Indian Websites Faced Over 180 Crore Cyberattacks In January-March: Report
The report showed a 261% rise in cyberattack in India compared to a 765 rise globally in the first quarter of 2024.
Indian websites faced more than 180 crore cyberattacks in the first quarter of the calendar year 2024, according to a recent report by application security SaaS company Indusface. This results in an increase of 261% in cyberattacks in India, compared to a 76% rise globally in the quarter when compared to the first quarter of 2023, the report said.
The State of Application Security report showed that power and energy companies faced up to a 500-time higher number of attacks than the industry average, with ransom-seeking hackers targeting less regulated industries in an attempt to charge ransom.
Distributed denial-of-service attacks rose by 76% compared to Q1 2023. In most industries, DDoS was the No. 1 attack vector except retail, manufacturing, and healthcare, where bot attacks were more prevalent. According to the report, bot attacks are spreading rapidly, with 100% of healthcare apps and 90% of banking, financial services, and insurance apps witnessing a bot attack throughout the quarter.
Overall, bot attacks rose by 147% compared to the first quarter of 2023. The major countries from which bot attacks were observed other than India were the US, Germany, and Japan.
"2.5-time increase in attacks on Indian applications is a matter of great concern. Compared to last year, we are also seeing more attacks on unregulated industries such as power and manufacturing. Consistent with global trends, DDoS and bot continue to be the top two threat vectors employed by attackers in India,” said Ashish Tandon, founder and chief exeuctive of Indusface.
Around 614 zero-day vulnerabilities were identified for websites and APIs protected by Indusface’s AppTrana WAAP platform. The company also found 17,000 critical and high vulnerabilities on a sample size of 1,400 apps. Around 32% of the critical and high vulnerabilities were open for more than 180 days.
Banking, finance, and insurance were the most targeted sectors overall, facing 4x more encoding attacks and 3x more HTTP protocol enforcement attacks—which involve manipulating or abusing the HTTP protocol—compared to other industries. SQL injection attacks were prevalent in banking, insurance, SaaS and retail, while cross-site scripting attacks were common in financial services and healthcare.
The manufacturing industry was increasingly targeted with local file injection attacks, in which hackers tried to access protected folders by manipulating inputs, the report showed.
