India’s Healthcare Sector Battling 6,953 Weekly Cyberattacks: Report
India, June 28, 2024- Check Point Software Technologies Ltd., a leading AI-powered, cloud-delivered cyber security platform provider, has unveiled its latest Threat Intelligence Report for the Indian market revealing cyber numbers for the last six months. The report reveals that the Indian healthcare sector has become a major target for cybercriminals, experiencing an average of 6,935 cyberattacks per week over the past six months, compared to 1,821 attacks per organization globally. This alarming trend highlights the increased attack surface due to the rapid adoption of technologies such as electronic health records (EHRs), telemedicine, and Internet of Things (IoT) devices.
The report also highlights that Indian organizations, on average, were targeted 2,924 times per week over the past six months, compared to 1,401 attacks per organization globally. The most prevalent malware in India is FakeUpdates, accompanied by other malicious software such as botnets and a Remote Access Trojan (RAT) named Remcos. Information disclosure is the most commonly exploited vulnerability in India, affecting 72% of organizations, followed by Remote Code Execution impacting 62%, and Authentication Bypass affecting 52%.
In the past 30 days, 63% of malicious files in India were delivered via email, while 37% were delivered through the web. Notably, 58% of the top malicious files delivered via email were executable files, while 59% of malicious files delivered via the web were PDF files.
Sundar Balasubramanian, Managing Director for India and SAARC at Check Point Software Technologies, commented, “The simplicity of spoofing email addresses and the capability to deliver weaponized content make email a powerful tool for spreading malware, stealing credentials, and executing social engineering attacks. Check Point urges users to avoid opening unverified email attachments, use strong passwords, enable multi-factor authentication, and exercise caution with unsolicited or suspicious emails.”
Balasubramanian emphasized the need for a proactive approach to cybersecurity, stating, “Preventive measures, such as regular software updates, employee training, and the deployment of advanced security solutions, are essential to mitigate the growing threat landscape. By staying vigilant and adopting a comprehensive security strategy, organizations can safeguard their assets and maintain the trust of their stakeholders.
The report also highlighted several major cyber-attacks and data breaches like
In March 2024, researchers uncovered a sophisticated cyber espionage campaign named SPIKEDWINE, targeting European diplomats through a malicious PDF disguised as an invitation from the Ambassador of India. This campaign, believed to be orchestrated by a nation-state actor, employs a previously undocumented backdoor called WINELOADER and advanced Tactics, Techniques, and Procedures (TTPs), exploiting geopolitical relations.
In January 2024, the ransomware-as-a-service group Medusa breached the nonprofit organization Water for People, which works to improve access to clean water in countries including Guatemala, Honduras, Mozambique, and India. The cybercriminals demanded a $300K extortion fee to avoid leaking stolen data, although the organization’s financial systems and business operations were not impacted.
In the same month, India’s National Aerospace Laboratories suffered a ransomware attack by the LockBit ransomware group, which leaked several documents allegedly exfiltrated during the breach.
In March 2023, an analysis revealed a campaign targeting Indian and Pakistani Android users through romance scams on messaging apps, which lured victims into downloading a remote access Trojan under the guise of a secure app.
