Experts at Positive Technologies, a leader in result-driven cybersecurity, found[1] that in India, 80% of all cyberattacks targeted organizations, with 36% aimed at the public sector and 13% at the industrial sector. The company’s report also highlighted an increase in the number of cyberattacks targeting companies in the service, healthcare, and IT sectors. The study of India’s cyberthreat landscape was presented at the Positive Hack Talks meetup in Bengaluru.
With the surge in digitalization and booming investments in IT and AI, India’s information infrastructure has become a prime target for cybercriminals. The study highlighted that cyberattacks in the country rose by 15% in 2023 compared to the previous year. In Q2 2024, this number soared by 46% compared to the same period last year, higher than the 30% growth seen globally.In most cases (70%), attacks on organizations led to the theft of confidential data, with 40% being personal information and 20% trade secrets. For individuals, the situation was similar: 62% of successful incidents resulted in data leaks. Hackers most often accessed personal data and communications (24%), as well as payment information (19%).
Cybercriminals primarily targeted crucial sectors like government and industry, aiming to steal vast amounts of confidential information. In attacks on government organizations, malware (37%) and social engineering were the most common tools (33%), often used together by cybercriminals as a brutally effective combination. Over half (56%) of cyberattacks on the public sector were carried out by APT groups. In attacks on manufacturing companies, social engineering was the most common method (40%), followed by malware (30%). This aligns with Positive Technologies analysis of attack targets: in 45% of cases, the victims were people, while in another 36% of cases, attackers targeted computers, servers, and network equipment.
Darya Lavrova, Analyst at Positive Technologies, commented on the research results: “In addition to targeting other sectors, attackers frequently went after organizations in the service, IT, and healthcare industries, with each accounting for 9% of incidents. This trend is specific to India, which is undergoing rapid digital transformation. Notably, cybercriminals rarely used social engineering tactics against IT firms. Instead, in every second incident we studied, they preferred to compromise accounts in order to use the hacked infrastructure as a springboard for further attacks. Two additional trends were unique to India: attackers often attacked cloud solutions and targeted small and medium-sized IT companies that lacked the resources to invest in cybersecurity (43% of cases).”
Just like everywhere else, malware continues to be a major threat to organizations in India. In 2024, the share of incidents involving malware in the country increased by 11%, while the use of ransomware rose by 22%. According to Positive Technologies experts, ransomware was used in 33% of malware attacks on companies, although spyware was the most popular tool, used in 38% of cases. Most often, malware was spread through phishing emails (64%).
Given the specific cyberthreats in India, Positive Technologies experts recommend that organizations adopt result-driven cybersecurity, an approach focused on training highly skilled cybersecurity professionals. Hands-on programs that take into account the modern threat landscape and facilitate experience sharing with other countries will help achieve this. Positive Technologies, with support from the Russian Ministry of Digital Development, launched Positive Hack Camp—a free international training program focused on practical cybersecurity for global professionals. Kicked off in August 2024, the popular program will be held annually, with the first session having brought together around 70 students from 20 countries.