The year 2025 is expected to be a challenging one for the security agencies with reports suggesting that crime crimes are going to increase multi-fold.
At almost all conferences of the law enforcement agencies, it has been discussed that cyber crimes will continue to pose a grave danger and could be more challenging when compared to other forms of terrorism.
While security agencies have a grip over terrorists and terror groups, the challenge for them remains cyber crimes. Officials dealing with such cases say the challenge is largely due to logistic issues. When crimes occur on social media platforms or mail service providers, these intermediaries often tend not to cooperate. There are some cases that have been pending for 10 years as these intermediaries do not share the required information, citing privacy, among others. Further, they are all based out of the country, and the legalities are a long-drawn process, explains one officer to the Organiser.
Cyber crimes in 2025
The Data Security Council of India (DSCI), in its India Cyber Threat Report 2025, says that AL-driven and deepfake-enabled cyber attacks are anticipated to become extremely high in 2025. The targets that would be most prone are the healthcare sector and financial institutions.
“Artificial Intelligence (AI) will be used to develop highly sophisticated phishing campaigns utilising deepfake technology and personalised attack vectors, making them harder to detect. AI-driven malware will adapt in real-time to evade traditional security measures, while data poisoning attacks will compromise the integrity of critical AI systems in sectors such as healthcare and autonomous transportation,” the DSCI report says.
Social engineering attacks would rise as deepfake technology will create compelling malicious content, which would include fake audio-video messages from trusted sources. New types of cyber attacks will crop up due to the integration of AI capabilities with vulnerabilities in supply chains.
The report noted that as AI tools become more accessible, the attackers can automate and scale their operations, which would make it easier to target a wide range of victims. This trend is likely to lead to a surge in ransomware attacks where actors demand payment for the restoration of compromised data.
Worrying statistics
Data available with the Ministry of Home Affairs shows that Indians lost Rs 1,750 crore between January and April 2024. The National Cybercrime Reporting Portal, managed by the Home Ministry, reported 740,000 complaints.
By May this year, the number of complaints had surged to 7,000 complaints daily, an increase of 113.7 per cent compared to 60.9 per cent in 2022-23.
85 per cent of these complaints pertained to financial online fraud. The escalation in the number of complaints is evident from 2019 to 2024 with 25,049 complaints recorded in 2029, 257,777 in 2020, 452,414 in 2021 and 966,790 in 2022. In 2023, the number of complaints stood at 1,556,218, while in the first four months of 2024, the number was at 740,957.
Gaming apps, online investment fraud, algorithm manipulations, illegal lending apps, OTP scams and extortion formed a majority of the cases. In 2023, 100,000 investment fraud cases were recorded. Rs 120 crore was lost in digital arrests. With 20,043 cases of trading scams, the loss incurred stood at 1,420 crore.
Vulnerable sectors
Cybercriminals will develop large-scale botnets and the vulnerabilities in poorly secured devices will be exploited to carry out Distributed Denial-of-Service (DDoS) attacks. This would result in disruption of essential services in industries such as manufacturing and healthcare which depend on edge computing, the DSCI report said.
“Critical infrastructure sectors in India, including healthcare, finance, and energy, will remain prime targets for cybercriminals. These attacks will aim to disrupt services, steal sensitive data, and exploit geopolitical tensions, emphasising the need for robust security frameworks and continuous monitoring to protect essential services,” the report also said.
Fake government service applications and fraudulent investment platforms will create hybrid threats in 2025. Cybercriminals will go on to create advanced applications that mimic government and investment benefit schemes using social engineering, influencer marketing and sophisticated malware to carry out financial fraud and identity theft, targeting public welfare recipients and retail investors, the report also noted.
The report also took note of the rise in cryptocurrency mining and said that this will lead to a rise in cryptojacking cases. The criminals will use malware to hijack computing resources to mine cryptocurrencies without the knowledge of the user.
Action by government
Recently, the Securities and Exchange Board of India (SEBI) issued new guidelines to strengthen the cybersecurity of the market infrastructure institutions such as stock exchanges, clearing corporations and depositories.
Some of the measures include conducting regular vulnerability scanning and patching of software and operating systems, implementing a user awareness and training program to educate employees about cyber security risks, using multi-factor authentication for all access to IT systems and implementing a configuration management database to track changes to IT systems.
SEBI also recommended regularly reviewing the Active Directory (AD) to identify and close backdoors, securing domain controllers (DCs) by patching them regularly, removing unnecessary software, and restricting access to administrators. Retaining and securing logs for security devices, applications, databases, and network devices and implementing network segregation to contain cyber incidents.
It said that this was necessary to protect the interests of the investors and to ensure the smooth functioning of the securities market. Further, the Government of India has implemented various initiatives and policies to combat cybersecurity challenges in India. It has set up the Indian Computer and Emergency Response Team (CERT-In), Cyber Surakshit Bharat, Cyber Swachhta Kendra and the National Cybersecurity Policy.
The government is also in talks to collaborate with more players to tackle this problem. This includes nurturing startups and empowering the next generation of cyber professionals.
The Ministry of Home Affairs has launched www.cybercrime.gov, which is the national cybercrime reporting portal. This allows round-the-clock reporting of all types of cybercrime with a special focus on cybercrime against women and children.
A National Toll Free helpline number (1930) has been operationalised to assist citizens in reporting and lodging cases. This Citizenship Financial Cyber Fraud Reporting and Management System was launched for immediate reporting of financial cyber frauds and preventing the siphoning of funds on a near real-time basis.
The way forward
The DSCI report recommended that embracing AI and Machine Learning for threat detection and response would help tackle the issue.
The report said, “the increasing complexity of cyber threats–such as zero-day exploits, polymorphic malware, and advanced persistent threats (APTs)–requires the automation and speed that AI-driven systems provide. CISOs should, therefore, prioritise…adopting AI-enhanced security operations…leveraging ML for predictive threat intelligence automating incident response.” The report said that the approach should not just be focused on prevention, but also on cyber resilience.
Comments