Silent cyberattacks targeting Indian enterprises: Infopercept Report

Silent cyberattacks targeting Indian enterprises are becoming harder to detect and more damaging in impact, as attackers increasingly exploit identities, APIs and cloud misconfigurations instead of relying on traditional malware.

That is the central finding of a new cybersecurity study released by Infopercept, based on anonymised data from 100 enterprise customers in India using its Invinsense cybersecurity platform. The analysis covers attack activity observed over the past 12 months and maps it against exposure reduction achieved through Continuous Threat Exposure Management, or CTEM.

According to the study, organisations that adopted continuous validation reduced exploitable cyber exposures by an average of 76% within three CTEM cycles, typically completed within a year.

Shift towards low-noise attack techniques

Across sectors such as fintech, banking and financial services, SEBI-regulated entities, healthcare and manufacturing, the data shows a clear shift away from disruptive, high-visibility attacks towards quieter methods that prioritise persistence and data access.

The most frequently observed attack patterns included account takeover through phishing, credential stuffing and business email compromise; API and application logic abuse across payment, trading and partner ecosystems; and data-first ransomware, where attackers quietly exfiltrate information before triggering operational disruption.

Fintech and BFSI organisations were particularly exposed to identity-driven fraud and API misuse. Healthcare organisations experienced a rise in ransomware incidents and breaches linked to third-party vendors. Manufacturing firms, especially those with operational technology environments, were targeted through remote access weaknesses and flat IT–OT network structures.

Known weaknesses, not zero-days

The study notes that most incidents did not depend on zero-day vulnerabilities. Instead, attackers focused on known but unvalidated exposure gaps that had remained unaddressed over time.

These included over-privileged or dormant user and service accounts; misconfigured cloud storage and access keys; API logic flaws and undocumented endpoints; and lateral movement paths spanning enterprise IT and operational technology environments.

Across industries, identity misuse, API exposure and internal pivot paths emerged as the most significant contributors to cyber risk.

Measured gains from continuous validation

Enterprises that systematically identified and validated these exposure points reported measurable improvements in security outcomes.

The study recorded a 73% to 81% reduction in exploitable exposures across sectors. Fintech environments saw up to a 90% drop in fraud attempts after payment API attack paths were addressed. Healthcare organisations reported no PHI breaches after remediating vendor access, while manufacturing firms experienced zero downtime ransomware incidents once IT–OT pivot paths were eliminated.

The report observes that the second CTEM cycle delivered the most significant reduction in exposure, while the third cycle helped organisations narrow their focus to business-critical risks.

Risk needs measurement, not assumption

Commenting on the findings, Jaydeep Ruparelia, Founder and CEO, Infopercept, said the data highlights a shift in how cyber risk should be assessed and managed.

“What this data shows is that cyber risk is less about the number of tools deployed and more about how well exposures are validated,” he said. “By combining offensive security testing with real-time detection and response on a single platform, organisations can measure risk reduction in practical terms.”

He added that continuous validation allows enterprises to predict risk reduction rather than discovering weaknesses after an incident has already occurred.

Implications for enterprise security strategy

The study points to broader changes in enterprise security priorities. Identity has overtaken networks as the primary attack surface. Data theft now carries greater financial and regulatory consequences than downtime. APIs and cloud configurations remain under-monitored despite growing business dependence.

According to the report, organisations that integrate detection, response and exposure management are better positioned to move from reactive security operations towards predictable, board-visible cyber risk reduction.