INDIA Trends and Developments Contributed by: Probir Roy Chowdhury and Shivani Bhatnagar, JSA
defensive capabilities. In 2024, India recorded 369.01 million malware detections across 8.44 million endpoints, averaging 702 detections per minute. This represents a reduction from 2023’s figures of 400 million detections across 8.5 mil - lion endpoints. More significantly, the number of actual cyber - security incidents decreased substantially, from approximately 10,500 in 2023 to 7,770 in 2024. Data suggests strengthened cybersecurity measures, as evidenced by an improved inci - dent-to-detection ratio. In 2024, approximately one security incident occurred per 40,400 mal - ware detections, compared to one per 38,000 detections in 2023. However, the threat landscape has grown more sophisticated, as demonstrated by an increase in behaviour-based malware detections from 12.5% in 2023 to 14.5% in 2024. This indicates that attackers are employing more sophisticated malware and reflects their increasing use of mal - ware that avoids traditional detection by con - stantly changing its code or hiding in legitimate processes. Geographically, the threat landscape expanded beyond traditional tech hubs. While states such as Telangana and Tamil Nadu remained primary targets, there was a marked increase in activity in tier-two cities such as Surat and Ahmedabad. The healthcare sector emerged as the most targeted industry, accounting for 21.82% of all attacks – up from 15% in 2023. This rise is likely driven by the high value of medical data and the essential nature of healthcare systems, which may prompt organisations to be more inclined to pay ransoms. The hospitality (19.6%) and bank - ing sectors (17.4%) also saw significant target -
ing, highlighting the focus on industries handling large volumes of personal and financial data. India saw a rise in cloud-based detections, accounting for 62% of all detections, which reflects the broader digital transformation across Indian businesses. As more organisations move their operations to the cloud, they are creat - ing new opportunities for attackers to exploit misconfigured or inadequately protected cloud resources. In terms of malware types, Trojans and infec - tors remained the most prevalent, constituting 43.25% and 34.10% of detections respectively. These types of malwares often masquerade as legitimate software, tricking users into execut - ing them and providing attackers with backdoor access to systems. Ransomware attacks continue to pose one of the most acute cybersecurity threats. While the typical approach of stealing and encrypt - ing data remains a primary tactic, there is an increasing trend towards threat actors adopting data extortion tactics whereby data is stolen but not encrypted. This shift reflects a change in the nature of ransomware attacks, moving from traditional encryption-based extortion to more sophisticated data theft and extortion methods. Ransomware also persistently upholds its posi - tion as one of the most pernicious manifes - tations of cybercrime. A single ransomware security incident emerges for every cluster of 595 detections. That said, the occurrence of a malware incident is considerably less frequent – materialising only once amid a staggering 40,400 detections. The geopolitical landscape continued to influ - ence cybersecurity threats, with hacktivist
123 CHAMBERS.COM
Powered by FlippingBook