India faced an unprecedented wave of cyberattacks between October 2024 and September 2025, with security firm Seqrite detecting 265.52 million threats across 8 million endpoints, averaging 505 attacks per minute. This staggering volume reveals how rapidly cybercriminals are exploiting India’s expanding digital footprint.
The Numbers Tell a Troubling Story
The attack landscape remained remarkably consistent throughout the year, with monthly detections ranging from 17.6 million to 23.1 million. Trojans led the charge with 88.4 million detections, followed closely by file-infecting malware at 71.1 million. Together, these two categories accounted for nearly 70% of all attacks, demonstrating that attackers still rely heavily on tried-and-tested methods such as phishing emails, cracked software, and unpatched systems.
Interestingly, while ransomware accounted for less than 1% of total detections, it delivered the highest financial impact. January 2025 marked the peak, with 185 ransomware incidents and 113,000 detections, driven by aggressive campaigns such as Xelera and Weaxor.
Who’s Getting Hit the Hardest
Maharashtra emerged as the most targeted state with 36.1 million detections, followed by Gujarat (24.1 million) and Delhi (15.4 million). Mumbai, New Delhi, and Kolkata topped the list of attacked cities, reflecting their concentration of financial, political, and industrial activity.
From an industry perspective, education, healthcare, and manufacturing bore the brunt—collectively accounting for 47% of all detections. These sectors remain attractive targets due to resource constraints, legacy systems, and valuable data repositories.
A New Era of Threats
The report highlights several concerning trends that signal a shift in how cyberattacks are being executed. AI-assisted phishing campaigns can now generate real-time, contextual responses that make scams nearly indistinguishable from legitimate communications. Attackers are also exploiting OAuth tokens to compromise cloud identities, while cryptojacking—where hackers hijack computing power to mine cryptocurrency—has quietly surged past ransomware in the number of detections.
Operation Sindoor, a coordinated campaign combining state-sponsored actors with hacktivist groups, demonstrated how cyber warfare has evolved beyond simple data theft into strategic disruption campaigns targeting government and defense institutions.
The AI Wild Card
Perhaps most alarming is the weaponization of artificial intelligence by cybercriminals. The report warns that 2026 will usher in “cognitive intrusions,” where AI enables automated reconnaissance, adaptive evasion techniques, and personalized social engineering at unprecedented scale. Attackers can now create “digital twins” that mimic trusted contacts with frightening accuracy, making traditional security awareness training less effective.
What Needs to Change
The report emphasizes that organizations must shift from reactive defense to predictive security. Traditional approaches like patch management remain critical—the data shows poor patch hygiene continues to be the most exploited weakness. However, companies also need AI-driven threat prediction, zero-trust identity management, and continuous behavioral monitoring.
Seqrite’s research underscores a fundamental reality: India’s rapid digital transformation has created enormous opportunities, but also massive vulnerabilities. With 505 cyberattacks occurring every minute, the question is no longer if an organization will be targeted, but when—and whether they’ll be prepared to respond effectively. The cybersecurity battle has evolved from a technology problem into a strategic business imperative that demands immediate attention from leadership teams across sectors.
