India, June 16, 2025: Check Point Software Technologies Ltd., a leading AI-powered, cloud-delivered cyber security platform provider, has unveiled its latest Threat Intelligence Report for the Indian market. The report reveals that the Indian Education and Research sector experienced an average of 8,487 cyberattacks per week over the past six months—nearly double the global average of 4,368 attacks per organization. Following Education/Research, the most attacked industries in India include Healthcare (5,401 attacks), Government/Military (4,808 attacks), and Consulting (4,204 attacks).

A graph of a number of people

AI-generated content may be incorrect.Overall, Indian organizations across industries face 3,278 cyberattacks per week on average, far exceeding the global average of 1,934.

The exceptionally high attack volume in India’s education sector stems from a unique combination of factors. The rapid digital transformation driven by hybrid learning models, connected campuses, and extensive use of personal devices has significantly expanded the sector’s attack surface. Many academic institutions operate with limited cyber security budgets and lack dedicated teams, making them vulnerable and easy targets for cybercriminals. Furthermore, 74% of Indian organizations report critical vulnerabilities related to Information Disclosure, followed by Remote Code Execution (62%), Authentication Bypass (50%), and Denial of Service (30%).

These risks are especially pronounced in education institutions that rely heavily on open, internet-facing platforms for learning and collaboration. In contrast, sectors like healthcare benefit from stricter regulatory compliance and more mature cyber resilience frameworks, making education a comparatively softer, less protected target.

The report also highlights several high-impact malware strains shaping India’s cyber threat landscape:

• Remcos, a Remote Access Trojan (RAT), impacted 11.7% of Indian organizations—three times the global average. Its widespread presence illustrates how attackers exploit user trust through legitimate-looking Microsoft Office attachments in phishing emails. Once activated, Remcos allows remote control over infected systems, bypassing traditional antivirus defenses to maintain stealthy, persistent access.
• FakeUpdates (SocGholish) affected 7.2% of organizations by leveraging compromised but seemingly legitimate websites that trick users into installing fake browser updates. This tactic thrives in India due to high internet usage combined with limited cybersecurity awareness, making social engineering particularly effective.
• Formbook, an infostealer malware hitting 6.8% of Indian organizations, captures credentials, keystrokes, and screenshots. Often spread via phishing or spoofed legitimate services, its rise reflects a shift from brute-force attacks toward stealthier credential theft, giving attackers easier access to enterprise systems.

 The prominence of these malware types underscores a key trend: attackers increasingly rely on familiar, low-cost distribution methods—phishing, fake updates, and Office file exploits—exploiting inconsistent cybersecurity hygiene and awareness across sectors.

Sundar Balasubramanian, Managing Director for India and SAARC at Check Point Software Technologies, commented, “India’s education and research sector is undergoing a profound digital shift—accelerated by the demands of hybrid learning, connected campuses, and data-intensive research. With this transformation comes an expanding threat surface that cyber adversaries are actively exploiting. While institutions have made commendable investments in securing their digital environments, the complexity and scale of modern cyber threats demand a new strategic posture. A prevention-first approach, reinforced by hybrid mesh security architecture underpinned by cloud-native security, endpoint protection, and actionable threat intelligence, is no longer optional—it is foundational. It is essential to sustain academic excellence, protect intellectual capital, and preserve institutional trust. As custodians of the nation’s knowledge economy, educational and research institutions must lead with resilience at the core of their digital vision.”

India’s cyber security challenges mirror a growing global trend. In early 2025, the Cloak ransomware group targeted Baltimore City Public Schools, affecting 25,000 staff and students, while UK-based Pearson disclosed a data breach caused by an exposed GitLab token, which allowed attackers access to its developer environment. These incidents underscore the escalating global threat to education systems and research institutions.