BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • News
      • AI Is Lowering the Bar for...
      News

      AI Is Lowering the Bar for Cybercrime in India’s Financial Sector: Report

      India’s first Digital Threat Report 2024, released by CERT-In, CSIRT-Fin, and cybersecurity firm SISA, urges policymakers to treat cybersecurity as a business priority and build a responsible AI framework.

      By -  Hera Rizwan
      Published -  10 April 2025 4:45 PM IST
    • Boomlive
      Listen to this Article
      AI Is Lowering the Bar for Cybercrime in India’s Financial Sector: Report

      India’s First Digital Threat Report Flags AI-Enabled Attacks

      • The report warns that as digital payments are set to touch $3.1 trillion by 2028—about 35% of banking revenues—the growing digital footprint is expanding the attack surface for cybercriminals.
      • Phishing alone caused 25% of all initial system breaches, with attackers using malware, phishing kits, and stolen credentials to bypass multi-factor authentication and infiltrate critical systems.
      • AI is accelerating the threat landscape—attackers now use tools like FraudGPT and WormGPT to craft flawless phishing emails, generate malware, and even personalize attacks using public data.
      • The report calls for cybersecurity to be treated as a strategic business priority, not just a technical function, to ensure resilience and maintain trust.

      The Indian Computer Emergency Response Team (CERT-In), Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, a global cybersecurity company, collaborated to prepare India’s first Digital Threat Report, 2024.

      The report launched by the Ministry of Electronics and Information Technology (MeitY) on Sunday, analyses the current and emerging cyber threats and defense strategies in India’s Banking, Financial Services and Insurance (BFSI) sector.

      The report highlights that the BFSI sector is rapidly going digital, with digital payments expected to generate $3.1 trillion by 2028—around 35% of total banking revenues. However, this growth also widens the attack surface for cybercriminals, making robust cybersecurity more important than ever.

      Despite this, key control gaps remain across industries—like weak access controls, excessive user privileges, and system misconfigurations. These aren’t just oversights, the report notes—they’re structural flaws that attackers repeatedly exploit.

      Also Read:Hackers May Have Stolen Patient Data from India’s Largest Hospital Chain

      What Are The Key Findings?

      The report outlines several major cyber threats facing the BFSI sector today. These include data exfiltration, ransomware attacks that expose sensitive client information, and insecure APIs that can be exploited for unauthorised access.

      In addition to identifying these risks, the report offers key recommendations to help organisations improve their cybersecurity posture and build stronger resilience against future attacks.

      Social Engineering and Credential Theft

      The 2024 Digital Threat Report highlights a sharp rise in social engineering attacks, especially Business Email Compromise (BEC) and advanced phishing campaigns. These threats now dominate the cyber landscape.

      In over half (54%) of the BEC cases studied, attackers used a tactic called pretexting—where victims are tricked through a fake but convincing scenario. These scams often lead to employees revealing sensitive information, like bank credentials.

      In many instances, cybercriminals posed as trusted individuals or internal contacts, convincing staff to transfer funds or change account details—believing the request was legitimate.

      Phishing Attacks

      The report reveals that phishing was responsible for 25% of all initial system breaches. Cybercriminals often pose as trusted sources—such as colleagues, service providers, or official institutions—to trick people into giving up sensitive information.

      These attackers don’t stop at fake emails. They also use tools from the dark web, phishing kits, and info-stealing malware to gather passwords, usernames, and even website cookies. This data helps them bypass security measures like multi-factor authentication (MFA).

      With stolen credentials, they can gain access to critical systems including email accounts, single sign-on platforms, VPNs, and SaaS applications—putting entire networks at risk.

      Evolving Tactics

      Cyber attackers are using new tricks to avoid detection. One tactic is switching up file types in phishing emails. While ZIP and RAR files are still common, hackers now use files like CHM (help files) and LNK (shortcuts), which often slip past security filters because they seem harmless.

      The 2024 Digital Threat Report also warns about rising supply chain attacks, wherein, hackers break into developer accounts on code-sharing platforms and secretly add harmful code to popular apps. This malicious code is hidden well, making it hard to spot during security checks.

      Cloud systems are another easy target—especially when companies don’t have strong protections. Attackers take advantage of weak passwords, missing multi-factor authentication, delayed updates, and poorly managed admin accounts.

      Thus, attackers are getting smarter—not just by tricking people, but also by slipping through cracks in systems and software that many companies rely on.

      Also Read:DIY Fraud: How Fake Aadhaar And PAN Are Sold Like Fast Food

      AI Is Making Cybercrime Easier for Everyone

      The report also highlights the growing role of artificial intelligence in this space. Cybercriminals, as the report states, now use AI to craft emails and messages that closely mimic the tone, language, and branding of real companies. Unlike older scams that were easy to spot because of poor grammar or awkward phrasing, these AI-generated messages are polished and convincing, it noted.

      Attackers also use AI to personalise messages using publicly available information, increasing the chances that someone will fall for the scam. Tools like FraudGPT and WormGPT have made it easier for even low-skilled attackers to create convincing phishing emails, generate malware, and exploit security flaws. This means that launching a sophisticated cyberattack no longer requires deep technical knowledge—AI is lowering the bar.

      In some cases, scammers are deploying AI-powered chatbots that engage people in real-time conversations, slowly building trust before asking for personal or login details. Deepfake technology adds another layer of deception, allowing attackers to create realistic audio or video clips that impersonate trusted individuals—tricking people into revealing sensitive information or approving fake requests.

      The growing use of AI in cybercrime is helping attackers bypass traditional security checks, making phishing campaigns more dangerous and widespread than ever before.

      Also Read:How A Google Search Cost A Hyderabad Woman Rs 2 Lakhs

      What Can Policymakers Do?

      To strengthen cybersecurity in India’s BFSI sector, the 2024 Digital Threat Report by CERT-In, CSIRT-Fin, and SISA recommends the following steps:

      Make cybersecurity a business priority: Security should be treated as both a technical and commercial decision. Investing in cybersecurity isn’t just about protection—it’s key to maintaining business continuity, trust, and resilience.

      Give CISOs a seat at the top table: Chief Information Security Officers (CISOs) should report directly to top leadership like CEOs and CROs. This helps align security with business goals and improves accountability.

      Set unified standards for all digital payments: Security rules should apply consistently across all payment methods—not just cards, but also wallets, UPI, and QR codes. This ensures better protection across the board.

      Build a skilled workforce: More trained and certified payment security professionals are needed. Certification programs can help close the talent gap and support safer payment systems.

      Develop a responsible AI framework: Clear rules are needed for how AI and machine learning are used in the financial sector. These should focus on data privacy, ethical use, and transparency, while still allowing innovation to thrive.

      Also Read:Digital Arrest: India’s New Con Artists Don't Hack Computers—They Hack Minds


      Tags

      CybercrimeCyber attackPhishingArtificial IntelligenceIndiaMeitY
      Read Full Article
      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!