Rapid digitisation exposed 95 entities to cyberattacks in 2024 in India, making it the second most attacked nation, according to a recent report by CloudSEK, a provider of artificial intelligence-driven threat intelligence. India was second only to the United States, which was the most targeted country, with 140 attacks.
The report offer insights into the scale, sophistication, and implications of cybercriminal activity in 2024, revealing the vulnerabilities and industries most at risk.
No industry or geography was immune to cyber threats in 2024. According to the report, retail, IT and technology, and communication sectors were hit the hardest. Retail alone accounted for over 230 victims, underscoring the value of customer data like payment card information.
Ransomware: A Relentless Threat
Ransomware attacks escalated in both scale and complexity this year:
Top Industries Affected: Manufacturing (16.3%), healthcare (10.8%), and real estate (12.1%) were disproportionately targeted, disrupting critical operations.
Ransom Demands Rise: Average demands peaked at over $2 million in late 2024, with ransom groups such as LockBit 3.0 and RansomHub leading these attacks.
Data Exfiltration Trends: Over 994TB of data was stolen, further emphasising the pivot towards double and triple extortion tactics.
Dark Web: Threat Actor Activity And Trends
The dark web remains a thriving marketplace for stolen data, illicit services, and digital espionage in 2024.
Highly Active Threat Actors: Out of hundreds of threat actors, 45 cybercriminals collectively traded over 534,833 GB (534TB) of stolen data, targeting businesses and individuals worldwide.
Key Forums: Platforms like BreachForums, Leakbase, and XSS dominated as hubs for data trading and illegal activities. BreachForums saw a sharp resurgence after a temporary FBI seizure in May, resulting in heightened activity through the latter half of the year.
Data In Demand: Threat actors sold personal identifiable information, credentials, customer data, medical records, and even government files, amplifying risks for organisations and individuals alike.
Exploited Vulnerabilities
The speed at which threat actors exploited newly disclosed vulnerabilities was concerning:
Critical Exploits: The CVE-2024-4577 (PHP CGI command injection) vulnerability was weaponised within weeks, impacting enterprise-grade systems. The CVE-2024-24919 (check point information disclosure) vulnerability was exploited widely to target government and enterprise networks.
Zero-Days On The Rise: High-profile vulnerabilities like CVE-2024-3400 (PAN-OS command injection) and CVE-2024-23897 (Jenkins CLI Path Traversal) showcased the growing sophistication of attackers.
Vendors In Focus: Linux, Microsoft, and Fortinet recorded the highest number of exploited flaws, reflecting their ubiquity in critical infrastructure.
In the face of evolving threats, CloudSEK emphasised the need for enterprises to address known vulnerabilities to close gaps to avoid exploitation. Organisations should also leverage AI-driven tools to detect and respond to threats in real-time; implement multi-factor authentication, privileged access management, and network segmentation. Developing a response plan to reduce downtime during an attack is also important. Additionally, companies must foster cybersecurity awareness across teams and collaborate with public-private networks to share intelligence.
RECOMMENDED FOR YOU
India Top APAC Target in Global Ransomware Surge
Aug 08, 2025
Average Cost Of Data Breach In India Rises 13% This Year: Report
Aug 08, 2025
Monsoons: India's Yearly Bonus — And The Cost Of Losing It, Again
Jul 23, 2025
'Panchayat' Actor Aasif Khan Suffers Heart Attack, Says He Is On Road To Recovery
Jul 15, 2025
POPULAR