In 2024, India has emerged as a significant hub of cyber intrusions, surpassing the combined attacks in the United States, Russia, Ukraine, and Germany. The country accounted for a staggering 12 percent of all hacking incidents in the Asia-Pacific region, highlighting the pressing threat landscape. Data from the High-Tech Crime Trends report published by Group-IB, a prominent cybersecurity firm, indicates that these breaches include a notable rise in phishing attacks, data leaks, and dark web criminal activities, making India one of the top ten countries affected by these cyber threats.
The increased incidence of security breaches in India is partly attributed to heightened regional tensions with neighboring countries. Pro-Palestinian hacktivist groups have targeted India, driven by the nation’s diplomatic relations, particularly its strengthening ties with Israel. This geopolitical backdrop has created a fertile ground for cybercriminals looking to exploit vulnerabilities.
The security landscape has worsened with the integration of artificial intelligence (AI) into cybercrime tactics. While AI tools are leveraged by cybersecurity professionals to detect and mitigate threats, they also empower attackers with sophisticated methods for data theft, cyber espionage, and corporate network breaches. Dmitry Volkov, CEO of Group-IB, noted a disturbing trend, observing a 10 percent increase in ransomware attacks over the past year, particularly targeting the manufacturing, real estate, and professional services sectors. The evolution of technology has rendered advanced persistent threats increasingly elusive, complicating defenses.
The report reveals that globally, over a thousand new instances of data breaches were documented in 2024, resulting in the exposure of more than 6.4 billion user data strings. The most significantly impacted nations included the United States, Russia, and India, underscoring the widespread nature of these vulnerabilities. Ruchin Kumar, Vice President for the South Asian region at FutureX, emphasized the severity of events where user identities are compromised, noting that AI exacerbates the problem, equipping attackers with enhanced capabilities.
One notable incident occurred in September 2024 when Transport for London (TfL) experienced a cyberattack that disrupted its digital services. While core transportation operations remained functional, the breach led to the exposure of bank details for approximately 5,000 customers, with financial repercussions exceeding 30 million euros.
In response to the rising threat of data breaches, Kumar advocates for robust encryption practices. Encrypting data transforms readable information into an unreadable format, securing it against unauthorized access. He stresses the importance of regularly rotating encryption keys to bolster security and recommends that decryption keys be confined to the owners of critical data to prevent unauthorized access.
Given the nature of these breaches, several tactics from the MITRE ATT&CK framework may have been employed by attackers. Initial access techniques, such as phishing or exploiting software vulnerabilities, likely facilitated the entry point into targeted environments. Once inside, adversaries may have utilized persistence and privilege escalation tactics to maintain their foothold and escalate their access within networks.
As cyber threats evolve and become increasingly severe, business owners must prioritize cybersecurity measures and remain vigilant in their defenses. The intersection of geopolitical factors, advancing technology, and emerging threats necessitates a proactive and informed approach to safeguarding sensitive data and corporate networks.
