The number of distributed denial-of-service (DDoS) attacks on Indian infrastructure has increased by 50% since the beginning of 2024, finds a study by Positive Technologies.
Positive Technologies, a leader in result-driven cybersecurity, has presented a study* of dark web platforms and cybercrime services, offering detailed data on the nature of cyberattacks in India. The study found that the attackers are primarily interested in databases and access to the infrastructure of various organizations. For example, the Indian Space Research Organization alone has to fend off more than 100 hacker attacks every day.
India’s rapid digital development, which has made the country the world’s third-largest digital economy in 2024, creates a favorable environment for cyberattacks. Ever-evolving digital tools have transformed multiple sectors and fueled entrepreneurship, but they also attract malicious actors seeking to exploit the weaknesses of the digital infrastructure.
The study found that cybercriminals are primarily interested in databases and access to key infrastructure platforms of various Indian companies across industries. Overall, 85% of the DDoS attacks in Indian cyberspace target the financial sector, while the remaining 15% target government agencies.
India is among the top three countries in terms of the number of dark web ads related to leaked and stolen databases. Positive Technologies has confirmed that databases are of the greatest interest to cybercriminals targeting the country’s infrastructure. This is the most popular dark web topic for India: database-related ads account for 42% of all posts. Additionally, more than half of the databases (66%) are being distributed for free: experts attribute this to the activity of hacktivists and ransomware groups in the region. In most cases, hackers gained access to data from scientific and educational institutions, financial organizations, government agencies, and commercial companies.
According to the study, the majority of stolen data (61%) is personally identifiable information of companies’ customers and employees. A cyberattack on just one major Indian electronics manufacturer in April 2024 resulted in the theft of 7.5 million customer records. As for the most common cyberattack tool, 23% of successful attacks were carried out by using ransomware, according to hacker groups.
“Our analysis of dark web markets offering cybercrime services shows that only 29% of hacked databases are then sold. Sellers frequently offer databases of financial organizations, service companies, and retail businesses. In 40% of the ads, the price does not exceed $1,000 per database. Buyers’ ads account for only 5% of the region’s dark web and indicate the most common areas of interest for cybercriminals, one of them being financial data,” said Ms. Anastasia Chursina, Analyst at Positive Technologies.
Access credentials are the second most popular cybercrime service, accounting for 23% of posts on dark web forums. Unlike databases, which are distributed mostly for free, credentials are often sold, granting access to the IT infrastructure of commercial, financial, and service companies. According to the study, more than 60% of all access credentials can be bought for less than $ 1,000, but sellers charge more for access to financial organizations.
For example, access credentials for an Indian bank, with administrator privileges and the ability to connect to internal portals and servers connected to ATMs and mobile applications, are offered for $70,000 and more.
Experts at Positive Technologies highlight the need for the region to address the significant number of dark web offers related to databases and credentials that grant access to corporate IT infrastructures. The low price of access credentials and free-of-charge distribution of personal data may contribute to an increase in cyberattacks targeting companies and government agencies in the country. The experts recommend that organizations establish comprehensive protection based on the principles of result-driven cybersecurity.
A competent approach to security event analysis calls for a combination of SIEM and XDR solutions. MaxPatrol O2, a cybersecurity metaproduct, will be of great help in effective monitoring and detection of threats within a corporate IT infrastructure. The cybersecurity system should also include modern tools such as a next-generation firewall (NGFW), web application firewall (WAF), network traffic analysis (NTA) tool, and the MaxPatrol VM vulnerability management system.
The combination of SIEM and XDR solutions enhances an organization’s threat management capabilities by consolidating and analyzing security data from various sources, and facilitates a centralized response. Given the nature of cyberattacks in India, sandboxes should not be neglected as well: they allow for timely detection of various types of malware, including ransomware.
*The Positive Technologies study analyzes dark web messages related to India in the period between September 1, 2023 and October 1, 2024. The sample includes 380 Telegram channels and forums on the dark web, with an audience of about 65 million users and the total number of messages approaching 250 million.