India is experiencing a dramatic surge in cyberattacks, with statistics showing an increase of 92% in incidents in the third quarter of 2024 compared to the same period in 2023. The country faced nearly 1.2 billion attacks overall last quarter, with 377 million denial-of-service (DoS) events and 215 million bot-based requests directed at API services and web servers, as reported by Indusface, a managed application security provider. This is part of a broader trend where the number of DDoS-related incidents targeting APIs has risen 30 times compared to traditional web assets.
India faces dramatic rise in cyberattacks, 92% increase in Q3 2024
Factors contributing to this increase include the rapid adoption of digital technologies across sectors, especially in banking and utilities. In these areas, the attack rate is significantly higher, with financial services experiencing twice as many attacks relative to the global average and the power and energy sector facing four times as many attacks per website. According to PwC, 44% of businesses in India have faced data breaches resulting in losses of at least $500,000 over the past three years.
Cyberattacks are continuing to escalate
The overall growth in cyberattacks reflects a troubling trend for organizations in India, as incidents doubled year-over-year, rising 115% in sequential quarters. While global cyberattacks grew by 26% in the third quarter of 2024, Indian organizations reported attacks expanding at a much faster rate. Ashish Tandon, founder and CEO of Indusface, noted that attackers are increasingly focusing on exploiting websites and APIs using a broader array of attack vectors. He attributes part of this growth to the rise of large language models (LLMs), which have made it easier for less experienced hackers to execute vulnerability attacks.
CISA’s updated cyber plan could be key to stopping future hacks
The Reserve Bank of India (RBI) issued a warning in August regarding the heightened risks accompanying the rising digitization efforts. This follows a global trend where organizations face escalating cyber threats, with top security risks including cloud-related vulnerabilities and social engineering attacks. Despite these risks, many companies in India are inadequately prepared, with a mere 19% employing automated scanners for API security. Moreover, more than 30% of critical and high-severity vulnerabilities remain unaddressed for over six months after discovery.
Industry-specific vulnerabilities are exacerbating the cyber risks faced by banks and utilities. Phani Deepak Akella, vice president of marketing for Indusface, emphasized that geopolitical factors contribute to the targeting of these sectors, leading to disruptions in essential services. Companies are confronted with various vulnerabilities, including security misconfigurations and authentication failures, which are among the top issues found in production API servers.
API attacks highlight growing cybersecurity challenges
The frequency and sophistication of attacks against APIs are increasing alarmingly. Indusface’s reports show around 5 million attacks directed specifically at vulnerable API services. A significant factor in this rise is the accessibility of resources enabling novice hackers to find and implement exploitable scripts for easy attacks, a change driven by the democratization of advanced tools through LLMs, including those like ChatGPT. This shift allows a broader spectrum of attackers to leverage automated capabilities for exploiting vulnerabilities.
Currently, Indian organizations are making cybersecurity a high priority, with 61% of executives stating it ranks among their top three concerns. The acceleration in attacks, particularly against APIs, indicates a growing recognition among Indian businesses of the need to bolster their cybersecurity postures. Despite these intentions, a substantial number of firms continue to rely on outdated practices such as manual penetration testing, with 45% still not optimizing automated security solutions.
Featured image credit: Kerem Gülen/Midjourney
