India suffered over 369 million cyber-attacks across 8.44 million endpoints at 702 cyber threats per minute. These include a mix of malware, ransomware, and advanced persistent threats (APTs), with Trojans (43%) and infectors (34%) dominating attack vectors.
A report by the Data Security Council of India highlights emerging cyber threats. The report details a significant rise in behaviour-based malware detection, which accounts for 14.56% of total detections and signals both the complexity of modern threats and advancements in detection capabilities.
Major IT hubs and Tier-2 cities have emerged as major hotspots:
- Telangana (15.03%), Tamil Nadu (11.97%), and Delhi (11.79%) recorded the highest malware detection among states.
- Cities like Surat, with the highest detection rate of 69.93 detections per endpoint, along with Bengaluru and Jaipur, face intensified cyber risks.
- Together, Bengaluru and Hyderabad account for 23.48% of the total detections.
The report highlights an alarming shift: Tier-2 cities are increasingly targeted, likely due to their growing economic importance and potentially weaker cybersecurity defences.
In 2024, the health sector was the most targeted industry, accounting for 21.82% of all cyberattacks, largely due to the high value of medical data. The hospitality sector followed closely at 19.57%, along with the BFSI sector (Banking, Financial Services, and Insurance). This pattern reflects attackers’ focus on industries that handle sensitive personal and financial information.
Recently, over 7.24 TB of Star Health data, including medical records, tax documents, and personal identification information, was leaked on Telegram. Similarly, on the financial front, WazirX, an Indian cryptocurrency exchange, was hacked, and $230 million was stolen.
Furthermore, a ransomware attack on C-Edge Technologies resulted in service disruptions in over 300 small and medium Indian banks. In December 2024, Signzy, a Bengaluru-based fintech firm, was breached. In November, another Indian financial company, OneCard, suffered an alleged data breach.
In June, 278 GB of BSNL data was exposed on the dark web. A month later, the Indian government confirmed the breach and formed an investigation committee.
Cloud environments such as Google Drive, Dropbox, OneDrive, GitHub, and Microsoft Teams, among others, are also under siege. As organisations accelerate cloud adoption amid digital transformation, they contribute to 62% of malware detections. Misconfigured APIs and insecure cloud setups have become prime targets for exploitation.
The report outlines several emerging and ongoing threats that define 2024:
- AI-powered attacks: Cybercriminals use generative AI to create sophisticated phishing campaigns and adaptive malware.
- Ransomware evolution: While over one million ransomware detections were reported, their frequency has declined compared to 2023, indicating improved organisational resilience. However, notable ransomware families like RansomHub and LockBit 3.0 remain active.
- Hacktivism: Groups such as Anon Black Flag Indonesian and Anonymous Bangladesh conducted politically motivated cyberattacks, reflecting heightened geopolitical tensions.
Cyber security experts have advised organisations to adopt advanced technologies, strengthen cloud security, focus on cyber hygiene, and foster industry collaboration to counter the growing cyber threat in the country.
In the News: Over 650 GB SRP Federal Credit Union data breached by Nitrogen ransomware