Friday, January 17, 2025

Cyberattacks on Indian Organizations Surge, Doubling Year-Over-Year

Cyberattacks against Indian organizations are accelerating at an alarming pace, doubling year-over-year and outpacing the global average. In the third quarter of 2024, Indian entities faced nearly 1.2 billion attacks, a stark increase from the 600 million incidents recorded in the same quarter of 2023. This dramatic rise reflects the heightened vulnerability of businesses and government agencies across South Asia.

A Surge in Numbers: The Alarming Statistics

According to Indusface’s Q3 2024 report, Indian organizations encountered:

  • 377 million denial-of-service (DoS) events
  • 215 million bot-based requests targeting APIs and web servers

This deluge of attacks showcases a shift in strategy, with attackers evolving beyond traditional DoS tactics. The firm’s Web Application and API Protection (WAAP) service data reveals that cybercriminals increasingly exploit websites and APIs using more sophisticated attack vectors.

Ashish Tandon, founder and CEO of Indusface, highlighted the role of technological advancements in fueling these attacks. “The rise of large language models (LLMs) has significantly lowered the barrier for executing vulnerability attacks, as reflected in our data, which shows triple-digit growth in such incidents,” Tandon said.

cybersecurity-in-india

Why India? The Economic and Digital Context

India, Asia’s third-largest economy, has seen robust economic growth, recording a 5.4% increase in Q3 2024. This economic expansion, coupled with the rapid digitization of businesses, has made India an attractive target for cybercriminals. PricewaterhouseCoopers (PwC) reported that 44% of Indian businesses have suffered data breaches costing at least $500,000 in the past three years.

A survey from PwC also highlighted the urgency of cybersecurity among Indian executives:

  • 61% listed cybersecurity as a top-three priority.
  • The greatest concerns included cloud-related threats, attacks on connected products, social engineering, and software supply chain compromises.

Attack Trends and the Role of AI

While cyberattacks globally rose by 26% in Q3 2024 compared to the previous year, India saw a staggering 92% increase. This divergence points to attackers’ strategic focus on exploiting vulnerabilities in Indian systems.

Interestingly, artificial intelligence tools like ChatGPT have played a significant role in this surge. These tools make it easier for novice hackers to develop scripts and exploit vulnerabilities, driving an “unprecedented rise in vulnerability exploitation,” according to Indusface.

One standout trend in India was the growth of bot and vulnerability-based attacks, even as DDoS attack volumes remained consistent year-over-year. The Reserve Bank of India has warned businesses about the inherent risks accompanying increased digitization, urging them to adopt robust security measures.

Targeted Industries: Financial Services and Energy in the Crosshairs

Some industries have borne the brunt of these attacks more than others. Banking, financial services, and insurance (BFSI) organizations in India faced twice as many attacks as the global average, while power and energy sectors were hit with attacks at four times the global average rate per website.

Indusface’s Vice President of Marketing, Phani Deepak Akella, attributed this trend to geopolitical motives. “We believe that these industries are targeted for geopolitical reasons, as this will lead to disruption in all essential services,” he noted.

The rise in SQL injection attacks and the use of LLMs for crafting scripts further underscores the growing sophistication of these threats. Vulnerability exploitation is quickly replacing DDoS as the primary method of attack.

Challenges in Managing API and Software Security

Indian companies face numerous challenges in securing their digital assets, particularly APIs and production servers. Indusface’s findings revealed startling gaps:

  • Only 19% of companies use automated scanning tools for API security.
  • 45% rely on manual penetration testing, while 36% skip API testing altogether.

Moreover, the delay in patching critical vulnerabilities remains a pressing issue:

  • Over 30% of high-severity CVSS vulnerabilities remain unpatched six months after discovery.

As a result, API services are frequent targets, with more than 5 million attacks exploiting these vulnerabilities in Q3 2024 alone. Common flaws include:

  • Blind SQL injection
  • Server-side request forgery (SSRF)
  • HTML injection

What Lies Ahead for Indian Cybersecurity?

The escalating volume and complexity of cyberattacks present significant challenges for Indian organizations. Vulnerabilities such as security misconfigurations and authentication failures continue to expose businesses to risk. Without swift action and significant investment in cybersecurity infrastructure, the risk of catastrophic breaches will only increase.

For now, the combination of economic growth, widespread digitization, and emerging technologies like AI creates a perfect storm of challenges and opportunities. Indian companies must prioritize proactive security measures to stay ahead in this ongoing battle against cybercrime.

Santosh Smith
Santosh Smith
Santosh is a skilled sports content writer and journalist with a passion for athletics. With expertise in various sports such as football, basketball, and soccer, he provides his readers with accurate, compelling, and tailored content. His knowledge and research skills make him an expert in providing in-depth analysis and valuable insights on the latest sports news and events.

LEAVE A REPLY

Please enter your comment!
Please enter your name here