India’s Cyber Threat Surge

Why in News ?

According to Check Point Software Technologies’ “State of Cyber Security in India 2025” report, Indian organisations faced an average of 2,011 cyberattacks per week in 2025, significantly higher than the global average. The report highlights cloud misconfigurations, infostealer malware, ransomware, and AI-enabled frauds as key drivers behind India’s rapidly escalating cyber threat landscape.

Background & Context

India’s rapid digital transformation—driven by UPI-based payments, cloud adoption, e-governance platforms, and data-driven public services—has significantly expanded its digital attack surface. While this transformation has enhanced efficiency and inclusion, it has also made India a high-value target for cybercriminals.

Over the last three years, cyber incidents in India have more than doubled, reflecting a mismatch between the pace of digitisation and the maturity of cyber security practices. The 2025 report underscores that cyber risks are no longer confined to financial theft alone but now threaten national security, data sovereignty, and public trust in digital systems.

Scale of Cyberattacks in India (2025)

• Indian organisations faced 2,011 cyberattacks per week on average.
• India ranked among the most targeted countries globally.
• Education sector emerged as the most targeted worldwide:
  • Institutions faced between 4,248 and 9,817 attacks per week.
• Other highly targeted sectors:
  • Telecommunications
  • Healthcare
  • Financial services
  • Government and public sector bodies

This pattern reflects attackers’ focus on data-rich, service-critical, and digitally dependent sectors.

Rising Trend in Cyber Incidents and Financial Losses

• Cyber incidents increased from:
  • ~1.03 million (2022)
  • to ~2.27 million (2024)
• Early 2025 indicators suggest continued escalation.
• Financial cyber fraud losses reported on the National Cyber Crime Reporting Portal reached:
  • ₹36,450 crore (as of February 2025)

These losses are closely linked to the expansion of digital payments and remote digital interactions.

Major Types of Cyberattacks and Digital Frauds in India 

1. Phishing and Social Engineering Attacks

• Fake banking and UPI links
• Fraudulent SMS, emails, and messaging app links
• Increasing use of AI-generated messages to mimic trusted institutions.
• Primary driver of:
  • UPI fraud
  • Account takeover
  • Credential theft

2. UPI and Digital Payment Frauds

• Exploit real-time payment systems.
• Common methods:
  • Fake “collect requests”
  • QR code manipulation
  • Customer care impersonation
• Major contributor to financial losses reported in 2025.

3. Cloud Misconfigurations and Data Breaches

• Unsecured cloud storage buckets
• Over-permissive access controls
• Poor identity and access management
• Reported incident:
  • Exposure of 500 GB of sensitive personal and biometric data, including records of law enforcement and military personnel.
• Less than 9% of sensitive cloud data is encrypted, increasing breach impact.

4. Infostealer Malware Attacks

• Designed to steal:
  • Login credentials
  • Banking data
  • Browser cookies and crypto wallets
• Major malware families active in India (2025):
• Lumma Stealer – compromised 44,197 Windows devices (March–May 2025)
  • RisePro
  • Vidar
  • StealC
  • RedLine
• Enterprise-focused malware:
  • AgentTesla (22% year-on-year rise)
  • FormBook
• Mostly delivered through targeted phishing campaigns.

5. Ransomware Attacks

• Affected 7–10% of Indian organisations.
• Education sector saw disproportionate impact.
• Evolving tactics include:
  • Data exfiltration before encryption
  • Double and triple extortion
  • Use of zero-day vulnerabilities
  • Abuse of legitimate system tools to evade detection

6. SIM Swap and Identity Theft Frauds

• Reset banking and UPI credentials
• Bypass OTP-based authentication
• Often combined with phishing and social engineering.

7. Deepfake and AI-Enabled Scams

• Deepfake videos and voice calls impersonating officials or family members
• AI-generated financial advisories and job offers
• Exploits trust and emotional manipulation.

Detection and Response Gaps

• Only a small fraction of organisations can:
  • Detect breaches within the first hour
  • Contain or remediate attacks quickly
• Delayed response significantly amplifies:
  • Financial losses
  • Data exposure
  • Operational disruption

Implications for India’s Digital Ecosystem

• Threatens trust in Digital Public Infrastructure (DPI) such as UPI and e-governance platforms.
• Raises concerns about:
  • Data protection
  • National security
  • Critical infrastructure resilience
• Highlights the need for security-by-design, not post-facto fixes.

Personal Measures 

1. Safe Digital Payment Practices

• Never click on unknown or unsolicited UPI collect requests.
• Avoid scanning QR codes sent via messages or social media.
• Verify merchant identities before making payments.
• Set daily transaction limits on UPI and net banking.

2. Protection Against Phishing & Social Engineering

• Do not click links received via SMS, email, or messaging apps claiming urgency.
• Verify communications from banks, government agencies, or service providers through official channels.
• Be cautious of AI-generated voice or video calls impersonating officials or relatives.

3. Device and Account Security

• Enable two-factor authentication (2FA) on all critical accounts.
• Use strong, unique passwords and a password manager.
• Regularly update operating systems, browsers, and apps.
• Install apps only from trusted app stores.

4. Cloud and Data Privacy Awareness

• Avoid uploading sensitive personal documents to unsecured cloud platforms.
• Review privacy permissions granted to apps.
• Regularly audit email and cloud account login activity.

5. SIM and Identity Protection

• Avoid sharing OTPs under any circumstances.
• Immediately report network issues that may indicate SIM swap fraud.
• Link Aadhaar and PAN only through official portals.

6. Reporting Cybercrime Promptly

• Report incidents immediately on the National Cyber Crime Reporting Portal (cybercrime.gov.in).
• Early reporting increases chances of fund recovery in UPI and banking frauds.

Key Cyber Laws in India

1. Information Technology Act, 2000 (IT Act)

• India’s primary cyber law.
• Provides legal recognition to electronic transactions.
• Criminalises:
  • Hacking
  • Identity theft
  • Data theft
  • Cyber terrorism (Section 66F)

2. IT (Amendment) Act, 2008

• Expanded scope to include:
  • Phishing and online fraud
  • Violation of privacy
  • Intermediary liability
• Introduced stricter penalties and definitions of cyber offences.

3. Digital Personal Data Protection Act, 2023

• Governs collection, processing, and storage of personal data.
• Mandates:
  • User consent
  • Data minimisation
  • Breach notification
• Penalises data fiduciaries for negligent data protection practices.

Institutional Mechanisms for Cyber Security

1. CERT-In (Indian Computer Emergency Response Team)

• Nodal agency for cyber incident response.
• Issues:
  • Cyber security advisories
  • Vulnerability alerts
• Mandates breach reporting within prescribed timelines.

2. National Cyber Crime Reporting Portal

• Centralised platform for reporting:
  • Financial frauds
  • Identity theft
  • Online abuse
• Integrated with:
  • Banks
  • Law enforcement agencies
  • Indian Cyber Crime Coordination Centre (I4C)

3. Indian Cyber Crime Coordination Centre (I4C)

• Established under the Ministry of Home Affairs.
• Coordinates cybercrime response across States and UTs.
• Supports:
  • Capacity building
  • Training of cyber police
  • Real-time fraud monitoring

Regulatory and Policy Measures

1. RBI and Financial Sector Safeguards

• Mandatory:
  • Multi-factor authentication
  • Transaction alerts
• Zero Liability norms for customers if fraud is reported promptly.
• Guidelines for banks and payment service providers on fraud risk management.

2. Telecom and SIM Security Measures

• KYC norms for SIM issuance.
• Restrictions on bulk SIM activations.
• Measures to curb SIM swap fraud.

3. National Cyber Security Strategy (Proposed)

• Focus areas:
  • Critical infrastructure protection
  • Indigenous cyber security capabilities
  • Skilled cyber workforce
• Aims to integrate public-private cooperation.

Challenges in Legal and Enforcement Framework

• Low conviction rates in cybercrime cases.
• Jurisdictional challenges due to cross-border nature of cyberattacks.
• Limited cyber forensic capacity at the district level.
• Rapid evolution of AI-driven cyber threats outpacing legal reforms.