CYFIRMA, a leading external threat landscape management platform, has recently unveiled its India Threat Landscape report for 2023. This comprehensive report sheds light on the evolving threat landscape in India and offers strategic insights to combat these threats effectively.
India is the most targeted country with 13.7% of all cyber attacks directed at it1
● US, Indonesia and China are next 3 most targeted countries by threat actors
● Govt agencies across nations emerge as the topmost target with 95% of the cyber attacks aimed at them
● State sponsored cyber attacks increased by 100% on India in 2022
● Healthcare sector most targeted in India followed by education, research, govt and military sectors
● Cyfirma research shows 39 active campaigns against India in 2023 coming from state sponsored threat actors from China, North Korea, Pakistan, Russia
● Threat actors actively targeting India include FancyBear, Mission 2025 (China), TA505 (Russia), Transparent Tribe (Pakistan) Turla Group, Stone Panda and Lazarus Group (North Korea)
According to the report, India has emerged as the primary target for cyberattacks, accounting for a staggering 13.7% of all global attacks. Following closely behind are the United States (9.6%), Indonesia (9.3%), and China (4.5%). The report highlights a significant surge in cyberattacks on government agencies in India, with a staggering 95% increase in the second half of 2022 compared to the same period in 2021. Notably, state-sponsored cyberattacks in India have witnessed a more than 100% increase in 2022 compared to the previous year.
The report also identifies the sectors most vulnerable to cyber threats, with healthcare taking the top spot, followed by education, research, government, and military. On average, Indian organizations experienced a startling 1,866 cyberattacks per week in 2022.
The predominant types of cyberattacks in India include phishing attacks, malware attacks, and ransomware attacks. Shockingly, 78% of Indian organizations fell victim to ransomware attacks in 2021, and 80% of these attacks resulted in data encryption.
Kumar Ritesh, CEO & Founder of CYFIRMA, commented on the findings, stating, “It is not surprising that India is the primary target for threat actors globally. India’s increasing global prominence, coupled with a youthful and tech-savvy population but relatively low cybersecurity maturity, have made it an attractive target for hackers looking to breach critical assets and government agencies. While sectors like BFSI, healthcare, and software companies have invested significantly in enhancing their cybersecurity posture, there is an urgent need to understand the external threat landscape. Without knowing who the adversaries are, billions spent on cybersecurity may not yield the expected results.”
The geopolitical significance of India has never been higher, making it a magnet for threat actors worldwide. A concerning trend revealed in the report is the collaboration between North Korean threat actors and their counterparts in China and Russia, with North Korea offering hacker-as-a-service (HaaS) for financial gain.
In the first half of 2023, CYFIRMA’s external threat landscape monitoring and analysis identified 39 campaigns targeting various Indian industries. Suspected groups like FancyBear, TA505, Mission 2025, Stone Panda, and Lazarus Group were behind these campaigns. Among these, 14 were attributed to Chinese state-sponsored groups with espionage intentions, 11 to North Korean hackers as part of HaaS, and 10 to Russian threat actors, with only four being state-sponsored.
Key trends and attack methods employed by threat actors include:
- Ransomware: Ransomware operators are adopting increasingly sophisticated techniques to coerce victims into paying ransoms. Their approach includes infiltrating networks, exfiltrating and encrypting data, demanding ransoms, and even “name and shame” tactics, leaving behind traces for future attacks.
- Crimeware-as-a-Service (CaaS): CaaS threats encompass SMS spoofing, phishing kits, custom spyware, hacker-for-hire services, and exploit kits.
- Carpet Bombing of SMEs: Small and medium-sized enterprises (SMEs) are not spared from cyberattacks, with businesses of all sizes being targeted.
- Supply Chain Disruption: The software supply chain remains a prime target for cyberattacks.
Given the escalating threat landscape, it is imperative for governments and organizations to adopt comprehensive External Threat Landscape Management (ETLM) tools. These tools provide the capability to gather intelligence and correlate it with infrastructure, digital footprint, brand, industry, technology, and geolocation data. Such integration yields a prioritized list of actions to develop effective response plans.
About CYFIRMA:
CYFIRMA is a leading external threat landscape management platform company. It leverages cyber intelligence, attack surface discovery, and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. CYFIRMA’s cloud-based AI and ML-powered analytics platforms offer a hacker’s perspective on the external cyber landscape, aiding clients in preparing for impending cyberattacks. Headquartered in Singapore, CYFIRMA has offices in Japan, India, the US, and the EU, serving both government entities and Fortune 500 companies across various industries, including manufacturing, financial services, retail, industrial products, natural resources, and pharmaceuticals.