As India celebrates its 78th Independence Day this August 15, and revels in the “Make in India” digital age, a dark cloud still looms large and draws attention to the underbelly of this technological boom: the soaring number of cyberattacks targeting this Industry 4.0.
With attacks on Indian websites rising at an alarming 261% in the first quarter of 2024 year-over-year, this uptick contrasts the global increase of 76% during the same time. According to Check Point Research (CPR), organizations worldwide faced an average of 1,636 attacks per week.
‘The Great Indian Cyberthreat Landscape’
Recent data reveals a dramatic increase in the number of cyberattacks targeting Indians and their businesses. India experienced a 46% Y-o-Y increase in cyberattacks as they faced an average of 3,201 attacks per week, the second-highest in the Asia-Pacific only after Taiwan.
Globally, the education and research sectors have been the most targeted, experiencing a 53% increase in attacks compared to the previous year, with an average of 3,341 attacks per organization per week.
Government and military institutions also faced significant threats, with a weekly average of 2,084 attacks. Healthcare was not spared either encountering 1,999 weekly attacks, a 15% increase over previous year.
The spiteful rise in cyberattacks has on the other hand shifted critical focus to cloud security. The 2024 Thales Cloud Security Study revealed that cloud resources are increasingly targeted, with Cloud Storage, SaaS applications, and Cloud Management Infrastructure being areas of focus for cyberattacks in India. Protecting cloud environments has become a top priority for organizations, surpassing other security disciplines.
In India, nearly 37% of organizations have reported experiencing a cloud data breach in recent years, with 14% of these incidents occurring in the last year alone. These breaches are primarily to be blamed on human error and misconfiguration (34%), zero-day exploitation (32%), exploitation of known vulnerabilities (21%), and failure to use Multi-Factor Authentication (11%) – which is one of the most basic requirements of cybersecurity.
Moving from 77th to 78th I-Day: A Look Back at Top 15 Cyberattacks in India
As the stats suggest, India has witnessed an unprecedented surge in the cyber realm. Among the most significant incidents rank high-profile breaches that targeted major corporations, government agencies, and critical infrastructure.
The list of top 15 cyberattacks includes ransomware attacks that disrupted operations and demanded hefty purse values, data breaches exposing sensitive personal and financial information, and advanced persistent threats (APTs) that infiltrated high-value targets.
1. WazirX Crypto Exchange Breach
WazirX, a leading Indian crypto exchange, experienced a data breach in early 2024. The WazirX cyberattack targeted one of the platform’s ‘multisig’ wallets and resulted in the theft of over $230 million. Managed by Liminal’s custody services, the wallet was compromised due to discrepancies between Liminal’s interface and actual transaction data.
Despite having robust security measures, including Gnosis Safe multisig and whitelisting policies, the attackers exploited these vulnerabilities to gain unauthorized control. WazirX has started to recover the stolen funds and halted deposits to resolve the incident.
2. Polycab Ransomware Attack
Polycab India Limited, a major Indian manufacturer of wires and cables, fell victim to a ransomware attack that targeted its IT infrastructure. The attack was disclosed in compliance with SEBI regulations.
Despite the breach, Polycab assured stakeholders that its core systems and manufacturing processes remained unaffected. The company worked with cybersecurity experts and law enforcement to investigate the attack and strengthen its defenses against future incidents.
3. Burger Singh Website Hack
On February 27, Burger Singh’s website was compromised by ‘Team Insane PK,’ a Pakistan-siding hacker group. The attackers not only infiltrated the site but also defaced it with digital graffiti. The breach was triggered by a controversial promo code, ‘FPAK20’. In a unique response, Burger Singh chose to keep the graffiti for a day, humorously referring to it as an “open mic night for hackers.”
4. Motilal Oswal Cyber Incident
Motilal Oswal Financial Services experienced a cyber incident that was claimed by the LockBit group, a cybercrime gang known for extorting victims by stealing and threatening to release data unless a ransom is paid. Despite the attack that involved malicious activity observed on some employees’ computers, Motilal Oswal reported that its operations remained unaffected.
The company addressed and resolved the issue within an hour, stating that it was “business as usual.” The breach, first reported by TechCrunch, did not disrupt the company’s services or IT environment.
5. BSNL Data Breach
Bharat Sanchar Nigam Limited (BSNL) experienced a major data breach, revealing sensitive information of millions of Indian users. The attack, claimed by a hacker known as ‘kiberphant0m,’ compromised over 278 giga bytes of data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card details, Home Location Register (HLR) information, DP Card Data, and snapshots of BSNL’s SOLARIS servers.
The hacker offered the stolen data for $5,000, highlighting its significant value. Despite no service outage, the Union government has formed an inter-ministerial committee to audit telecom networks and enhance security measures to prevent similar breaches in the future.
6. boAt India Data Breach
Indian consumer wearable brand boAt experienced a major data breach, exposing the personal information of over 7.5 million users. The breach, allegedly executed by a hacker under the moniker ‘ShopifyGUY,’ resulted in leak of sensitive data such as, names, addresses, phone numbers, email addresses, and customer IDs.
Approximately 2 gigabytes of this personally identifiable information (PII) was leaked on dark web forums. In response, boAt issued a statement acknowledging the incident and confirmed that a thorough investigation had been launched.
7. SPARSH Data Breach
The SPARSH portal that is developed by Tata Consultancy Services (TCS) for managing pension-related processes for Indian defense personnel, also suffered a significant data breach. The leak exposed sensitive information of thousands of defense personnel, including usernames, passwords, URLs, and pension numbers. The breach, which affected primarily personnel in Kerala, raised serious privacy and security concerns.
The compromised data was reportedly sold on a Russian dark web marketplace and surfaced on Telegram, indicating potential misuse by Russian hacker groups. The leak put several aspects of the pension process in a limbo, including profile management, data verification, application tracking, pension disbursement, and life certificate submission. Following the breach, TCS and the Ministry of Defence faced scrutiny over the portal’s security measures.
8. Hathway ISP Data Breach
Hathway, one of India’s largest ISPs and cable TV operators, suffered a massive data breach after a hacker, known as ‘dawnofdevil,’ claimed to have exploited a vulnerability in Hathway’s Laravel-based content management system. This breach exposed the personal data of over 41.5 million customers, which included names, email addresses, phone numbers, physical addresses, and more.
The leaked data, totaling over 200GB and spread across 789 CSV files, was made available on a breach forum.
9. Telangana Police’s Hawk Eye App Data Breach
On May 31, The Cyber Express reported Telangana police’s Hawk Eye app data breach. The Cyble Research and Intelligence Labs’ AI-driven dark web monitoring sensors recorded that the hacker, known as “Adm1nFr1end,” had exposed sensitive data of 200,000 Telangana citizens, including PII, email addresses, phone numbers, and location details.
The Telangana Police credited the report for providing crucial leads, which resulted in Kumar’s arrest on June 9, 2024. The Cyber Security Bureau (TGCSB) utilized advanced investigative tools to identify and apprehend Kumar, who had attempted to sell the stolen data on BreachForums for $150.
10. Tamil Nadu’s Facial Recognition Portal Data Breach
Tamil Nadu police’s Facial Recognition Software (FRS) portal was breached by hackers using a Teams password and ID. Launched in October 2021, the FRS portal contains over 6 million records, including photos, names, FIR numbers, and police details, and is used by more than 46,000 department personnel across the state.
The breach was reported by an individual identified as Valerie, who demonstrated access to a sample face recognition report. The hacker used a sub-inspector’s credentials, which provided limited access, such as verifying involvement in cases. The portal’s data was not directly compromised as it interfaces with the Crime and Criminal Tracking Network & Systems (CCTNS) for verification.
The State Crime Records Bureau (SCRB) and the Centre for Development of Advanced Computing (CDAC) investigated the breach. The Tamil Nadu police deactivated the compromised admin account and informed relevant authorities, including TNeGA and CDAC-Kolkata. A complaint was filed with the cybercrime department.
11. National Disaster Management Authority (NDMA) Data Breach
A threat actor (TA), using the alias “infamous,” claimed to have breached the National Disaster Management Authority (NDMA) of India and accessed the personal data of 93,000 volunteers. The compromised data includes names, phone numbers, and other critical information. The hacker reportedly put this data up for sale on the dark web for $1,000.
The breach was first reported on June 25 on a popular hacker forum called BreachForums. Sample records dated June 2024 were provided as evidence. Despite the claims, NDMA’s website showed no visible signs of a breach. Volunteers were advised to remain vigilant against potential identity theft and fraud, given that their personal information could be misused.
12. Hyundai Motor India Data Leak
Hyundai Motor India recently fixed a data breach caused by a vulnerability in web links shared via WhatsApp messaging platform after vehicle service check is complete. The exposed data included customers’ personal information such as phone numbers, addresses, and vehicle details like registration numbers and mileage.
The flaw was in system-generated links sent to customers, which were inadvertently compromised. Hyundai’s spokesperson, Siddhartha Saikia, acknowledged the breach and assured that the company is committed to safeguarding customer data.
13. UP Marriage Assistance Scheme Fraud
A cyber fraud of over Rs.1 crore [approximately US$120,000] occurred after unidentified individuals hacked the Uttar Pradesh Marriage Assistance Scheme website. Using the ID of the Additional Labour Commissioner, the fraudsters made unauthorized payments through the Uttar Pradesh Building and Other Construction Workers Welfare Board’s web portal. This breach involved accessing the scheme’s data from the UPLMIS.in and sna.uplmis.in portals.
The hackers fraudulently disbursed funds to ineligible candidates, resulting in a loss exceeding Rs. 1,07,80,000. They submitted over 250 applications within two days and transferred money from the accounts of 196 individuals. A complaint was filed at the Cyber Crime Police Station, and instructions were given to investigate the workers and recover the stolen funds.
The Additional Labour Commissioner’s mobile number received OTPs during payments, which were likely exploited during the breach. CERT-In has responded to the breach and is investigating the incident.
14. Multiple Cyberattacks on Indian Governments
Hacker group Transparent Tribe, linked to Pakistan, targeted critical sectors in India’s government, defense, and aerospace industries. This Advanced Persistent Threat (APT) group focused on clients in the Department of Defense Production (DDP), specifically within the aerospace sector. The actor used phishing emails to infiltrate systems.
The attacks, detected from late 2023 to April 2024, involved one of Asia’s largest aerospace and defense companies and other key DDP entities. Transparent Tribe, also known as APT36 or Mythic Leopard, has a history of cyber espionage against India and operates with a Pakistani nexus. The group used phishing lures to deliver malicious payloads, including a new “all-in-one” espionage tool that exfiltrates various documents.
15. Hackers Targeting the Indian Energy Sector
In early March 2024, researchers from Dutch cybersecurity firm EclecticIQ uncovered a cyber-espionage campaign targeting Indian government agencies and the country’s energy sector. The campaign employed a modified open-source information stealer known as “HackBrowserData,” designed to collect browser login credentials, cookies, and history.
The attackers exfiltrated 8.81GB of data from victims, which could facilitate further intrusions into Indian government infrastructure. The malware was delivered via a phishing PDF disguised as an Indian Air Force invitation letter. Once executed, it exfiltrated documents and cached browser data to channels on Slack, named “FlightNight” by the attackers. The stolen data included internal documents, private emails, and sensitive information from both government and private energy companies.
Conclusion
The Indian cyberthreat landscape, as evidenced by these top incidents, shows a concerning trend – to say the least. From ransomware and data breaches to fraud and hacking, the cyberthreats facing Indian businesses and individuals are escalating by the day.
As India celebrates its Independence Day, it is crucial to acknowledge these challenges and strengthen cybersecurity measures to protect digital assets and personal information. The rise in Indian cyberattacks highlights the need for continuous vigilance and proactive defense strategies to safeguard against future threats.