The digital battleground is heating up as new reports indicate a significant rise in cyberattacks against Indian infrastructure. According to findings by Positive Technologies, Distributed Denial of Service (DDoS) attacks on Indian infrastructure surged by a staggering 50% since the start of 2024. The rapid advancement of India's digital economy, now the third largest globally, has made the nation more susceptible to cyber threats.
Positive Technologies, known for their insightful cybersecurity analyses, has released findings from their latest study focusing on dark web platforms and cybercrime services. Their research revealed alarming trends, particularly highlighting the frequency and targets of these cyberattacks. The Indian Space Research Organization (ISRO) reportedly faces over 100 hacking attempts each day, illustrating just how relentless these threats are.
Despite the significant strides India has made toward technological advancement, this rapid digital growth has inadvertently attracted nefarious actors. The study identified databases and access to key infrastructure as primary targets for cybercriminals. Notably, 85% of DDoS attacks are directed toward the financial sector, with the remaining 15% targeting government agencies.
The situation is particularly dire due to the proliferation of dark web ads concerning leaked and stolen databases. Positive Technologies noted India ranks among the top three countries for these types of dark web advertisements. “Database-related ads account for 42% of all posts on dark web platforms,” the study revealed. Of those, more than half are distributed for free, often due to activities related to hacktivists and ransomware groups.
Perhaps most concerning is the nature of the data being targeted. The study found 61% of stolen data consists of personally identifiable information concerning both customers and employees. A glaring example of this risk occurred when hackers breached the systems of a major Indian electronics manufacturer, leading to the theft of approximately 7.5 million customer records.
When examining the means through which these attacks are successfully carried out, ransomware emerged as the primary tool. The analysis indicated it accounted for 23% of successful attacks initiated by hacker groups. “Our investigation of dark web markets indicates only 29% of hacked databases end up being sold. They’re more commonly offered for free,” said Anastasia Chursina, an analyst at Positive Technologies.
Credential theft is another prevalent cybercrime focused on by attackers. The data reveals access credentials constitute 23% of posts within dark web forums. Unlike hacked databases, which mostly circulate without charge, access credentials often appear for sale, enabling entry to the IT infrastructures of various businesses. More than 60% of these credentials are available for under $1,000, though some like Indian bank credentials—with administrative privileges—can command prices upwards of $70,000.
Given these circumstances, cybersecurity experts are urging major corporations and government agencies to bolster their defenses against such threats. Positive Technologies emphasizes the importance of adopting comprehensive protective measures grounded on the principles of result-driven cybersecurity.
To effectively analyze security events, organizations are encouraged to integrate Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions. Tools like the cybersecurity metaproduct MaxPatrol O2 can facilitate vigilant monitoring and threat detection within corporate IT frameworks. The use of next-generation firewalls, web application firewalls, network traffic analysis tools, and vulnerability management systems should also not be overlooked.
Experts assert the integration of SIEM and XDR capabilities significantly enhances threat management by centralizing and analyzing security data from varied sources—allowing for timely responses to breaches. Given the current threat escalations, sandboxes are invaluable for detecting diverse malware types, including ransomware.
The analytical study from Positive Technologies updates the cybersecurity community on dark web messaging related to India over the period between September 1, 2023, and October 1, 2024. They examined 380 Telegram channels and forums, collectively having around 65 million users across approximately 250 million messages, shedding light on the troubling trends of cybercrime in the region.
Unfortunately, this rise of cyber threats against India's digital infrastructure is not contained to DDoS attacks. Reports have surfaced detailing the sharp rise of cyberattacks on the Indian government, indicating they’ve jumped by 138% over the past four years. This uptick reflects the vulnerabilities within governmental systems and the pressing need for improved security measures.
The Indian Computer Emergency Response Team (CERT-In) has been monitoring these incidents closely. They’ve flagged significant threats and vulnerabilities, including high-profile security flaws unrelated to DDoS tactics, such as those affecting popular applications including Tinxy, heightening concerns over governmental cybersecurity.
Reports indicate CERT-In has urged swift upgrades to vulnerable systems, advising users to stay vigilant to avoid exploitation by potential attackers. This call for action reflects the urgency to strengthen cybersecurity across various sectors within the Indian digital space.
This heightened risk is compounded by the emergence of new threat groups, including Z-Pentest, which is reportedly targeting energy system controls. This group's activities serve as a worrying reminder of the potential real-world impact of cybercrime; targeting energy systems carries risks beyond mere data theft, potentially affecting utilities and public safety.
Looking beyond the immediate threats to governmental and corporate entities, the surge of cyberattacks is prompting renewed conversations worldwide about the responsibility of cybersecurity tools and regulations. The European Union’s ENISA (European Union Agency for Cybersecurity) has released insights addressing the need for collective efforts to bolster technological resilience against increasing cyber threats.