Exploring the Landscape of 6 Cybersecurity Attacks You Must Be Aware of in India

blog image

Technology has made some great advancements in India over the past few years but as we progress in the digital world, we need to be alert of the potential threats that come with it.

In this blog, we will highlight the types of cybersecurity attacks in India.

With India’s accelerating pivot towards digitalisation, online transactions—both data and currency are surging exponentially. This rapid transition presents lucrative opportunities for cybercriminals to exploit system vulnerabilities. Hence, addressing the threat of cybersecurity attacks in India has become of great importance.

The Growing Threat Landscape in India

The cybersecurity attacks in India have increased rapidly in the past years and they continue to increase in numbers as time goes on. Here are some statistics that show the same :-

In India, around 49,000 cyber crimes were reported in 2015. The first big spike was in 2018 when it surpassed the 2-lakh mark. The number of cyber crimes has grown 28 times and crossed the 14-lakh mark as of 2021. (Hindu Business Online)

Data from cybersecurity firm CheckPoint Research showed that weekly attacks increased by 18% in India during the first three months of 2023 as compared to the first three months of last year.

Phishing attacks have increased by 62 per cent over the last year, according to the Securonix 2023 Threat Report.

There are some cybersecurity attacks in India, whose effect left a big impact on the sectors they happened in. Here are some examples:-

Data Breach (2016) : 3.2 million debit cards were compromised due to a data breach. SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the banks hit (Economic times).

Reliance Jio (2017) :  Personal details of more than 100 million Jio users was leaked on an independent website magicapk.com (The hacker news).

Wipro (2019) : Wipro was hit by an advanced phishing attack that affected some employee accounts and also customers of the company (Times of India).

Common Types of Cybersecurity Attacks in India

Phishing Attacks :
Phishing-AttacksPhishing is one of the sophisticated types of cybersecurity attacks in India. It is a form of social engineering that preys on human psychology. It’s a deceptive tactic used to trick individuals into divulging sensitive information, often to malicious actors. In India, some prevalent examples of phishing attacks include:

  1. Credit Card Phishing Scams
  2. Banking Phishing Scams
  3. Fake Government Schemes Website
  4. Documents Cloud Phishing Scams
  5. Fake Jobs Scams

Phishing attacks can expose individuals’ data which can be dangerous if they land in the hands of someone with malicious intent. Both companies and individuals stand to suffer significant financial losses, emphasising the importance of awareness and vigilance against such threats.

Ransomware AttacksRansomware-Attacks

Ransomware is a form of cybercrime which involves encrypting data and threatening to publish it or block access to it completely, unless a ransom is paid. This is one of the types of cybersecurity attacks in India that has caused significant damage in the past.

Wannacry (2017) : The Wannacry ransomware attack affected more than 200,000 computers in over 150 countries (Cloudfare). Computers in India were also affected, with Gujarat and West Bengal among the affected states.

NotPetya attack (2017) : The NotPetya was a global attack that also affected India as it hit the Jawaharlal Nehru Port Trust (JNPT) in Mumbai (Deccan Chronicle).

Distributed Denial of Service (DDoS) Attacks

Distributed-Denial-of-Service-DDoS-Attacks

DDoS, or Distributed Denial of Service attacks, are a cybercrime where a targeted server is overwhelmed by a deluge of internet traffic, effectively rendering its services inaccessible to legitimate users.

In a notable instance from 2018, a hacker group named Anonymous Sudan carried out a DDoS attack on Indian airports which involved Layer 3-4 and Layer 7 DDoS attacks (CISO from economic times).

The ramifications of such attacks on businesses can be profound. As the disruption occurs, the services are compromised and there’s an erosion of user trust, as they question the reliability of the affected company. It also may take some time and resources to get the website back to normal.

Data Breaches

Data-Breaches

A data breach is a cybercrime in which an unauthorised individual gains access to sensitive information with the intention of stealing money or identity theft. This type of interference can prove to be fatal as in today’s age, data is of great importance. Here are some of the big incidents of data breach :-

The World Economic Forum’s (WEF’s) Global Risks Report 2019, says, “The largest (data breach) was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens”.

According to Hackeread.com, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace (Economic Times).

According to a detailed report by Cyble, a hacker group named ShinyHunters allegedly released data of 20 million Big Basket users for free on a hacker forum (OP India).

In this digital age, where data is considered as the ‘new oil’, ensuring the privacy of data becomes our top priority. If a particular piece of data lands in the wrong hands, there can be drastic consequences. Data breaches are among the most common types of cybersecurity attacks in India and they pose a serious threat to individuals and businesses alike.

Insider Threats

Insider-ThreatsInsider threat is a security threat that happens from within the organisation like an employee, ex-employee, vendor, partner, etc. It can prove to be dangerous the attacker can have vital information about the company. This is one of the types of cybersecurity attacks in India that can cause serious damage to the reputation and finances of an organisation.

Here are some strategies for mitigating insider threats through employee training and monitoring:-

Background check : Conducting detailed background checks before letting someone join a position which involves handling sensitive data.

Whistle-blower Policies : Making whistle-blower policies in such a way that employees feel safe reporting suspicious activities to the authorities.

Training : Training employees to educate them about the importance of data security and the risk of a data leak.

IoT-Based Attacks

IoT-Based-AttacksInternet of Things (IoT) includes several interconnected smart devices, from home devices to industry devices. In an IoT-based attack, the attacker can many options as the number of entry points are increased.

There has been a 311% increase in IoT based attacks according to the 2023 Mid-Year Cyber Threat Report by SonicWall.

According to the cybersecurity firm Subex., the country saw a 22% jump in the total number of attacks in the IoT segment during the quarter from April to June.

All this points towards having a secure IoT infrastructure, we con do so by changing default passwords, regular updates, employee training, etc.

Factors Contributing to Cybersecurity Vulnerabilities

One of the biggest causes of cybersecurity attacks is lack of knowledge and awareness by the people, as it becomes easy for cybercriminals to use phishing and manipulate individuals. They can also fall into a trap while using certain websites. As technology advances rapidly, it becomes hard to catch-up to it, leaving many individuals without the knowledge of the new advancements. This makes them vulnerable to different types of cybersecurity attacks in India.

The lack of sufficient cybersecurity measures and practices like outdated systems, poor passwords, unsecured IoT devices, etc are huge factors that contribute to cybersecurity vulnerabilities. These factors can be exploited by cybercriminals who use various types of cybersecurity attacks in India, such as ransomware, DDoS, data breaches, etc. to harm individuals and organisations.

The policies and regulations are made to protect organisations from cyberattacks but in some organisations they are sometimes vague since there are no stringent penalties which force them to prioritise cybersecurity. Also, different countries have different policies which highlight the inconsistencies in policies and regulations. This creates a gap between the legal and ethical aspects of cybersecurity and makes it difficult to prevent or prosecute different types of cybersecurity attacks in India.

Protecting Against Cybersecurity Threats

Protecting-Against-Cybersecurity-ThreatsIn this digital age, where a small error can cause a huge problem, it becomes essential to adopt cybersecurity best practices. It can help build a strong defence against the cyber-threats which have the potential to put a financial or reputational dent on the company. Individuals and organisations can strengthen their defences by updating their systems and devices regularly, giving regular training to employees, having strong passwords, etc. They should also be aware of the types of cybersecurity attacks in India and how to prevent or mitigate them.

However, merely setting up defences isn’t enough. Emphasising continuous monitoring and response planning is equally vital. Organisations should deploy advanced threat detection tools that continuously monitor network traffic and system activity for any anomalies or suspicious patterns.

Conclusion

Cyber awareness must be coupled with action. We must be educated on the types of cybersecurity attacks in India and also know how to respond to them effectively.

We, at CCoE, are doing our bit by providing guidance, setting standards and facilitating collaboration among various stakeholders.  By driving research, promoting best practices, and ensuring that cybersecurity measures are both current and effective, we are committed to shaping India’s response to cyber threats.

We need to collectively stand-up against these cyber-threats to strengthen our nation’s cybersecurity posture. Every individual and organisation should stay informed about the new technologies, they should be aware of the possible threats and adopt new measures to support and strengthen the nation’s cybersecurity.