Indian healthcare sector faces 6,953 cyberattacks weekly, outpacing global rates: Check Point threat intelligence report

Check Point Software Technologies Ltd. has unveiled its latest Threat Intelligence Report for the Indian market revealing cyber numbers for the last six months. The report reveals that the Indian healthcare sector has become a major target for cybercriminals, experiencing an average of 6,935 cyberattacks per week over the past six months, compared to 1,821 attacks per organisation globally. This alarming trend highlights the increased attack surface due to the rapid adoption of technologies such as electronic health records (EHRs), telemedicine, and Internet of Things (IoT) devices.

Following healthcare, the most attacked industries in India include Education/Research (6,244 attacks), Consulting (3,989 attacks), and Government/Military (3,618 attacks).

The report also highlights that Indian organisations, on average, were targeted 2,924 times per week over the past six months, compared to 1,401 attacks per organisation globally. The most prevalent malware in India is FakeUpdates, accompanied by other malicious software such as botnets and a Remote Access Trojan (RAT) named Remcos. Information disclosure is the most commonly exploited vulnerability in India, affecting 72% of organisations, followed by Remote Code Execution impacting 62%, and Authentication Bypass affecting 52%.

In the past 30 days, 63% of malicious files in India were delivered via email, while 37% were delivered through the web. Notably, 58% of the top malicious files delivered via email were executable files, while 59% of malicious files delivered via the web were PDF files.

Sundar Balasubramanian, Managing Director for India and SAARC at Check Point Software Technologies, commented, “The simplicity of spoofing email addresses and the capability to deliver weaponized content make email a powerful tool for spreading malware, stealing credentials, and executing social engineering attacks. Check Point urges users to avoid opening unverified email attachments, use strong passwords, enable multi-factor authentication, and exercise caution with unsolicited or suspicious emails.”

Balasubramanian emphasised the need for a proactive approach to cybersecurity, stating, “Preventive measures, such as regular software updates, employee training, and the deployment of advanced security solutions, are essential to mitigate the growing threat landscape. By staying vigilant and adopting a comprehensive security strategy, organisations can safeguard their assets and maintain the trust of their stakeholders.

The report also highlighted several major cyber-attacks and data breaches like

-In March 2024, researchers uncovered a sophisticated cyber espionage campaign named SPIKEDWINE, targeting European diplomats through a malicious PDF disguised as an invitation from the Ambassador of India. This campaign, believed to be orchestrated by a nation-state actor, employs a previously undocumented backdoor called WINELOADER and advanced Tactics, Techniques, and Procedures (TTPs), exploiting geopolitical relations.

-In January 2024, the ransomware-as-a-service group Medusa breached the nonprofit organisation Water for People, which works to improve access to clean water in countries including Guatemala, Honduras, Mozambique, and India. The cybercriminals demanded a $300K extortion fee to avoid leaking stolen data, although the organisation’s financial systems and business operations were not impacted.

-In the same month, India’s National Aerospace Laboratories suffered a ransomware attack by the LockBit ransomware group, which leaked several documents allegedly exfiltrated during the breach.

In March 2023, an analysis revealed a campaign targeting Indian and Pakistani Android users through romance scams on messaging apps, which lured victims into downloading a remote access Trojan under the guise of a secure app.