent Tribe (Pakistan), Turla Group, Stone Panda, and Lazarus Group (North Korea).

Mumbai, November 6, 2023: CYFIRMA, an external threat landscape management platform, has released the India Threat Landscape report 2023, focusing on threats targeting India and strategies to counter them.

According to the report, India is the most targeted country, with 13.7% of all attacks, followed by the US with 9.6%, Indonesia with 9.3%, and China with 4.5%, respectively. The number of cyberattacks on government agencies has increased significantly year-on-year. In the second half of 2022, there were 95% more cyberattacks on government agencies than in the same period in 2021. The number of state-sponsored cyber attacks in India increased by more than 100% in 2022 compared to 2021. India was the most targeted country in 2022, as attacks on government agencies more than doubled.

Healthcare is the most targeted sector by hackers, followed by education, research, government, and military sectors. The data from the report shows that an organization in India was attacked 1,866 times per week on average in 2022.

The most common types of cyberattacks in India are phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.

Kumar Ritesh, CEO & Founder, Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence on the world stage and push from Western economies to favor India over other large countries, a young and tech-savvy population with low cybersec maturity, have played a key role in hackers coming after critical assets and government agencies with the intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare, and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don’t know who to defend against, billions spent in cybersec will not yield expected results.”

India’s geo-political importance has never been greater than it is today. This has given way to threat actors uniting against India. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed, with the former offering itself as a hacker as a service (HaaS) for financial gains.

Between January and July 2023, as part of the external threat landscape monitoring and analysis, CYFIRMA observed 39 campaigns targeting various industries in India. Known groups like FancyBear, TA505, Mission 2025, Stone Panda, and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by state-sponsored groups with the intent of espionage. 11 of these campaigns were planned by North Korea-backed hackers as part of HaaS. While 10 attacks originated from Russian threat actors, of which only 4 were state-sponsored,

Key trends and attack methods being used by threat actors:

Ransomware: Ransomware operators are continuously improving their techniques with the intent to intimidate and force victims to pay the ransom. At present, ransomware operators are suspected to follow a 4-layer approach to targeting organizations, which includes:

1. Infiltrate into the target organization’s network.
2. Exfiltrate and encrypt data.
3. Demand ransom and “Name and Shame”.
4. Leave behind footprints in the targeted organizations to come back and attack again.

Crimeware-as-a-service: CaaS threats include SMS spoofing, phishing kits,custom spyware, hackers for hire, and exploit kits.

Carpet bombing of SMEs: SMEs are not spared by cyberwar; businesses of all sizes are targeted.

Supply Chain Disruption: The software supply chain will continue to be targeted.

With the rising attacks, it is critical for governments and organizations to engage a comprehensive ETLM tool that can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation. Because when you unify different capabilities, you get a prioritized list of actions to prepare an effective response plan.

Also read: IT cybersecurity aims to ensure that stakeholders can access and process data when necessary, says Srikanth Subbu CISO at Tata Electronics

Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.