Parul
The number of distributed denial-of-service (DDoS) attacks on Indian infrastructure has increased by 50 per cent since the beginning of 2024, finds a study by Positive Technologies.
Positive Technologies, a result-driven cybersecurity platform, revealed a study of dark web platforms and cybercrime services, offering detailed data on the nature of cyberattacks in India. The study found that the attackers are primarily interested in databases and access to the infrastructure of various organisations. For example, the Indian Space Research Organisation alone has to fend off more than 100 hacker attacks every day.
India’s rapid digital development, which has made the country the world’s third-largest digital economy in 2024, creates a favourable environment for cyberattacks. Ever-evolving digital tools have transformed multiple sectors and fuelled entrepreneurship, but they also attract malicious actors seeking to exploit the weaknesses of the digital infrastructure.
The study found that cybercriminals are primarily interested in databases and access to key infrastructure platforms of various Indian companies across industries. Overall, 85 per cent of the DDoS attacks in Indian cyberspace target the financial sector, while the remaining 15 per cent target government agencies.
India is among the top three countries in terms of the number of dark web ads related to leaked and stolen databases. The study confirmed that databases are of the greatest interest to cybercriminals targeting the country’s infrastructure. This is the most popular dark web topic for India: database-related ads account for 42 per cent of all posts. Additionally, more than half of the databases (66 per cent) are being distributed for free: experts attribute this to the activity of hacktivists and ransomware groups in the region. In most cases, hackers gained access to data from scientific and educational institutions, financial organisations, government agencies, and commercial companies.
According to the study, the majority of stolen data (61 per cent) is personally identifiable information of companies’ customers and employees. A cyberattack on just one major Indian electronics manufacturer in April 2024 resulted in the theft of 7.5 million customer records. As for the most common cyberattack tool, 23 per cent of successful attacks were carried out by using ransomware, according to hacker groups.
“Our analysis of dark web markets offering cybercrime services shows that only 29 per cent of hacked databases are then sold. Sellers frequently offer databases of financial organisations, service companies, and retail businesses. In 40 per cent of the ads, the price does not exceed $1,000 per database. Buyers’ ads account for only 5 per cent of the region’s dark web and indicate the most common
areas of interest for cybercriminals, one of them being financial data,” said Anastasia Chursina, Analyst at Positive Technologies.
Access credentials are the second most popular cybercrime service, accounting for 23 per cent of posts on dark web forums. Unlike databases, which are distributed mostly for free, credentials are often sold, granting access to the IT infrastructure of commercial, financial, and service companies. According to the study, more than 60 per cent of all access credentials can be bought for less than $1,000, but sellers charge more for access to financial organisations.
For example, access credentials for an Indian bank, with administrator privileges and the ability to connect to internal portals and servers connected to ATMs and mobile applications, are offered for $70,000 and more.
Experts at Positive Technologies highlight the need for the region to address the significant number of dark web offers related to databases and credentials that grant access to corporate IT infrastructures. The low price of access credentials and free-of-charge distribution of personal data may contribute to an increase in cyberattacks targeting companies and government agencies in the country. The experts recommend that organisations establish comprehensive protection based on the principles of result-driven cybersecurity.
A competent approach to security event analysis calls for a combination of SIEM and XDR solutions. MaxPatrol O2, a cybersecurity metaproduct, will be of great help in effective monitoring and detection of threats within a corporate IT infrastructure. The cybersecurity system should also include modern tools such as a next-generation firewall (NGFW), web application firewall (WAF), network traffic analysis (NTA) tool, and the MaxPatrol VM vulnerability management system.
The combination of SIEM and XDR solutions enhances an organisation’s threat management capabilities by consolidating and analysing security data from various sources and facilitates a centralised response. Given the nature of cyberattacks in India, sandboxes should not be neglected as well: they allow for timely detection of various types of malwares, including ransomware.
The Positive Technologies study analyses dark web messages related to India in the period between September 1, 2023, and October 1, 2024. The sample includes 380 Telegram channels and forums on the dark web, with an audience of about 65 million users and the total number of messages approaching 250 million.
