India becomes world’s top target for cyberattacks

According to a recent report by Swiss cybersecurity firm Acronis, India has surpassed Brazil and Spain to become the nation most frequently targeted by cybercriminals. In May, a staggering 12.4% of Windows devices in India encountered malware, representing the highest rate globally. This figure climbed to 13.2% by June, highlighting a worrying trend in the country's digital landscape. The Acronis Cyberthreats Report for the first half of 2025 indicates that the Indian digital ecosystem is facing a 'perfect storm' of adverse conditions. The report analyzed threat intelligence from over a million devices worldwide, including laptops and smartphones. One significant concern highlighted is the rise in business email compromise attacks, which increased from 20% in early 2024 to 25.6% in the first half of 2025. Cybercriminals are leveraging advanced artificial intelligence tools to craft deceptive messages that mimic official communications, tricking users into revealing sensitive information such as passwords and credit card numbers. "Generative AI has significantly lowered the barriers for attackers, making phishing attempts, fraudulent invoices, and deepfake scams more accessible and difficult to detect," the report states. Rajesh Chhabra, general manager for India and South Asia at Acronis, noted that the post-pandemic shift to hybrid work models has left many organizations vulnerable due to insecure remote setups, particularly those connected to public networks. The report identifies several sectors at high risk, including manufacturing, information technology services, and telecommunications. The rising tide of cyberattacks in India reflects a broader global shift in cybercrime tactics. Ransomware groups like Cl0p, Akira, and Qilin have intensified their operations, often using trusted tools such as remote management software to deploy malware. As India becomes the epicenter of global cyber threats, Acronis emphasizes that organizations must recognize that prevention alone will not suffice. They must adopt a strategy of resilience and ensure rapid recovery capabilities are integral to their cybersecurity framework.