The Indian Computer Emergency Response Team (CERT-In), Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, a global cybersecurity company, collaborated to prepare India’s first Digital Threat Report, 2024.
The report launched by the Ministry of Electronics and Information Technology (MeitY) on Sunday, analyses the current and emerging cyber threats and defense strategies in India’s Banking, Financial Services and Insurance (BFSI) sector.
The report highlights that the BFSI sector is rapidly going digital, with digital payments expected to generate $3.1 trillion by 2028—around 35% of total banking revenues. However, this growth also widens the attack surface for cybercriminals, making robust cybersecurity more important than ever.
Despite this, key control gaps remain across industries—like weak access controls, excessive user privileges, and system misconfigurations. These aren’t just oversights, the report notes—they’re structural flaws that attackers repeatedly exploit.
What Are The Key Findings?
The report outlines several major cyber threats facing the BFSI sector today. These include data exfiltration, ransomware attacks that expose sensitive client information, and insecure APIs that can be exploited for unauthorised access.
In addition to identifying these risks, the report offers key recommendations to help organisations improve their cybersecurity posture and build stronger resilience against future attacks.
Social Engineering and Credential Theft
The 2024 Digital Threat Report highlights a sharp rise in social engineering attacks, especially Business Email Compromise (BEC) and advanced phishing campaigns. These threats now dominate the cyber landscape.
In over half (54%) of the BEC cases studied, attackers used a tactic called pretexting—where victims are tricked through a fake but convincing scenario. These scams often lead to employees revealing sensitive information, like bank credentials.
In many instances, cybercriminals posed as trusted individuals or internal contacts, convincing staff to transfer funds or change account details—believing the request was legitimate.
Phishing Attacks
The report reveals that phishing was responsible for 25% of all initial system breaches. Cybercriminals often pose as trusted sources—such as colleagues, service providers, or official institutions—to trick people into giving up sensitive information.
These attackers don’t stop at fake emails. They also use tools from the dark web, phishing kits, and info-stealing malware to gather passwords, usernames, and even website cookies. This data helps them bypass security measures like multi-factor authentication (MFA).
With stolen credentials, they can gain access to critical systems including email accounts, single sign-on platforms, VPNs, and SaaS applications—putting entire networks at risk.
Evolving Tactics
Cyber attackers are using new tricks to avoid detection. One tactic is switching up file types in phishing emails. While ZIP and RAR files are still common, hackers now use files like CHM (help files) and LNK (shortcuts), which often slip past security filters because they seem harmless.
The 2024 Digital Threat Report also warns about rising supply chain attacks, wherein, hackers break into developer accounts on code-sharing platforms and secretly add harmful code to popular apps. This malicious code is hidden well, making it hard to spot during security checks.
Cloud systems are another easy target—especially when companies don’t have strong protections. Attackers take advantage of weak passwords, missing multi-factor authentication, delayed updates, and poorly managed admin accounts.
Thus, attackers are getting smarter—not just by tricking people, but also by slipping through cracks in systems and software that many companies rely on.
AI Is Making Cybercrime Easier for Everyone
The report also highlights the growing role of artificial intelligence in this space. Cybercriminals, as the report states, now use AI to craft emails and messages that closely mimic the tone, language, and branding of real companies. Unlike older scams that were easy to spot because of poor grammar or awkward phrasing, these AI-generated messages are polished and convincing, it noted.
Attackers also use AI to personalise messages using publicly available information, increasing the chances that someone will fall for the scam. Tools like FraudGPT and WormGPT have made it easier for even low-skilled attackers to create convincing phishing emails, generate malware, and exploit security flaws. This means that launching a sophisticated cyberattack no longer requires deep technical knowledge—AI is lowering the bar.
In some cases, scammers are deploying AI-powered chatbots that engage people in real-time conversations, slowly building trust before asking for personal or login details. Deepfake technology adds another layer of deception, allowing attackers to create realistic audio or video clips that impersonate trusted individuals—tricking people into revealing sensitive information or approving fake requests.
The growing use of AI in cybercrime is helping attackers bypass traditional security checks, making phishing campaigns more dangerous and widespread than ever before.
What Can Policymakers Do?
To strengthen cybersecurity in India’s BFSI sector, the 2024 Digital Threat Report by CERT-In, CSIRT-Fin, and SISA recommends the following steps:
Make cybersecurity a business priority: Security should be treated as both a technical and commercial decision. Investing in cybersecurity isn’t just about protection—it’s key to maintaining business continuity, trust, and resilience.
Give CISOs a seat at the top table: Chief Information Security Officers (CISOs) should report directly to top leadership like CEOs and CROs. This helps align security with business goals and improves accountability.
Set unified standards for all digital payments: Security rules should apply consistently across all payment methods—not just cards, but also wallets, UPI, and QR codes. This ensures better protection across the board.
Build a skilled workforce: More trained and certified payment security professionals are needed. Certification programs can help close the talent gap and support safer payment systems.
Develop a responsible AI framework: Clear rules are needed for how AI and machine learning are used in the financial sector. These should focus on data privacy, ethical use, and transparency, while still allowing innovation to thrive.