Out of the 1.39 million cybersecurity incidents that CERT-In tackled, the mitigation of vulnerable services accounted for the largest number of incidents handled by the agency, totaling 875,892.
India’s nodal agency to deal with cybersecurity threats, the Indian Computer Emergency Response Team (CERT-In) handled 1,391,457 cybersecurity incidents in 2022, highlighting the vast number of cyber attacks the country faces in terms of malware, phishing, distributed denial of service, ransomware attacks and data breaches.
Out of the 1.39 million cybersecurity incidents that CERT-In tackled, the mitigation of vulnerable services accounted for the largest number of incidents handled by the agency, totaling 875,892. Vulnerable services are those that can leak information or be controlled by external threat actors.
It is not clear from the data whether these vulnerable services were dealt with before they faced a cyber attack, or after, which could have led to a data breach or any other sort of compromise.
This figures are part of CERT-In’s annual report for 2022, which was released recently.
It is important to note that while the total number of incidents CERT-In tackled includes ransomware attacks and data breaches, the annual report does not provide specific details on the number of each type of attack the agency had to deal with.
Apart from mitigating vulnerable services, CERT-In tackled 161,757 incidents of attacks using viruses or malicious codes; and 324,620 incidents of unauthorised network scanning or probing. A scanning attack is a method used by threat actors to identify vulnerabilities in a network or system.
CERT-In also had to deal with a significant number of website defacements, a type of cyberattack in which attackers compromise and alter the content of websites. In 2022, CERT-In documented 19,793 defacement incidents. Out of the 19,793 incidents, 15,702 attacks were on websites belonging to the .in domain, 3,582 to the .com domain, and so on.
2022 vs 2021
Interestingly, when compared to 2021, CERT-In saw a marginal decrease in the number of cybersecurity incidents it tackled in 2022. In 2021, it tracked 1.40 million incidents, reflecting a 0.8 percent decrease, a Moneycontrol analysis showed.
This decrease in the total figures for 2022, was proportionate to the decrease in different type of attacks such as unuthorised network scanning, virus malicious code, website defacements and so on, when compared to 2021.
However, 2022 saw a major increase in phishing attacks, vulnerable services and malware attacks when compared to 2021.
While in 2021, CERT-In tackled 1,489 incidents of website intrusion and malware propagation, in 2022 the figure rose to 2,164, translating to a 45 percent increase.
Phishing attacks, too, saw a more than 3x increase from 523 incidents in 2021 and 1714 incidents in 2022. The increase in such type of attacks indicate the method preferred by threat actors for targeting citizens.
Tackling of vulnerable services increased from 728,276 in 2021 to 875,892 in 2022 — a 20 percent increase.
Discover the latest business news, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!