Cyberattacks concentrating on India-based organizations proceed to double year-over-year, a price far greater than the worldwide common, highlighting the quickly rising threat going through firms and authorities businesses in South Asia.
General, organizations in India encountered practically 1.2 billion assaults within the third quarter of 2024, up from about 600 million in the identical quarter in 2023, in line with a quarterly report revealed by Indusface, a managed utility safety supplier. Some 377 million denial-of-service (DoS) occasions and 215 million bot-based requests focused API providers and Internet servers using the agency’s Internet utility and API safety (WAAP) service.
Whereas attackers usually have used denial-of-service (DoS) assaults powered by bots in opposition to companies, they’re evolving, Ashish Tandon, founder and CEO of Indusface, stated in a press release to Darkish Studying.
Attackers are actually focusing “on exploiting web sites and APIs utilizing various assault vectors,” he stated. “The rise of huge language fashions (LLMs) has considerably lowered the barrier for executing vulnerability assaults, as mirrored in our information, which exhibits triple-digit development in such incidents.”
The third-largest economic system in Asia, India noticed 5.4% development total within the third quarter, which is driving attackers to extra typically goal Indian organizations — 44% of companies have suffered an information breach costing at the very least $500,000 previously three years, PricewaterhouseCoopers (PwC) stated in its “2025 Global Digital Trust Insights” (India edition). The assaults have resulted in Indian executives prioritizing cybersecurity over different dangers, with 61% designating it one among their high three priorities.
“High cyber-risks, together with cloud-related threats, assaults on linked merchandise, social engineering and software program provide chain compromises, are areas the place safety executives really feel notably underprepared,” PwC India said within the report.
Cyberattacks in India Accelerating
Within the second quarter of 2024, cyberattacks doubled each globally and in opposition to India-based organizations, rising 105% and 115%, respectively, Indusface said. Whereas the variety of cyberattacks continued to balloon within the third quarter, the growth decelerated globally, rising solely 26% within the third quarter of 2024, in contrast with a yr earlier.
In India, nevertheless, assaults continued to skyrocket, leaping 92% in comparison with the identical quarter the earlier yr, the company stated in its “State of Application Security” report for Q3 2024. In August, the Reserve Bank of India (RBI) issued a warning to firms that their growing use of digitization comes with elevated dangers.
“Whereas the DDoS assaults in India [were] just like the final yr, there was an enormous development within the bot and vulnerability assaults in India,” the corporate said, including that assaults usually have been on the rise due to attackers’ use of AI instruments.
“An enormous a part of [the increase] could possibly be due to the widespread use of LLM tools such as ChatGPT, which allow novice hackers to simply discover and deploy scripts that would exploit open vulnerabilities,” the corporate stated. “This accessibility has lowered the barrier to entry for cybercriminals, leading to an unprecedented rise in vulnerability exploitation.”
Cyber-Dangers Heightened for Banks, Utilities
Cyberattackers have tended to focus on particular industries in India, with the banking, monetary providers, and insurance coverage industries collectively seeing twice as many assaults in contrast with the worldwide common, whereas energy and vitality noticed 4 instances as many assaults per web site, Indusface said in its report.
“We consider that these industries are focused for geopolitical causes, as this can result in disruption in all important providers,” says Phani Deepak Akella, vice chairman of selling for Indusface. He provides, “Final yr, we noticed extra DDoS assaults, however this yr we’re seeing extra development in assaults concentrating on vulnerabilities. This could possibly be due to LLM adoption, the place hackers can prepare made scripts to use vulnerabilities similar to SQL injection, for instance.”
Corporations in India endure from lots of the identical points as companies worldwide, particularly round managing vulnerabilities of their assault floor space. Solely 19% of firms use an automatic scanner to handle their API safety, with 45% utilizing guide penetration testing and greater than a 3rd (36%) not testing their APIs, in line with Indusface.
As well as, firms are gradual to patch vulnerabilities within the software program used to serve APIs, with greater than 30% of vital and high-severity CVSS vulnerabilities remaining unpatched greater than six months after discovery. Some 5 million assaults focused the weak API providers, the agency famous.
Safety misconfiguration and identification and authentication failures have been the highest lessons of vulnerabilities found in manufacturing API servers, in line with the agency’s report. Internet purposes usually had blind SQL injection, server-side request forgery, and HTML injection points.
Source link