The 2025 India Cyber Threat Report by the Data Security Council of India (DSCI) and Seqrite highlights the changing tactics of cybercriminals, with AI-driven attacks emerging as a significant threat.

AI-Driven and deepfake-enabled cyberattacks expected to surge by 2025, targeting vulnerable sectors like healthcare and finance, reveals Data Security Council of India (DSCI) and Seqrite report. 

"Artificial Intelligence (AI) will be used to develop highly sophisticated phishing campaigns utilising deepfake technology and personalized attack vectors, making them harder to detect. AI-driven malware will adapt in real-time to evade traditional security measures, while data poisoning attacks will compromise the integrity of critical AI systems in sectors such as healthcare and autonomous transportation," the report noted. 

Deepfake technology will produce convincing malicious content, such as fake video or audio messages from trusted sources. This will enable more effective social engineering attacks, helping cybercriminals trick users into running malware or disclosing sensitive information, the report noted. 

Cybercriminals are expected to use AI-driven techniques to carry out sophisticated attacks, exploiting compromised development tools and hardware manufacturing processes to inject malicious code via tainted libraries and embedded hardware, the report stated.

The report highlights that the accessibility of AI tools allows attackers to scale and automate their efforts, making it easier to reach more victims. This is expected to result in a significant rise in ransomware incidents, with malicious actors demanding ransoms for data recovery.

As internet devices become more widespread, cybercriminals will exploit their vulnerabilities to create massive botnets. These botnets could be used for Distributed Denial-of-Service (DDoS) attacks, threatening essential services in industries such as manufacturing and healthcare that heavily rely on edge computing, according to the report.

"Critical infrastructure sectors in India, including healthcare, finance, and energy, will remain prime targets for cybercriminals. These attacks will aim to disrupt services, steal sensitive data, and exploit geopolitical tensions, emphasizing the need for robust security frameworks and continuous monitoring to protect essential services," the report, which studied over 18 industry sectors, said.

The report warns that cybercriminals will design advanced apps resembling government aid systems and investment services. Using tactics like social engineering, influencer promotions, and complex malware, they will orchestrate extensive financial scams and identity theft schemes, focusing on welfare recipients and retail investors.

The report emphasized that the shifting threat environment of 2025 demands a complete overhaul of cybersecurity strategies by CISOs. Conventional security models are increasingly ineffective against emerging quantum and AI-powered threats.

The report suggested leveraging AI and machine learning technologies to enhance threat detection and response capabilities.

"The increasing complexity of cyber threats--such as zero-day exploits, polymorphic malware, and advanced persistent threats (APTs)--requires the automation and speed that AI-driven systems provide. CISOs should, therefore, prioritise...adopting AI-enhanced security operations...leveraging ML for predictive threat intelligence...automating incident response," it said. 

With cybercriminals leveraging AI and deepfake technologies to scale their operations, proactive strategies, including AI-enhanced threat detection and continuous monitoring, will be vital to protect India's critical infrastructure and digital ecosystem.