As we approach the close of 2024, the cybersecurity landscape in India reveals a stark reality—our collective defences are not just faltering but deteriorating at an alarming rate. From sophisticated supply-chain compromises to the relentless exploitation of zero-day vulnerabilities, even India’s most fortified intelligence organisations and enterprises struggle to maintain a robust defensive posture.
This year has proven that what was once considered a secure network now must leverage cutting-edge technologies like artificial intelligence (AI) to remain safe. The good news is that these same AI tools empower organisations with rapid, effective remediation solutions without requiring years of specialised training.
The past year has seen a tidal wave of cyber incidents targeting India with greater fervour than other countries, exposing the fragility of the nation’s current security frameworks.
Cyber attacks against India surged by 15 percent in Q1 of 2024 compared to the same time one year prior. The second quarter of the year raised even more alarms with a 30 percent year-over-year jump, leading to many sleepless nights as security teams brace for 2025. This surge has significantly impacted key industries such as finance, healthcare, and manufacturing, leading to sophisticated ransomware attacks and data breaches that compromise sensitive information and disrupt operational continuity.
Supply-chain attacks have become increasingly prevalent in India, compromising even the most secure network appliances used by top-tier enterprises and government bodies. The incessant stream of zero-day vulnerabilities has left organisations in a perpetual state of playing defense, unable to patch and defend against emerging threats swiftly. Service providers have not been immune, with breaches at these critical nodes cascading security risks downstream to users, consumers, and citizens alike.
For instance, Indian banks and financial institutions have reported multiple breaches that exploited vulnerabilities in third-party software, highlighting the interconnected nature of modern cyber threats.
State-sponsored threat actors and advanced persistent threats (APTs)
A particularly concerning development has been the evolution of threat actors aligned with state-sponsored groups, notably those associated with Chinese hacking apparatuses. These actors have refined their operational tradecraft to exploit collective blind spots through non-attribution networks. Utilising insecure appliances, routers, and virtual private servers (VPS) across multiple cloud platforms creates untraceable tunnels that facilitate Advanced Persistent Threats (APTs) from benign or reputation-neutral IPs within victim countries, including India. This sophisticated approach evades traditional detection mechanisms, granting threat actors operational impunity, leaving organisations and governments grappling with persistent and covert surveillance.
India’s 2025 threat landscape
As we look ahead to 2025, several key trends indicate an even more challenging cybersecurity environment for India:
The rise of AI-driven threats
Artificial intelligence has revolutionised both defensive and offensive cybersecurity measures. While AI-powered security tools enhance threat detection and response capabilities, cybercriminals are equally adept at utilising AI to refine their attack vectors. From automating malware creation to exploiting AI-driven services, the dual-edged nature of AI poses significant risks.
In 2024, incidents of actors hijacking cloud-hosted AI services to power illicit activities have set a concerning precedent, likely to be replicated and expanded in the coming year. For Indian businesses, integrating AI into their cybersecurity strategies will be crucial in staying ahead of these sophisticated threats.
Targeting under-monitored technologies
Threat actors are increasingly exploiting popular yet poorly secured technologies.
Edge network devices—such as firewalls, routers, and switches—alongside mobile devices like smartphones and smartwatches, present lucrative targets due to their widespread use and often inadequate security measures. In India, where the use of 2 billion IoT (Internet of Things) devices are being brought online across industries, the exploitation of these devices enables attackers to breach networks, track high-value individuals, and out-manoeuvre defenders constrained by the limitations of these systems. For instance, manufacturing units leveraging smart factories have become prime targets for cyber espionage and sabotage, emphasising the need for comprehensive security measures.
Vulnerabilities in perceived secure platforms
The misconception that platforms like macOS are inherently more secure is being challenged as cybercriminals develop sophisticated crimeware targeting these systems. Infostealers-as-a-service, such as Amos Atomic and Banshee Stealer, exploit vulnerabilities in macOS to extract credentials and other sensitive information, highlighting the need for comprehensive security strategies encompassing all operating systems.
In India, where many enterprises and government offices adopt diverse operating environments, ensuring uniform security across all platforms is paramount.
The impact of rising cyber-attacks in India
India’s financial sector, healthcare institutions, and manufacturing industries have been particularly hard hit, facing sophisticated ransomware attacks and data breaches that compromise critical infrastructure and sensitive information.
Financial sector vulnerabilities
Indian banks and financial institutions have been at the forefront of cyber attacks, being attacked over 2,500 times in the second half of this year, compared to the 1,600 average in other regions.
With attackers exploiting vulnerabilities in online banking platforms, payment systems, and third-party service providers. The rise in digital banking adoption has provided cybercriminals with more entry points to execute fraudulent transactions and steal sensitive financial data. Strengthening security measures, such as multi-factor authentication and real-time transaction monitoring, is essential to protect against these threats.
Healthcare sector breaches
The healthcare sector in India has also faced significant cyber threats, accounting for 21 percent of all attacks nationally. Hospitals and medical facilities are experiencing ransomware attacks that disrupt patient care and compromise medical records. The sensitive nature of healthcare data makes it a lucrative target for cybercriminals seeking to monetise stolen information. Implementing robust data encryption, access controls, and incident response plans can help mitigate these risks and ensure the continuity of critical healthcare services.
Manufacturing industry risks
The manufacturing sector in India, particularly smart factories and industrial control systems, have been targeted by cyber espionage and sabotage attacks. These attacks aim to steal intellectual property, disrupt production processes, and cause physical damage to manufacturing equipment. Adopting AI-powered monitoring systems and securing industrial networks are crucial steps in protecting manufacturing operations from such sophisticated threats.
Government and public sector challenges
Government agencies and public sector organisations in India have also been prime targets for cyber attacks, including phishing campaigns, data breaches, and denial-of-service attacks. Protecting sensitive government data and ensuring the resilience of public services against cyber threats is paramount for national security and public trust. Collaborative efforts between government bodies and private sector cybersecurity firms can enhance the overall security posture of public institutions.
Embracing AI-powered strategies for a secure future in India
As cyber threats evolve, Indian organisations must remain vigilant and adaptable. The increasing use of AI by defenders and attackers means that cybersecurity strategies must continuously evolve to keep up with new threats. Investing in AI-driven security solutions, fostering a culture of continuous learning, and staying abreast of the latest threat intelligence are essential for maintaining robust defenses against emerging cyber threats.
More than technology is needed to secure India’s digital future. Strong leadership and a risk-aware culture are essential for building a resilient cybersecurity framework. Investing in resilience, reinforcing regulatory and legal frameworks, and addressing overlooked vulnerabilities are critical steps for Indian businesses to navigate the complexities of the modern threat landscape. By adopting a holistic and forward-thinking approach, Indian organisations can defend against current threats and proactively prepare for future challenges, safeguarding their assets, protecting their stakeholders, and fostering a secure digital environment for the years ahead.
Steve Stone is senior VP of Threat Services at SentinelOne.