Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
HISTORICAL ARCHIVE · Originally published July 28, 2021
Archive

Cyber Attacks in India

Part one of a three-part analysis of major cyber attacks in India and what they reveal about systemic gaps in online identity, authentication, and incident response.

Cyber Threats

This is an earlier piece from the AmbiSecure engineering archive. Where the field has moved on, the link above points to current coverage of the same topic.

India's digital surface has expanded faster than its identity hygiene. Looking at the largest publicly-documented cyber attacks against Indian institutions reveals systemic patterns — not isolated failures. This is the first of three articles examining cybersecurity in India.

Major Cyber Attacks Covered

UIDAI Aadhaar Software Hacked

Billion Indian Aadhaar card details were leaked in 2018. Around 210 Indian Government websites were compromised. Details included Aadhaar, PAN, bank account IFSC codes, and personal information sold for ₹500 via WhatsApp, with printouts available for ₹300.

ATM System Hacked

Canara Bank ATM servers were targeted around mid-2018. According to sources, more than 300 user's ATM details were hacked by attackers and ₹20 lakh wiped off various bank accounts. Hackers used skimming devices to steal information.

SIM Swap Scam

Two hackers from Navi Mumbai fraudulently gained SIM card information and illegally transferred ₹4 crore from bank accounts in August 2018.

Union Bank of India Cyber-attack

An employee opened a malicious email attachment in July 2017. The email attachment forged a central bank email. Hackers stole SWIFT access codes and transferred $170 million to a Citigroup account in New York.

Cosmos Bank Cyber Attack

A 2018 cyberattack on Cosmos bank saw hackers siphon off ₹94.42 crore. Hackers accessed the ATM server, stole card details, and withdrew funds from 28 countries.

Security Solutions

The article promotes FIDO2 authentication standards: "uses public-key cryptography to protect from phishing attacks and is the only phishing-proof factor available."

AmbiSecure products combine "hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers."

Key advantages include no battery or network connectivity requirements.

About Ambimat Electronics

With design experience of close to 4 decades, world-class talent, and innovative breakthroughs, Ambimat Electronics is a single-stop solution enabler to leading PSUs, private sector companies, and start-ups. Solutions include AmbiPay, AmbiPower, AmbiCon, AmbiSecure, AmbiSense, and AmbiAutomation.

Related historical reading

Cyber Attacks in India – Part 3

Part three of a three-part analysis of major cyber attacks in India — closing the series with systemic gaps in incident response, identity hygiene, and hardware-rooted authentication adoption.

Read article →

Cyber Attacks in India – Part 2

Part two of a three-part analysis of major cyber attacks in India — the attack patterns, the identity weaknesses they exploited, and what enterprise authentication posture would have stopped them.

Read article →

Enterprise Security Threats

A field overview of enterprise security threats in the cloud era — how the digital attack surface expands as organisations adopt new platforms, and where hardware-rooted identity narrows it.

Read article →

Browse more historical AmbiSecure writing.

The full archive lists everything we have published, with the modern-equivalent counterpart linked wherever one exists.

Open archive