India Tops Cyber-Attacks Target List with 13.7% followed by US: Reports

CYFIRMA, a platform specializing in managing external threat landscapes, has unveiled the India Threat Landscape Report 2023. This report zeroes in on the threats directed at India, offering insights into effective strategies to mitigate these risks. According to the report, India emerged as the primary target, accounting for 13.7% of all cyber-attacks, followed by the US at 9.6%, and Indonesia and China at 9.3% and 4.5% respectively.

The frequency of cyberattacks on government agencies showed a significant year-on-year increase. In the latter half of 2022, there was a staggering 95% rise in cyberattacks on government entities compared to the same period in 2021. Furthermore, state-sponsored cyber-attacks in India saw a dramatic surge, escalating by over 100% in 2022 compared to 2021. India faced the brunt of these attacks, particularly targeting government agencies, with the number of incidents more than doubling in 2022.

Hackers primarily target the healthcare sector, followed by education, research, government, and military sectors. According to the report data, organizations in India faced an average of 1,866 attacks per week in 2022.

In India, the prevalent cyber-attacks include phishing, malware, and ransomware attacks. In 2021, 78% of Indian organizations fell victim to ransomware attacks, and 80% of these attacks led to data encryption.

Kumar Ritesh, CEO and founder, of Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence on the world stage and push from Western economies to favor India over other large countries, a young and tech-savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare, and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you do not know who to defend against, billions spent in cybersec will not yield expected results.”

India's geopolitical significance has reached unprecedented heights in the present day. Consequently, various threat actors have joined forces against the country. A concerning pattern has emerged, wherein North Korean threat actors are collaborating with China and Russia. Notably, North Korea has positioned itself as a hacker-for-hire service (HaaS) to pursue financial gains in these partnerships.

From January to July 2023, CYFIRMA conducted external threat landscape monitoring and analysis, uncovering 39 campaigns targeting diverse industries in India. Suspected groups such as FancyBear, TA505, Mission 2025, Stone Panda, and Lazarus Group were linked to these campaigns. Among these, 14 campaigns were attributed to China State-sponsored groups, driven by espionage motives. Additionally, 11 campaigns were orchestrated by North Korea-backed hackers operating as a Hacker-as-a-Service (HaaS). Russian threat actors were responsible for 10 attacks, with only 4 of them being state-sponsored.

Key trends and cyber-attacks methods being used by threat actors:

Ransomware: 

Ransomware operators are constantly enhancing their techniques to intimidate and coerce victims into paying the ransom. Currently, these operators are believed to employ a sophisticated four-layer approach when targeting organizations, which includes:

1. Infiltrate the target organization’s network.
2. Exfiltrate and encrypt data.
3. Demand ransom and “Name & Shame”.
4. Leave behind footprints in the targeted organizations to come back and attack again.

Crimeware-as-a-service: CaaS threats encompass a range of tactics, including SMS spoofing, phishing kits, customized spyware, hacker-for-hire services, and exploit kits.

Carpet Bombing of SMEs: Small and medium-sized enterprises (SMEs) are not exempt from cyber warfare; businesses of every size are susceptible to being targeted.

Supply Chain disruption: 

The software supply chain remains a prime target for cyberattacks and will continue to be so.

In the face of increasing cyber threats, it's crucial for governments and organizations to adopt a comprehensive External Threat Landscape Management (ETLM) tool. Such a tool can analyze gathered intelligence and connect it with aspects like infrastructure, digital presence, brand, industry, technology, and geolocation. By integrating diverse capabilities, organizations can develop a prioritized list of actions, essential for crafting an effective response plan.