CloudSEK has identified 45 highly active threat actors who targeted the finance and banking (BFS), government, telecommunications, healthcare, and education sectors. The scale of data theft, ransomware incidents, and the sheer volume of records sold underscore the severity of the challenges faced by India, with the advent of AI further complicating cybersecurity in India.
—
As per CloudSEK, these sectors were targeted due to their critical reliance on digital infrastructure and the sensitive nature of the data they handle.
Data Theft: Scale of the problem
Threat actors exploited vulnerabilities, causing widespread disruptions across industries. This year, cybercriminals sold an alarming volume of data: Approximately 4,446 million lines of records and 12,332 gigabytes. Monthly trends show consistent activity from threat actors, with databases and unauthorised access offered for sale on dark web forums.
Also read: Cyber Fraud: AI voice-cloning emerges as a key tool for scammers
Top threat actors
Among the 45 notable threat actors identified, Markitto35 emerged as the most active, with 30 victims across multiple sectors. The breakdown of Markitto35’s targets includes:
- Six victims in finance & banking.
- Three in education.
- Three in healthcare and pharma.
- Two in IT & technology.
- Two in manufacturing.
- 14 in other sectors.
Other prominent threat actors included whatisdb, frog, Tanaka, xenZen, and InterlBroker, all involved in significant breaches and attacks throughout the year.
Major data breaches in 2024
India witnessed several high-profile data breaches, with millions of records compromised. Notable incidents include:
- Hi-Tek Group: 850 million records of Indian citizen data leaked from this debt collection agency.
- Star Health Insurance: A significant data breach impacting sensitive customer information.
- Telecommunications Consultants India Limited (TCIL): 2TB of data stolen.
- Shell India: A major data breach impacting operations.
Ransomware remains a significant threat
Ransomware attacks continued to plague Indian industries, with BFS being the most targeted. This sector’s dependence on digital infrastructure and the sensitive nature of financial data made it a lucrative target for cybercriminals, CloudSEK stated, adding that smaller financial institutions with inadequate cybersecurity measures were particularly vulnerable.
Also read: New phishing scam lures YouTube creators with fake brand collaboration offers
The healthcare and pharmaceuticals sector, driven by the high value of data such as patient records and intellectual property, made for an easy target. The automotive and manufacturing sector was not spared either, with ransomware attacks disrupting supply chains and operations.
Ransomware groups targeting India
CloudSEK analysed 108 ransomware incidents in 2024.
- Lockbit was the most active group, responsible for over 20 incidents.
- Killsec targeted over 15 organisations.
- Ransomhub was linked to 12+ incidents.
These groups exploited vulnerabilities in critical sectors, often demanding significant ransoms to restore operations.
The need for enhanced cybersecurity
India’s cybersecurity landscape in 2024 paints a troubling picture of rising threats across industries. With billions of records compromised and critical operations disrupted, the need for robust cybersecurity measures has never been more urgent. As threat actors evolve tactics, Indian organisations must prioritise investments in security infrastructure, employee training, and incident response capabilities to mitigate risks in the coming year.
Also read: Indian banks reported over 23,000 cybersecurity incidents in 2023: Government to Parliament
