NEW DELHI: A recent report by the Data Security Council of India and Seqerite raised serious concerns about the increasing vulnerability of the finance and healthcare sectors to cyberattacks. The India Cyber Threat Report 2025 revealed that these industries would be at an alarming risk because of AI-powered threats and deepfake technologies in the upcoming year.

The report, which studied over 18 industries, highlighted the changing strategies of cybercriminals, with a particular emphasis on the growing threat of AI-driven attacks.

It said, “Artificial Intelligence (AI) will be used to develop highly sophisticated phishing campaigns utilising deepfake technology and personalized attack vectors, making them harder to detect. AI-driven malware will adapt in real-time to evade traditional security measures, while data poisoning attacks will compromise the integrity of critical AI systems in sectors such as healthcare and autonomous transportation.”

The report warned that deepfake technology would allow cybercriminals to facilitate much more compelling social engineering attacks by generating fake video and audio content to manipulate individuals into disclosing sensitive information or unknowingly executing malware.

Supply chain loopholes

It also revealed how the fusion of AI and supply chains loopholes could lead to new types of cyber threats as AI driven approaches could be used to take advantage of already compromised development resources and hardware manufacturing processes in order to launch intricate attacks and insert malicious codes.

AI embedded tools

With groundbreaking advancements in AI technology and its tools becoming more accessible to a wider population, attackers can easily invade a large section of the audience. This invasion is likely to set off a series of ransomware attacks, where imposters would demand payment to restore the sensitive data.

Poorly secured internet devices

The rise in internet enabled devices has also prompted a new way to carry out cyber attacks by exploiting the vulnerabilities in poorly secured tools using large-scale botnets. Cybercriminals often exploit these poorly secured devices to carry out Distributed Denial-of-Service (DDoS) attacks, which are likely to disrupt essential services in industries such as manufacturing and healthcare that depend on edge computing.

Imposing government platforms

Hybrid threats may also evolve into a great threat with the integration of fake government service applications and fraud investment platforms. Cybercriminals are expected to develop sophisticated applications that imitate government benefit systems and investment platforms. By leveraging social engineering, influencer marketing, and advanced malware, they plan to execute large-scale financial fraud and identity theft, targeting both public welfare recipients and retail investors.

Cryptoattacks

The growing prevalence of cryptocurrency mining is also expected to trigger a rise in cryptojacking attacks, a practice where malware secretly takes control of computing resources to mine cryptocurrencies without the user’s awareness.

Avoiding cyberattacks

According to the report, the evolving threat landscape in 2025 demands the chief information security officers (CISOs) to revise their cybersecurity strategies as traditional security models are increasingly ineffective against the emerging quantum threats and AI-driven attacks.

It also suggested using AI and ML (machine learning) for threat detection and response.

“The increasing complexity of cyber threats–such as zero-day exploits, polymorphic malware, and advanced persistent threats (APTs)–requires the automation and speed that AI-driven systems provide. CISOs should, therefore, prioritise…adopting AI-enhanced security operations…leveraging ML for predictive threat intelligence…automating incident response,” it said.

The report emphasized the importance of prioritizing not just prevention, but cyber resilience, as an urgent necessity. It stressed that organizations must stay alert and adaptable to safeguard themselves from emerging threats, as the cyber threat landscape continues to evolve rapidly.

Sangamesh S, VP and head of Seqrite Labs told PTI, “Therefore, it is very important for the enterprises to strengthen their detection capabilities, incident response and focus on cyber resiliency. By adopting a proactive approach to cybersecurity, organisations can mitigate risks and safeguard their critical assets.”

“Critical infrastructure sectors in India, including healthcare, finance, and energy, will remain prime targets for cybercriminals. These attacks will aim to disrupt services, steal sensitive data, and exploit geopolitical tensions, emphasizing the need for robust security frameworks and continuous monitoring to protect essential services,” the report said.

The report was launched at the 19th edition of DSCI’s Annual Information Security Summit (AISS) 2024. It surveyed 204 organisations and their C-suite executives. DSCI is a not-for-profit, industry body on data protection in India, set up by nasscom. Seqrite is the enterprise arm of cybersecurity firm Quick Heal Technologies.