By Ashwani Mishra, Editor-Technology, 63SATS
India’s cybersecurity landscape is under scrutiny as a study by DSCI and Seqrite revealed 369 million malware detections across 8.44 million endpoints, with Telangana, Tamil Nadu, and Delhi as hotspots and critical sectors like BFSI and healthcare heavily targeted. Meanwhile, ransomware attacks have cost global manufacturers $17 billion in downtime since 2018, with a sharp rise in data breaches, emphasizing the urgent need for robust cybersecurity measures across industries.
India’s Cybersecurity Landscape: 369 Million Malware Detections Highlight Sophistication of Threats
A study by the Data Security Council of India (DSCI) in partnership with Seqrite has uncovered 369.01 million malware detections across 8.44 million endpoints in India. Of these, 85.44% relied on signature-based detection, while 14.56% were identified using behavior-based methods, signaling an increasing need for adaptive security solutions.
Trojans accounted for 43.38% of malware detections, followed by infectors at 34.23%, while Android threats primarily included malware (42%) and potentially unwanted programs (32%). The report identified Telangana, Tamil Nadu, and Delhi as hotspots for malware activity and flagged BFSI, healthcare, and hospitality as the most targeted sectors.
Analysis: The rise in be*+havior-based malware detection emphasizes the sophistication of modern cyber threats. Industry-specific vulnerabilities, particularly in critical sectors, demand proactive defense strategies to thwart evolving attack vectors.
Ransomware Cost $17 Billion in Downtime for Global Manufacturers Since 2018
Ransomware attacks have caused $17 billion in downtime across 858 manufacturing companies globally since 2018, according to Comparitech. Each day of disruption costs an average of $1.9 million, with impacts extending beyond production halts to jeopardizing customer relationships and prolonged recovery efforts.
In 2023, the sector saw a sharp rise in ransomware cases (194 incidents, up from 109 in 2022), with data theft hitting 43.9 million records—a 40-fold increase from 2022. Major breaches included VF Corporation (35.5 million records) and PharMerica (5.8 million records).
Analysis: The escalating scale and cost of ransomware attacks underscore the need for manufacturers to prioritize cybersecurity investments. The surge in data theft highlights the dual threat of operational disruption and information exposure.
Russia-Linked Turla Piggybacks on Pakistani Hackers to Target India and Afghanistan
The Turla APT group, linked to Russia, has been leveraging the command-and-control (C2) servers of Pakistani hacking group Storm-0156 to conduct espionage campaigns targeting Afghan and Indian entities since late 2022.
Lumen Technologies Black Lotus Labs revealed that Turla infiltrated Storm-0156’s infrastructure in December 2022 and expanded its control to multiple C2 servers by mid-2023. This strategic embedding allows Turla to obscure its activities and complicate attribution.
Analysis: Turla’s exploitation of another threat actor’s infrastructure demonstrates a sophisticated tactic to cloak nation-state operations, making it increasingly difficult for defenders to attribute attacks accurately.
Healthcare Cyberattack Exposes Data of Three UK Hospitals
A cyberattack has compromised patient records and procurement data from Alder Hey Children’s Hospital, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital in the UK. The ransomware group INC Ransom claimed responsibility, alleging theft of data from 2018 to 2024.
The breach originated from unauthorized access to a shared digital gateway service, impacting systems containing sensitive information. The incident is under investigation by the UK’s National Crime Agency (NCA) and external partners.
Analysis: Healthcare organizations remain prime targets due to their sensitive data and critical operations. Shared infrastructure between hospitals creates additional vulnerabilities, underscoring the need for robust cyber defenses across interconnected systems.
Chinese State Hackers Target Global Telecoms in Coordinated Breaches
The Chinese APT group Salt Typhoon has breached telecommunications companies in dozens of countries, including eight firms in the United States, according to White House Deputy National Security Adviser Anne Neuberger.
The attacks, active for the past one to two years, focused on infiltrating telecom networks. Although no classified communications have been compromised, the breaches highlight the persistent threat posed by state-sponsored actors.
Analysis: The telecom sector’s critical role in global infrastructure makes it a prime target for cyber espionage. The discovery of previously unknown breaches underscores the importance of constant monitoring and threat intelligence sharing.
British Telecom Giant BT Confirms Cyberattack Attempt
BT Group, one of the UK’s largest telecommunications companies, revealed on Wednesday that its conferencing platform faced an attempted cyberattack. The Black Basta ransomware group claimed on its darknet leak site to have obtained corporate data during the incident.
A BT spokesperson emphasized that the breach was limited to “specific elements of the platform,” which were swiftly taken offline and isolated to prevent further impact. The company, listed on the London Stock Exchange, assured that the situation was contained and under control.