Cybercrime in India

India is one of the fastest-growing digital markets globally, with over 800 million
internet users as of 2023. This rapid digital adoption has created a fertile ground for
cybercriminals to exploit vulnerabilities. As per reports, cybercrime cases in India
have surged dramatically, with a 63.5% increase in reported incidents between 2020
and 2022. The COVID-19 pandemic accelerated this trend as more people turned to
online services for work, education, and shopping.
Factors Contributing to the Rise of Cybercrime
Several factors contribute to the increasing prevalence of cybercrime in India:
Increased Digital Adoption: The post-COVID-19 era has seen a surge in online
transactions and services, creating more opportunities for cybercriminals.
1. Lack of Awareness: Many users lack basic cybersecurity knowledge, making
them vulnerable targets. A significant portion of the population is unaware of safe
online practices, which exacerbates the problem.
2. Inadequate Infrastructure: Small businesses often do not have sufficient
resources to implement effective cybersecurity measures. Many organizations
prioritize growth over security, leading to vulnerabilities.
3. Weak Law Enforcement Response: Law enforcement agencies struggle to keep
pace with the evolving landscape of cyber threats. There is often a lack of trained
personnel and resources dedicated to investigating cybercrimes.
Common Types of Cybercrime in India
The landscape of cybercrime in India encompasses various illegal activities facilitated
by digital technology. Some of the most common types include:
Hacking and Data Breaches
Hacking refers to unauthorized access to data, systems, or networks. High-profile
cases, such as breaches involving Indian banking systems and government websites,
highlight the severity of this threat. Data breaches expose sensitive personal
information, leading to identity theft, financial loss, and privacy violations.For
instance, the 2018 Aadhaar data breach compromised the personal information of over
1.1 billion Indian citizens. Hackers exploited vulnerabilities in the system to access
critical data like names, addresses, and biometric details.
Identity Theft
Identity theft occurs when cybercriminals steal personal information such as Aadhaar
details or banking credentials. In India, cases of Aadhaar-linked identity theft have
risen sharply. Attackers use stolen identities to commit fraud or gain unauthorized
access to financial accounts.A notable case involved a group that used stolen Aadhaar
numbers to create fake identities and open bank accounts for money laundering
purposes. This incident underscores the risks associated with inadequate data
protection measures.
Financial Frauds and Scams
Financial scams are rampant in India, often taking the form of phishing emails, fake
banking websites, or fraudulent calls asking for sensitive information. Scammers
frequently impersonate government officials or bank representatives to trick
individuals into revealing passwords or OTPs (One-Time Passwords), leading to
significant financial losses.For example, during the pandemic, there was a surge in
COVID-19-related scams where fraudsters posed as health officials offering fake
vaccination appointments or selling counterfeit medical supplies online.
Cyberstalking and Harassment
With the increasing use of social media platforms like Facebook and Instagram,
cyberstalking and online harassment have become more prevalent. Victims—often
women and young users—face threats, abuse, and bullying online. Although laws
exist to combat such behavior, many cases go unreported due to social stigma or fear
of retaliation.A prominent case involved a young woman who was stalked online by
an acquaintance who used social media to harass her relentlessly. This case
highlighted the need for better awareness and reporting mechanisms for victims of
online harassment.
Ransomware Attacks
Ransomware attacks involve cybercriminals encrypting a victim's data and demanding
payment for decryption keys. Indian businesses have increasingly fallen victim to
these attacks in recent years.In 2020, several Indian companies were targeted by
ransomware attacks that disrupted operations and cost millions in recovery efforts.
For instance, Dr. Reddy's Laboratories faced a significant ransomware attack that
affected its operations globally.
The Impact of Cybercrime on Indian Society
The repercussions of cybercrime extend beyond financial losses for individuals and
businesses; they also have broader societal implications:
Financial Loss: Individuals can suffer significant financial losses due to fraud or
identity theft. Businesses face economic setbacks from data breaches or ransomware
attacks that can lead to costly recovery processes.
Emotional Distress: Victims often experience emotional distress resulting from
identity theft or online harassment. The psychological toll can be severe, leading to
anxiety or depression.
Reputational Damage: Organizations that fall victim to cybercrimes may suffer
reputational damage that can take years to recover from. Customers may lose trust in
companies that fail to protect their data adequately.
Threats to National Security: Cybercrime can threaten national security when
critical infrastructure—such as power grids or government databases—is targeted by
malicious actors.
Notable Cyber Crime Incidents in India
India has witnessed several high-profile cybercrime incidents that underscore the
seriousness of this issue:
Aadhaar Data Breach (2018): This incident involved unauthorized access to
sensitive personal information stored within India's biometric identification system.
The breach exposed data belonging to over 1 billion citizens and raised concerns
about privacy protections within government databases.
Dr. Reddy's Laboratories Ransomware Attack (2020): The pharmaceutical giant
was hit by a ransomware attack that disrupted its operations significantly during a
critical time when it was involved in COVID-19 vaccine development.
Banking Sector Breaches: Several Indian banks have reported breaches where hackers
accessed customer accounts through phishing schemes or exploiting vulnerabilities
within their systems.
Legal Framework Addressing Cybercrime
India's legal framework for combating cybercrime is primarily governed by
the Information Technology Act (IT Act), 2000, which was amended in 2008. This
legislation provides a basis for investigating and prosecuting various cyber offenses
but has been criticized for being outdated given the rapid evolution of
technology.Recent developments have introduced new laws aimed at enhancing
cybersecurity:
Bharatiya Nyaya Sanhita (BNS): This law replaces certain provisions under the
Indian Penal Code (IPC) concerning offenses related to technology misuse and
includes specific provisions addressing various forms of cybercrime.
Bharatiya Nagrik Suraksha Sanhita (BNSS): Focuses on citizen protection against
crimes facilitated by technology while establishing penalties for offenders engaged in
cyber offenses.
Bharatiya Sakshya Adhiniyam (BSA): Provides guidelines on evidence collection
in cases involving electronic records and digital evidence admissibility during trials.
These laws aim to modernize India's approach toward cybersecurity while ensuring
that legal provisions keep pace with technological advancements.
Government Initiatives Against Cybercrime
The Indian government has implemented several initiatives aimed at combating
cybercrime effectively:
Indian Cyber Crime Coordination Centre (I4C)
Established under the Ministry of Home Affairs (MHA), I4C serves as a nodal point
for managing all types of cyber crimes nationwide. It aims to enhance coordination
among law enforcement agencies while improving response capabilities through
training programs and public awareness campaigns.
National Cyber Crime Reporting Portal
This online platform allows citizens to report various types of cyber crimes securely
and anonymously. It focuses particularly on crimes against women and children while
facilitating faster responses from law enforcement agencies.
Cyber Fraud Mitigation Centre (CFMC)
The CFMC aims to address online financial fraud by facilitating cooperation between
banks, telecom companies, and law enforcement agencies while providing guidance
on best practices for preventing fraud-related incidents.
Samanvaya Platform
A unified database for data sharing among law enforcement agencies across India
enhances cooperation among states when tackling cyber crimes effectively while
enabling better intelligence gathering on emerging threats.
Cyber Commandos Initiative
This program trains specialized personnel who will be deployed across states to
counteract cybersecurity threats effectively while providing technical assistance
during investigations into complex cases involving advanced technologies used by
criminals.
Challenges in Combatting Cyber Crime
Despite these initiatives aimed at curbing cybercrime rates across India’s rapidly
evolving digital landscape, several challenges persist:
Shortage of Skilled Professionals: There is a significant shortage of trained
cybersecurity professionals capable of addressing complex threats posed by
sophisticated attackers utilizing advanced techniques such as AI-driven malware or
zero-day exploits.
Underreporting: Many victims do not report incidents due either due fear or lack
awareness about available reporting mechanisms which further exacerbates existing
problems related understanding true scale impact these crimes have society overall .
Cross-Border Nature: The cross-border nature complicates investigations due
jurisdictional issues making it difficult prosecute offenders operating from outside
country’s borders .
Reporting Mechanisms for Cyber Crime
Victims can report cybercrimes through several channels:
Local Police Stations or Cyber Crime Cells: Specialized units established by state
police departments handle these cases.
National Cyber Crime Reporting Portal: This platform facilitates online reporting
various types offenses including phishing scams identity theft ransomware attacks .
Indian Computer Emergency Response Team (CERT-In): Offers guidance
responding cybersecurity incidents providing support organizations facing attacks .
4 . Dedicated Helplines : Many states have established helplines specifically
reporting these crimes allowing victims receive immediate assistance .
Role of Technology in Preventing Cyber Crime
Advancements technology play crucial role combating threats posed malicious actors
utilizing sophisticated techniques evade detection :
Artificial Intelligence (AI) Machine Learning (ML) are utilized real-time threat
detection identifying anomalies patterns behavior indicative potential attacks before
they occur .
Encryption technologies help secure sensitive information against unauthorized access
ensuring confidentiality integrity transmitted stored data .
Protective Measures for Businesses and Individuals
To safeguard against rising tide criminal activity both businesses individuals must
adopt proactive measures :
Businesses should:
1) Regularly update security software ensuring vulnerabilities patched latest
versions applications used protect systems against known exploits .
2) Train employees on cybersecurity best practices educating them recognize signs
phishing attempts social engineering tactics employed attackers target
unsuspecting victims .
3) Conduct regular audits systems identifying areas improvement implementing
stronger controls safeguard sensitive information stored processed organization’s
infrastructure .
4) Invest cyber insurance policies covering potential losses incurred due breaches
helping mitigate financial impact resulting incidents occurring despite preventive
measures taken place beforehand .
Individuals can:
1. Use strong unique passwords all accounts employing password managers
securely store credentials reducing likelihood falling prey credential stuffing
attacks where attackers utilize stolen credentials gain unauthorized access
multiple accounts simultaneously .
2. Enable multi-factor authentication wherever possible adding additional layer
security requiring verification second factor beyond just password alone before
granting access account services provided online platforms utilized regularly .
3. Avoid clicking suspicious links downloading unknown files ensuring safety
browsing habits reducing risk inadvertently downloading malware compromising
devices security integrity overall .
4. Regularly update software devices keeping operating systems applications current
minimizing exposure known vulnerabilities exploited malicious actors seeking
infiltrate networks gain foothold within environments targeted specifically based
upon weaknesses identified during reconnaissance phases conducted prior
launching attacks against them directly.

The Future Of Cyber Crime In India

As India continues its digital journey forward addressing challenges posed by ever-
evolving nature threats presented criminals will require collective action from
stakeholders involved including individuals businesses government entities alike
working together create secure environment conducive growth innovation without
compromising safety security citizens utilizing services offered digitally across board
spectrum available today .While new technologies bring convenience they also
present new challenges form emerging threats necessitating stronger regulations
improved law enforcement widespread awareness campaigns essential creating more
resilient society capable combating risks associated with increased reliance
technology everyday life experiences encountered daily basis whether personal
professional settings alike alike .

Conclusion
Cybercrime represents growing menace requiring urgent collective action individuals
businesses governments alike working together mitigate damage caused criminals
operating within shadows exploiting weaknesses found everywhere across
interconnected world we live today . By staying informed about risks adopting
proactive measures stakeholders can minimize impact criminal activities while
embracing opportunities presented digital age offers without compromising safety
security everyone involved throughout process itself .The digital age offers countless
opportunities but it also demands vigilance responsibility every online user ensuring
safe secure experiences enjoyed future generations ahead us all .

Cybercrime: An Ever-Growing Global Threat

Cybercrime encompasses a wide range of illegal activities conducted through digital

devices, primarily involving computers and the internet. This report highlights ten
recent cybercrime incidents from around the globe, including significant events in
India, and provides definitions and context for each case.

Definitions of Cyber Crimes

  Hacking: Unauthorized access to computer systems or networks to steal,
manipulate, or destroy data.
 Ransomware: A type of malware that encrypts files on a victim's device,
rendering them inaccessible until a ransom is paid to the attacker.
 Phishing: A fraudulent attempt to obtain sensitive information such as
usernames, passwords, and credit card details by masquerading as a
trustworthy entity in electronic communications.
 Data Breach: An incident where unauthorized individuals gain access to
sensitive data, often leading to data theft and identity fraud.
 Identity Theft: The unauthorized use of someone else's personal information,
typically for financial gain.
 DDoS Attack (Distributed Denial of Service): An attempt to make an online
service unavailable by overwhelming it with traffic from multiple sources.
 Malware: Malicious software designed to harm or exploit any programmable
device or network.
 Cyberstalking: The use of the internet or other electronic means to stalk or
harass an individual, group, or organization.
 Online Fraud: Various types of scams conducted online, including
investment frauds and fake auctions.
 Cryptojacking: The unauthorized use of someone else's computer to mine
cryptocurrency.

Recent Cyber Crime Incidents

1. WazirX Crypto Exchange Breach (India)

In early 2024, WazirX, one of India's leading cryptocurrency exchanges, suffered a

significant data breach involving a multisig wallet managed by Liminal’s custody
services. Attackers exploited vulnerabilities in the system, resulting in the theft of
over $230 million worth of cryptocurrencies. Despite having robust security
measures, discrepancies between Liminal’s interface and actual transaction data
allowed unauthorized access.
2. AT&T Data Breach (USA)

In March 2024, AT&T reported a massive data breach affecting approximately 7.6
million current and 65.4 million former customers. The stolen data included
sensitive information such as social security numbers and account details, which
surfaced on the dark web. The breach was linked to vulnerabilities dating back to
2019.

3. MOVEit Data Breach (Global)

The MOVEit Managed File Transfer application was hit by a ransomware attack in
2023 that exposed confidential data belonging to over 77 million individuals and
more than 2,600 organizations globally. The CLOP malware gang exploited a
security flaw to deploy ransomware and leak sensitive information.

4. Change Healthcare Ransomware Attack (USA)

In February 2024, Change Healthcare suffered a ransomware attack that disrupted

operations across the U.S. healthcare system for weeks. The attack was attributed to
the Blackcat/Alphv cybercriminal group, which demanded a ransom after
compromising sensitive patient data.

5. Hathway ISP Data Breach (India)

In early 2024, Hathway, one of India’s largest ISPs and cable TV operators,
experienced a data breach that exposed personal information of over 41.5 million
customers due to vulnerabilities in its content management system. The leaked data
included names, email addresses, phone numbers, and physical addresses.

6. Bank of America Ransomware Attack (USA)

In February 2024, Bank of America reported a ransomware attack targeting Mccamish

Systems, one of its service providers. The breach affected more than 55,000
customers and involved unauthorized access to personal details such as social
security numbers and account information.

7. Telangana Police Hawk Eye App Data Breach (India)

In May 2024, the Telangana police's Hawk Eye app suffered a data breach exposing
sensitive information belonging to approximately 200,000 citizens. The hacker
attempted to sell this data on dark web forums for $150 before being apprehended by
law enforcement.

8. Polycab Ransomware Attack (India)

Polycab India Limited faced a ransomware attack in early 2024, where attackers
demanded $5,000 for stolen company data. This incident highlighted vulnerabilities
within corporate cybersecurity practices in India amid rising cyber threats.

9. Ticketmaster Data Breach (Global)

In May 2024, Ticketmaster experienced a significant breach where over 560 million
customer records were leaked online, including payment information and personal
details such as names and addresses. This incident raised concerns regarding customer
data protection practices within large organizations.

10. Ivanti VPN Attacks (USA)

In February 2024, it was reported that a China-linked threat group hijacked hundreds
of small office/home office routers in the U.S., compromising critical infrastructure
providers' networks for espionage purposes. This incident underscored the ongoing
threat posed by state-sponsored cyber activities targeting vital services.

Conclusion

The incidents listed in this report demonstrate the global scale and impact of
cybercrime. Whether through data breaches, ransomware attacks, or state-sponsored
espionage, the threat posed by cybercriminals is growing in both sophistication and
reach. Individuals, businesses, and governments must prioritize cybersecurity to
protect sensitive data and infrastructure in this increasingly digital world.