- India is the most targeted country with 13.7% of all cyber attacks directed at it
- US, Indonesia and China are next 3 most targeted countries by threat actors
- Govt agencies across nations emerge as the topmost target with 95% of the cyber attacks aimed at them
- State sponsored cyber attacks increased by 100% on India in 2022
- Healthcare sector most targeted in India followed by education, research, govt and military sectors
- Cyfirma research shows 39 active campaigns against India in 2023 coming from state sponsored threat actors from China, North Korea, Pakistan, Russia
- Threat actors actively targeting India include FancyBear, Mission 2025 (China), TA505 (Russia), Transparent Tribe (Pakistan) Turla Group, Stone Panda and Lazarus Group (North Korea)
CYFIRMA, an external threat landscape management platform, has released India Threat Landscape report 2023 focusing on threats targeting India and strategies to counter them.
According to the report, India is the most targeted country, with 13.7% of all attacks followed by the US with 9.6%, Indonesia and China with 9.3% and 4.5% respectively. The number of cyberattacks on government agencies has increased significantly year-on-year. In the second half of 2022, there were 95% more cyberattacks on government agencies than in the same period in 2021. The number of state-sponsored cyber attacks in India increased by more than 100% in 2022 compared to 2021. India was the most targeted country in 2022 as attacks on government agencies more than doubled.
Healthcare is the most targeted sector by hackers followed by education, research, government and military sectors. The data from the report shows that an organization in India was attacked 1,866 times per week on average in 2022.
The most common types of cyber attacks in India are /phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.
Kumar Ritesh, CEO & Founder, Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence at the world stage and push from Western economies to favour India over other large countries, a young and tech savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don’t know who to defend against, billions spent in cybersec will not yield expected results.”
India’s geo-political importance has never been greater than it is today. This has given way to threat actors uniting against India. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed with the former offering itself as hacker as a service (HaaS) for financial gains.
Between Jan to July 2023, as part of the external threat landscape monitoring and analysis, CYFIRMA observed 39 campaigns targeting various industries in India. Known groups like FancyBear, TA505, Mission 2025, Stone Panda and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by China State sponsored groups with an intent of espionage. 11 of these campaigns were planned by North Korea backed hackers as part of HaaS. While 10 attacks originated from Russian threat actors, of which only 4 were state sponsored.
Key trends and attack methods being used by threat actors:
Ransomware: Ransomware operators are continuously improving their techniques with an intent to intimidate and force victims to pay the ransom. At present, ransomware operators are suspected to follow a 4-layer approach of targeting organizations which includes:
1.Infiltrate into the target organization’s network.
2.Exfiltrate and encrypt data.
3.Demand ransom and “Name & Shame”.
4.Leave behind footprints in the targeted organizations to come back and attack again.
Crimeware- as-a service: CaaS threats include SMS spoofing, phishing kit,custom spyware, hackers for hire, exploit kit.
Carpet Bombing of SMEs: SMEs are not spared by cyberwar, businesses of all sizes are targeted.
Supply Chain disruption: Software supply chain will continue to be targeted
With the rising attacks, it is critical for the govts and Organizations to engage a comprehensive ETLM tool, which can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation. Because when you unify different capabilities, you get a prioritized list of actions to prepare an effective response plan.