The National Cybercrime Reporting Portal defines Cybercrime as any unlawful act where a computer, computer network, or electronic device is used as a tool or target to commit or facilitate a crime.
Types of cybercrimes
Authorized Push Payment- Deceiving victims into voluntarily transferring funds to fraudulent accounts. Eg- “Digital Arrest” scams in 2024-25 – losses of over .
Ransomware-as-a-Service (RaaS)- Deploying malicious software that encrypts critical data, demanding payment for the key. Eg- attack on Delhi’s Sant Parmanand Hospital
AI-Enabled Deepfakes & Phishing- Eg- rise in “Deepfake Voice Cloning” used to authorize fraudulent bank transfers.
Digital Espionage- Unauthorized exfiltration of sensitive personal or strategic data from state or corporate servers.
State-Sponsored Advanced Persistent Threats (APTs)- Eg- Pakistan-linked actors used “Dance of the Hillary” malware to infiltrate DRDO systems during “Operation Sindoor”
Cryptocurrency Heists – Eg- theft of $230 million from WazirX exchange
Cyber-Slavery – Trafficking individuals to foreign “fraud factories” to operate transnational scam centers. Eg- “Cyber Slavery” hubs in Cambodia and Myanmar
Cyber Stalking and Harassment – Eg- Women targeted through doxxing and revenge porn.
Online Radicalisation – Eg- ISIS recruitment through social media.
Man-in-the-Middle (MitM) Attacks- Intercepting and potentially altering communications between two parties without their knowledge. Eg- Pune businessman losing Rs 6.49 cr
Measures to Strengthen Cyber Security in India
Legal Measures
Stringent implementation of the Digital Personal Data Protection Act to hold “Data Fiduciaries” (companies) accountable for breaches.
Replacing the IT Act, 2000, with the proposed Digital India Act to address modern threats like Deepfakes, AI-driven extortion.
Institutional Measures
Expanding the Indian Cyber Crime Coordination Centre to serve as a 24/7 national “War Room” for real-time threat mitigation and interstate coordination.
Strengthening the NCIIPC to secure “Critical Information Infrastructure” (CII) such as power grids, nuclear plants, and banking systems.
Establishing dedicated cyber-police stations in every district, integrated with the National Cybercrime Reporting Portal (1930).
Policy Measures
Implementing the National Cyber Security Strategy focusing on Sovereign Cyber Defense and building a “Cyber-Resilient” ecosystem.
Adhering to the CERT-In Cyber Security Audit Policy, which mandates annual third-party audits for all government and critical sector entities.
Promoting the Golden Hour Protocol to report financial frauds within the first 2 hours.
Technological Measures
Zero-Trust Architecture (ZTA)- Transitioning from traditional perimeter security to a “Never Trust, Always Verify” model for all digital access requests.
AI-Driven Threat Intelligence- Deploying machine learning algorithms for real-time detection of anomalies and Automated Incident Response (AIR).
Promoting the “Atmanirbhar” development of indigenous operating systems and security software. Eg- Maya OS
Global Measures
Leveraging partnerships like the Quad Senior Cyber Group to share threat intelligence on state-sponsored APTs (Advanced Persistent Threats) in the Indo-Pacific.
Collaborating with Interpol (Project Gateway) and FATF to track and dismantle the financial backbones of transnational “Cyber Slavery” hubs.
Social Measures
Digital Literacy (Cyber Shikshaa)- awareness campaigns like #CyberDost
Capacity building of the judicial and police workforce through the CyTrain portal
Cyber Hygiene- Eg- Multi-Factor Authentication (MFA) and use of the “Chakshu” portal for reporting suspicious communications.
As cybercrimes move into the realm of “Grey Zone Warfare,” India’s cyber defense must be proactive rather than reactive.