1.39 million cyberattacks handled in 2022, phishing attacks rise: Cert-In

Among 1.39 million cyber security cases last year, vulnerable services made up 875,892 of the total incidents tackled by Cert-In

Indian Computer Emergency Response Team (Cert-In) handled 1,391,457 cyber security incidents in 2022. Tracking the latest cyber threats and vulnerabilities in the country, the Cert-In 2022 Annual Report showed 653 security alerts, 38 advisories and 488 vulnerability notes published last year. The report also found an increase in phishing attacks, malware attacks, and vulnerable services. Here is a closer look at the report.

Cert-In comes under the Ministry of Electronics and Information Technology (MeitY) and plays a pivotal role in fortifying the nation's cyberspace. Established in January 2004 with the mission of ensuring the security of the country's digital realm, Cert-In's functions include incident prevention and response services, as well as security quality management services.

Highest number of security incidents among vulnerable services

Among 1.39 million cyber security cases last year, vulnerable services made up 875,892 of the total incidents. Vulnerable services refer to those that can leak information or are controlled by external threats. This can include data breaches, among other forms of cyber attacks. The exact nature of the vulnerabilities or specific data on the type of cases within this category handled by Cert-In was not provided in the report.

After vulnerable services, "unauthorised network scanning/probing" was the highest number of cases handled by the agency, with 324,620 incidents in 2022. Other form security incidents recorded by Cert-In included virus/ malicious code (161,757), website defacements (19,793), website intrusion & malware propagation (2,164), phishing (1,714), and others (5,517).

Domains with ".in" faced most defacement

Cert-In also dealt with 19,793 incidents of website defacements. This is a type of cyberattack that alters or compromises the contents of a website. Out of all the incidents of this nature, 15,702 cases belonged to website domains belonging to the ".in" domain, 3,582 to the ".com" domain, 194 to the ".org" domain, and 315 to other domains.

Decrease in cyber security incidents from 2021

Compared to 2021, Cert-In's 2022 annual report recorded a small decline in the number of cybersecurity incidents handled. In the latest report, 1.39 million incidents were recorded, less than 1.40 million reported in 2021. This is a 0.8 per cent decrease, according to a report by MoneyControl.

As far as the nature of cyber attacks within the last two years go, 2022 saw an increase in phishing attacks (230 per cent), malware attacks (45 per cent), and vulnerable services (20 per cent) compared to 2021. Phishing attacks have grown threefold in 2022 compared to the year prior, from 523 recorded in 2021 to 1,714 in 2022. Vulnerable service incidents increased from 728,276 in 2021 to 875,892 in 2022, and malware attacks increased from 1,489 in 2021 to 2,164 in 2022.

Meanwhile, unauthorised network scanning, virus malicious code, and website defacements were less than the year before.