Pakistan-linked cyber groups target Indian government and military

The cybersecurity landscape in India is becoming increasingly hostile, with a sharp rise in ransomware and other cyberattacks targeting various sectors. A recent report by Seqrite, in collaboration with the Data Security Council of India (DSCI), sheds light on the growing threat and sophistication of these attacks.

Ransomware attackers are constantly updating their tactics to bypass traditional security measures. Seqrite's report indicates a concerning trend where one in every 650 security detections is linked to ransomware incidents.

The report highlights a significant uptick in cyberattacks from Pakistan-linked Advanced Persistent Threat (APT) groups like SideCopy and APT36 (Transparent Tribe). These groups are not only targeting Indian government and military bodies but are also launching spear-phishing campaigns such as Operation RusticWeb and FlightNight, especially alarming during the election period.

The first quarter of 2024 saw over 2,900 disruptive attacks, including DDoS attacks, website defacement, and database leaks, orchestrated by more than 85 Telegram-based hacktivist groups.

Broader cybersecurity trends
According to Arete's Crimeware report, law enforcement agencies have been actively disrupting major RaaS groups like LockBit, leading to a more fragmented threat landscape. While LockBit and ALPHV are no longer the dominant players, other groups such as 8Base, BianLian, and Black Basta have become more prominent.

The trend of fewer organizations paying ransoms continues. In the first quarter of 2024, only 34 per cent of Arete's engagements involved ransom payments, highlighting a shift in how organizations are handling these incidents.

A report by Barracuda, Cybernomics 101, revealed that 71 per cent of surveyed organizations experienced a ransomware attack in the past year, with 61 per cent opting to pay the ransom. The survey, which included insights from ethical hackers, identified the most commonly exploited attack vectors and emphasized the importance of proactive monitoring and attack detection.

“While the Cybernomics 101 research underscores the harsh reality of suffering a data breach, it also underscores that organizations are not powerless," said Fleming Shi, CTO, Barracuda. "Proactive monitoring and attack detection to prevent progression to more severe stages like data exfiltration or ransomware is key. By preparing for these scenarios today, organizations can significantly reduce the impact and cost of these incidents.”