Security

Seqrite highlights credential theft risks in the Indian IT sector in its 2026 Cyber Threat Report

In India's booming IT sector, where code repositories, client portals, and cloud consoles hold the keys to billion-dollar projects, one asset has become the ultimate prize: credentials. These digital identities, which include usernames, passwords, API tokens, session cookies, are not just access passes; they are the skeleton keys to entire enterprises, and attackers are aware of it. The India Cyber Threat Report 2026 by Seqrite, the enterprise security arm of Quick Heal Technologies Limited, a global provider of cybersecurity solutions, exposes a disturbing reality: Indian IT firms are facing the highest volume of credential theft attempts, with stolen logins flooding dark web markets for lateral movement, ransomware deployment, and supply chain compromise.

Drawing from telemetry across more than 8 million endpoints, the report, prepared by researchers at Seqrite Labs, India’s largest malware analysis facility, reveals that the Information Technology & Software sector recorded 2.76 million detections (10.35% national share) - a testament to how developer-heavy environments are ground zero for info-stealer campaigns.

Attackers treat credentials like currency. A single developer's GitHub token can unlock proprietary codebases. A sysadmin's VPN login can pivot to client networks. An engineer's AWS keys can spin up rogue infrastructure for cryptomining or exfiltration. The IT sector's exposure is acute. Malware gets distributed via infected USBs and tampered installers like CCleaner,and goes on to collect unique IDs, MAC addresses, and transmits them to C2 servers. Dark web marketplaces overflow with these hauls, fueling campaigns like GrassCall (fake job lures delivering Rhadamanthys stealer) and SnakeKeylogger (multi-stage clipboard harvesters).

Karnataka’s 11.64 million detections and Maharashtra’s 36.13 million detections indicate amplified risk, where dense clusters of IT firms create a wide attack surface for automated attacks. OAuth abuse, as seen in the Google-Salesforce breach, and AI-assisted phishing further weaponize stolen credentials for cloud pivots.

The Digital Personal Data Protection (DPDP) Act, 2023 elevates credential security from best practice to legal imperative. As processors of personal data - employee details, client PII, vendor records - IT firms must enforce purpose limitation, consent tracking, and breach notification. Stolen credentials often lead to unauthorised data access, triggering penalties up to ₹250 crore. Zero-trust models, continuous authentication, and identity governance are now table stakes for compliance.

For IT firms, solutions such as Seqrite Data Privacy are must-haves to bridge threat reality and regulatory demands. It discovers credentials embedded in code, configurations, and caches; classifies them by sensitivity; enforces least-privilege access; and monitors anomalous usage across hybrid clouds. Integrated with Seqrite Threat Intelligence and AntiFraud.AI, it predicts and prevents dark web-bound leaks while automating DPDP reporting.

All Seqrite products are fully compliant with the DPDP Act, empowering IT enterprises to secure identities without slowing innovation. From endpoint loaders to cloud pivots, Seqrite’s enterprise-grade cybersecurity products and allied services turn credential risk into resilience.