Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
2024 has been an eventful year for Indian cyberspace as firms suffered massive data breaches resulting in millions of dollars in losses, Indian defence institutions faced espionage bids and many important sites were taken down by ideologically-motivated hackers.
According to a report by think tank Data Security Council of India (DSCI), India detected an average of 761 cyberattack attempts per minute this year with the healthcare industry being the top target sector, followed by hospitality and banking.
Among states, Telangana was the top target, suffering 15% of the total attacks, followed by Tamil Nadu (12%). India’s diamond and textile hub, Surat along with Bengaluru emerged as the top victims among Indian cities.
The BSNL data breach exposed over 278GB of telecom data, while BoAt India suffered a breach that compromised the personal data of 7.5 million users. Ransomware attacks targeted Polycab India, disrupting its IT infrastructure, as India Today reported in June.
The hacking of Burger Singh fast food chain site, SPARSH pension portal, and attacks on Hathway internet service provider, Telangana Police’s Hawk Eye app, and Tamil Nadu’s FRS portal were among the prominent cyber incidents. Among these, the WazirX cryptocurrency exchange breach stood out for its scale, resulting in a $230 million theft.
An outlier was ideologically-motivated cross-border attacks on Indian cyber infrastructure. Attacks by Bangladeshi and Indonesian threat actors, as reported by India Today earlier, on Indian business and government sites and vice-versa is an example of this trend.
Indonesia’s Anon Black Flag was the most active group in 2024, sharing 23% of attacks on India among all the cyber actors, as per DSCI.
On the global scale, below are the major cyber incidents and trends of the year:
RANSOMWARE ATTACK
In February, a ransomware attack on Change Healthcare disrupted the US healthcare system for weeks. The attack, claimed by the Russian group BlackCat/ALPHV, hampered pharmacies, hospitals, and other facilities, preventing claims processing and payments. UnitedHealth paid a $22 million ransom, with hackers gaining access through stolen credentials.
In April, the attack escalated as it was revealed that a large amount of data had been stolen. Despite paying the ransom, data was seized by the RansomHub group and posted online. UnitedHealth CEO Andrew Witty testified in May that the attack affected data of “maybe a third” of Americans.
DDoS ATTACKS
Internet Archive DDoS Attacks: The Internet Archive suffered a series of distributed denial of service (DDoS) attacks in May and October 2024. These attacks caused service outages and compromised over 31 million passwords, affecting access to a vast repository of digital content.
Breaches and data leaks
Dell data breach: In April, a threat actor named Manelik was found selling a Dell database containing “49 million customers and other information systems purchased from Dell between 2017-2024” on breach hacking forums. Dell later warned customers about the stolen information.
Call logs of Trump family and Kamala Harris: In November, a hacker released phone numbers allegedly belonging to US Vice President Kamala Harris and some family members of President-elect Donald Trump in an extortion bid against American telecom giant AT&T.
Snowflake data breach: In June, widespread attacks on cloud-based data storage company “Snowflake” customers led to major data breaches affecting companies like AT&T, Ticketmaster, Santander, and Advance Auto Parts.
Researchers identified 165 potentially exposed organizations, with significant data stolen. Hackers exploited compromised credentials from infostealer malware. Ticketmaster’s breach, executed by ShinyHunters, exposed sensitive data of 560 million users, including names, emails, and partial payment details, due to the lack of multi-factor authentication.
ZERO-DAY ATTACKS
In February, China-linked espionage group ‘Volt Typhoon’ was found to have hijacked hundreds of small office/home office (SOHO) routers in the US as part of a campaign to compromise critical infrastructure providers.
Another China-linked group, Salt Typhoon, executed a massive c yber-espionage campaign targeting US telecom giants like Verizon and AT&T, compromising networks, customer call records, and data tied to law enforcement.
TOP THREAT ACTORS
Midnight Blizzard is the most active threat actor in the cyber landscape followed by Volt Typhoon and LockBit.
LockBit: As of 2024, LockBit remains one of the most active ransomware groups, operating with a Ransomware-as-a-Service (RaaS) model. Despite significant disruptions, including Operation Cronos in February 2024, the group remains a major threat.
RansomHub: RansomHub is another RaaS group that has targeted over 210 victims across sectors like healthcare, government, and critical infrastructure. Using a double-extortion model, it encrypted systems and exfiltrated sensitive data.
BlackSuit: It employs multiple techniques to infiltrate victim networks, including phishing campaigns, exploiting Remote Desktop Protocol (RDP), targeting vulnerabilities in public-facing applications, leveraging access brokers, and harvesting VPN credentials from stealer logs.
