Call to address the changing landscape of organised cybercrime in India

By Anshuman Sharma, Associate Director CSIRT & Investigative Response, APJ, Verizon Business

India’s digital economy is growing at an unprecedented pace. According to a report by MEITY (Ministry of Electronics and Information Technology), the nation is on the cusp of growing into a trillion-dollar digital economy, potentially supporting up to 65 million digitally-enabled jobs by 2025-26. The increasing digitalization, while unlocking new capabilities, also leaves the flank open for new vulnerabilities. For instance, manufacturers utilizing IoT (Internet of Things) devices throughout their supply chain may gain valuable insights, but will also face evolved forms of cyber threats.

The human element continues to be a major factor
An overall 74% of all breaches include the human element, with individuals playing a role in various ways. These involvements encompass errors, privilege misuse, use of stolen credentials, and social engineering tactics. About 83% of breaches involve external actors from criminal groups, lone hackers, former employees, and even government entities. The primary motivation behind 95% of attacks remains financially driven, with cybercriminals seeking monetary benefits. Internal actors account for 19% of incidents and are responsible
for intentional harm or errors leading to breaches. Vigilant cybersecurity measures are vital to address both intentional and unintentional risks from external and internal sources.

Social engineering attacks, known for their effectiveness and profitability, have witnessed a remarkable surge. Business email compromise (BEC) attacks, a form of pretexting, have nearly doubled and now constitute over 50% of incidents within the social engineering pattern. Understanding the human factor and staying vigilant against these manipulative tactics is paramount in safeguarding against cyber threats.

A high level of organized cybercrime prevails in Asia
System intrusion is one of the primary attack patterns in the APAC region. This pattern indicates attacks perpetrated by dedicated criminals who use their hacking expertise and ready access to malware to attack organizations of different sizes, frequently leveraging ransomware as their means of getting a payday.

Ransomware has emerged as a major concern, claiming the second spot in incidents with a troubling presence in 15.5% of all reported cases. This trend highlights the urgent need to combat and mitigate the growing threat of ransomware attacks for organizations worldwide. Stolen credentials and phishing continue to be the primary means of entry for attackers into organizations. Notably, first-stage or single-stage attacks, such as the use of stolen creds for breaches and denial of service for incidents, dominate the charts consistently over the years.

Besides system intrusion, basic web application attacks and social engineering emerge as the
top attack patterns this year.

Financial losses and recovery costs
According to the India Ransomware Report for H1-2022 CERT-In, in 2022, 31% of reported incidents faced financial losses, which is much greater than 22% last year. The total financial loss due to cyber attacks in India in 2022 was estimated to be Rs. 17,000 crore (US$2.2 billion). Also, recent findings indicate a significant increase in the median loss to $26,000 and an expanded range of $1 to $2.25 million for incidents with losses.

This suggests that the overall costs of recovering from ransomware incidents are growing, despite lower ransom amounts. Small businesses may be particularly vulnerable as the recovery expenses, coupled with technical debt, contribute to their overall losses. This trend is likely attributed to the enhanced automation and efficiency of ransomware operators.

The Digital Personal Data Protection Act (DPDP Act) recently brought into law by the Indian government is establishing a framework for the protection of personal data, to bolster the foundation of privacy in India. Moreover, not only must organizations adhere to the government’s norms on cybersecurity, but should also invest in a continuous cycle of initiatives and interventions, for enhanced data protection and security.

Comments (0)
Add Comment