Phishing Attacks in India

General Studies Paper-3 

Context: According to the 2024 Data Breach Investigations Report by Verizon Business, India is one of the key countries affected by phishing attacks.

Key Findings

• The espionage attacks dominate Asia-Pacific’s (APAC) cyber security landscape, including that of India.
• Some 25% of APAC cyberattacks are motivated by espionage, significantly greater than the 6% and 4% in Europe and North America, respectively.
• System intrusion, social engineering, and basic web application attacks represent 95% of breaches in APAC.
  • The most common types of data compromised are credentials (69%), internal (37%), and secrets (24%).

What is a Phishing Attack?

• Phishing is a type of cyberattack which attempts to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or other important data in order to utilize or sell the stolen information.
• By pretending as a reputable source with an enticing request, an attacker lures in the victim in order to trick them.

Reasons for phishing attacks

• The report mentioned that In 2023, 15 percent of breaches involve a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.
• About 68 percent of breaches, whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack.

Steps taken by Government

• Information Technology Act, 2000: Section 43, 66, 70, and 74 of the IT Act, 2000 deal with hacking and cyber crimes.
• Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on a regular basis.
• National Cyber Coordination Centre (NCCC) has been set up to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious programs and provides free tools to remove the same.
• Bharat National Cyber Security Exercise 2023: Bharat NCX will help strategic leaders to better understand cyber threats, assess readiness, and develop skills for cyber crisis management and cooperation.
• Chakshu Facility: It is a newly introduced feature on the Sanchar Saathi portal that encourages citizens to proactively report suspected fraudulent communications received via call, SMS, or WhatsApp.

Concluding Remarks

• India is one of the key countries affected by phishing attacks, where employees often click on malicious links or attachments, often leading to severe financial losses.
• However, there’s a silver lining as reporting practices have improved, with 20 percent of users now identifying and reporting phishing during simulation tests.