Indian digital systems face surge in hacktivist attacks 2024

CloudSEK's recent research has disclosed a significant rise in hacktivist cyberattacks on India, with over 4,000 incidents occurring in 2024 alone.

The report indicates that these cyber incidents were not mere random acts of disruption but rather politically motivated efforts, often linked to global events, aiming to destabilise trust in India's digital systems. Hacktivist targets included critical sectors such as education, government, healthcare, and technology, affecting millions who depend on these services daily. The report cautions that in 2025, these attacks may grow in sophistication as hacktivist methods evolve in response to global developments.

A breakdown of the targeted sectors revealed that educational institutions bore the brunt of the attacks, accounting for 32.5% of the incidents. Government entities followed with 16.7%, technology firms with 9.9%, and healthcare with 6.7%. The report identified BondowosoBlackHat and Z-BL4CK-H4T as the most active hacktivist groups leading these assaults on Indian infrastructure.

The types of attacks frequently utilised by these hacktivist groups included website defacement, data breaches, and Distributed Denial-of-Service (DDoS) attacks. Notably, a significant increase in attack frequency was documented during India's Independence Day celebrations, particularly between 15th and 17th August, with over 200 attacks recorded in just three days.

Analysis of the motivations behind these cyberattacks reveals that hacktivists are driven by specific agendas rather than financial gain. CloudSEK noted that 65.5% of the attacks had links to the Palestinian cause, demonstrating how global geopolitical issues can surface within India's cyberspace. Another 13.3% were based on religious ideologies, aiming to exploit societal rifts, while 12.6% expressed a vehement anti-India sentiment. Additionally, activities were directed at India due to its alliances with Israel and support for the 'Free Kashmir' movement.

"The patterns we are seeing indicate a growing level of organization among hacktivist groups. Their ability to leverage geopolitical tensions to orchestrate large-scale attacks against critical infrastructure is a serious concern," said Varun Ajmera, Security Researcher at CloudSEK.

The tactics employed by these groups suggest a deliberate strategy to couple cyber vandalism with broader disruptive aims. Website defacement was often used to disseminate propaganda, while data breaches served to compromise sensitive information and erode public confidence. Despite their transitory nature, DDoS attacks were strategically timed to disrupt essential services.

"This isn't just about embarrassing organizations; it's about disrupting daily life, manipulating public sentiment, and even influencing national policies through cyber pressure," remarked Varun Ajmera.

Looking ahead to 2025, CloudSEK projects a further increase in hacktivist activity, potentially introducing new attack vectors. As digital infrastructure becomes increasingly vital, organisations are urged to adopt proactive cybersecurity strategies, incorporating enhanced threat intelligence and monitoring, regular security updates, and comprehensive incident response plans.

CloudSEK, recognised for its expertise in Digital Risk Protection and Threat Intelligence, offers advanced solutions to assist businesses in identifying and mitigating cyber threats. The firm's suite of products includes XVigil, BeVigil, and SVigil, which collectively aim to minimise digital risks by anticipating threats.