Mumbai: CYFIRMA, an external threat landscape management platform, has released the India Threat Landscape Report 2023, focusing on threats targeting India and strategies to counter them.
According to the report, India is the most targeted country, with 13.7% of all attacks, followed by the US with 9.6%, Indonesia and China with 9.3% and 4.5% respectively. The number of cyberattacks on government agencies has increased significantly year-on-year. In the second half of 2022, there were 95% more cyberattacks on government agencies than in the same period in 2021. The number of state-sponsored cyber attacks in India increased by more than 100% in 2022 compared to 2021. India was the most targeted country in 2022, as attacks on government agencies more than doubled.
- India is the most targeted country, with 13.7% of all cyber attacks directed at it
- The US, Indonesia and China are the next three most targeted countries by threat actors
- Govt agencies across nations emerge as the topmost target, with 95% of the cyber attacks aimed at them
- State-sponsored cyber attacks increased by 100% in India in 2022
- The healthcare sector is most targeted in India, followed by the education, research, govt and military sectors
- Cyfirma research shows 39 active campaigns against India in 2023 coming from state-sponsored threat actors from China, North Korea, Pakistan, Russia
- Threat actors actively targeting India include FancyBear, Mission 2025 (China), TA505 (Russia), Transparent Tribe (Pakistan), Turla Group, Stone Panda and Lazarus Group (North Korea)
Healthcare is the most targeted sector by hackers, followed by education, research, government and military sectors. The data from the report shows that an organization in India was attacked 1,866 times per week on average in 2022.
The most common types of cyber attacks in India are /phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.
Kumar Ritesh, CEO and founder of Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence on the world stage and push from Western economies to favour India over other large countries, a young and tech-savvy population with low cybersec maturity, has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don’t know who to defend against, billions spent in cybersec will not yield expected results.”
India’s geo-political importance has never been greater than it is today. This has given way to threat actors uniting against India. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed, with the former offering itself as a hacker as a service (HaaS) for financial gains.
Between Jan to July 2023, as part of the external threat landscape monitoring and analysis, CYFIRMA observed 39 campaigns targeting various industries in India. Known groups like FancyBear, TA505, Mission 2025, Stone Panda and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by China State-sponsored groups with the intent of espionage. 11 of these campaigns were planned by North Korea-backed hackers as part of HaaS. While 10 attacks originated from Russian threat actors, of which only 4 were state-sponsored.
Key trends and attack methods being used by threat actors:
Ransomware: Ransomware operators are continuously improving their techniques with the intent to intimidate and force victims to pay the ransom. At present, ransomware operators are suspected to follow a 4-layer approach to targeting organizations, which includes:
- Infiltrate into the target organization’s network.
- Exfiltrate and encrypt data.
- Demand ransom and “Name & Shame”.
- Leave behind footprints in the targeted organizations to come back and attack again.
Crimeware-as-a-service: CaaS threats include SMS spoofing, phishing kits, custom spyware, hackers for hire, and exploit kits.
Carpet Bombing of SMEs: SMEs are not spared by cyberwar; businesses of all sizes are targeted.
Supply Chain disruption: Software supply chain will continue to be targeted
With the rising attacks, it is critical for the governments and Organizations to engage a comprehensive ETLM tool, which can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation. Because when you unify different capabilities, you get a prioritized list of actions to prepare an effective response plan.
CYFIRMA is an external threat landscape management platform company. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. Our cloud-based AI and ML-powered analytics platforms provide the hacker’s view with deep insights into the external cyber landscape, helping clients prepare for impending attacks. CYFIRMA is headquartered in Singapore with offices in Japan, India, the US, and the EU. Customers include both governments as well as Fortune 500 companies across manufacturing, financial services, retail, industrial products, natural resources and pharmaceutical industries.