Advisory for APS School Students

Introduction

The Reserve Bank of India (RBI) has mandated banks to switch their digital banking domains to 'Bank.in' by October 31, 2025, as part of a strategy to modernise the sector and maintain consumer confidence. The move is expected to provide a consistent and secure interface for online banking, as a response to the increasing threats posed by cybercriminals who exploit vulnerabilities in online platforms. The RBI's directive is seen as a proactive measure to address the growing concerns over cybersecurity in the banking sector.

RBI  Circular - Migration to '.bank.in' domain

The official circular released by the RBI dated April 22, 2025, read as follows:

“It has now been decided to operationalise the ‘. bank.in’ domain for banks through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by National Internet Exchange of India (NIXI), under the aegis of the Ministry of Electronics and Information Technology (MeitY), to serve as the exclusive registrar for this domain. Banks may contact IDRBT at sahyog@idrbt.ac.in to initiate the registration process. IDRBT shall guide the banks on various aspects related to application process and migration to new domain.”

“All banks are advised to commence the migration of their existing domains to the ‘.bank.in’ domain and complete the process at the earliest and in any case, not later than October 31, 2025.”

CyberPeace Outlook

The Reserve Bank of India's directive mandating banks to shift to the 'Bank.in' domain by October 31, 2025, represents a strategic and forward-looking measure to modernise the nation’s digital banking infrastructure. With this initiative, the RBI is setting a new benchmark in cybersecurity by creating a trusted, exclusive domain that banks must adopt. This move will drastically reduce cyber threats, phishing attacks, and fake banking websites, which have been major sources of financial fraud. This fixed domain will simplify verification for consumers and tech platforms to more easily identify legitimate banking websites and apps.  Furthermore, a strong drop in online financial fraud will have a long-term effect by this order.  Since phishing and domain spoofing are two of the most prevalent forms of cybercrime, a shift to a strictly regulated domain name system will remove the potential for lookalike URLs and fraudulent websites that mimic banks. As India’s digital economy grows, RBI’s move is timely, essential, and future-ready.

References

• https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=12837&Mode=0

‍

Introduction

In today's relentless current of information, where social media is oftentimes both the stage and the playwright, the line between reality and spectacle can become distressingly blurry. In such a virtual Pantheon, the conflation of truth and fiction has recently surfaced in a particularly contentious instance. The central figure is Poonam Pandey, an entertainment personality known for transgressing traditional contours of celebrity boldness. Pandey found herself ensnared in a narrative of her own orchestration—a grim hoax purporting she had succumbed to cervical cancer. This deceptive foray, rather than awakening public consciousness as intended, spiralled into an ominous fable about the malignant spread of misinformation and the profound moral dilemmas it engenders.

The Deception

The tapestry of this event was woven with threads of tragedy and deception, framing Pandey both as the tragic hero and the ill-fated architect of a spectacle that unfolded with a haunting familiarity evocative of ancient Greek dramas. The monumental pillar of social media, on what seemed to be an ordinary day, was shattered by the startling declaration of Pandey's untimely passing. The statement, as bereft of nuance as it was devastating, proclaimed: 'We are deeply grieved to announce the loss of our cherished Poonam to cervical cancer.' The emotional pulse of the Indian Film Industry was jolted; waves of homage inundated the digital space, each tribute a poignant echo of the shock that rippled through her fanbase. Yet the crux of the matter had yet to be unveiled.

As the world grappled with this news, the scenario took an unforeseen detour. Poonam Pandey made a re-entrance onto the world stage, alive, revealing her alleged demise to be nothing more than a macabre masquerade. The public's reaction to this revelation was a stratified symphony of emotions—indignation mingled with disbelief, with an underlying crescendo of betrayal. Pandey's defense postured her act as a last resort to draw attention to the silent yet pervasive threat of cervical cancer. In the ensuing mire of reactions, an inescapable quandary emerged: is it ever permissible to employ deceit for the sake of presumed publicity?

The Chaos 

Satyajeet Tambe, an esteemed Maharashtra legislator, emerged amidst the churning chaos as a paragon of principled reason. Advocating that such mendacious stunts, playing the chords of public emotion and adulterating truth, should be met with legal repercussions, Tambe called for judicious action against Pandey. His imploration resonated with the necessity of integrity in the public domain, stating, 'The announcement of an influencer/model succumbing to cervical cancer should not be wielded as a tool for awareness.' His pronouncement sent reverberations through the collective conscience, echoing the need for accountability in the face of such transgressions.

Repercussion 

The All Indian Cine Workers Association, a custodian of the film industry's values, also voiced its reproach. They urged for an FIR to be lodged against Poonam Pandey, underlining their sentiments with disappointment and a keen sense of betrayal. Within their condemnation lay a profound recognition of the elevated emotional investment inherent in their industry—an industry where the reverence for life and the abhorrence of deceit intertwine, making the cultivation of such lowly stunts anathema.

This spectacle, while unique in the temerity of its execution, mirrors the broader pathological wave of misinformation that corrodes the foundations of our digital era: the malady of fake news. When delineated, fake news finds its essence as information chiselled specifically to deceive, a form of communication that is not merely slanted but entirely devoid of authenticity, manufactured with nefarious intent. A protean adversary, fake news adeptly masquerades as trustworthy news, ensnaring the unsuspecting in its tendrils. Its purveyors span a spectrum—from shadowy figures to ostensibly benign social media accounts—all contributing to a dystopian fabric where truth is persistently imperilled.

The conjurers of these illusions are, in a sense, cunning illusionists ensconced behind curtains of anonymity or masquerading under a cloak of transparency. They craft elaborate illusions devoid of truth, but dripping with sufficient plausibility to ensnare those who yearn for simplicity in an increasingly complex world. Destabilizing forces, such as hyper partisan media outlets, regurgitate a concoction of concocted 'facts' and distortions, deliberately smudging the once-clear line between empirical truth and partisan fabrication.

The Aftermath 

The Poonam Pandey episode stands as a harrowing beacon of the ethical abyss we face. It compels us to confront the irony of utilising falsity to raise awareness for laudable causes and considers the ramifications for public figures influencing the dissemination of information. The tempest around this event demonstrates the potent gravitational pull of information and the overarching need for the conscientious stewardship of its power.

Yet, as we sail through the murky waters of the digital expanse, where the allure of sensationalism and clickbait headlines is ever-present, our vigilance must not wane. The imperative of truth cannot come at the altar of awareness or sensationalism. The sanctity of fact anchors our understanding of reality; devoid of it, we are adrift in an ocean of confusion and misinformation.

In the dust settled after the Poonam Pandey debacle, the contours of a new discourse have emerged, harboring vital interrogations. How do we balance the drive for poignant awareness initiatives against the cardinal principle of truth? What mechanisms can ensure that health campaigns and their noble aspirations are not tainted by the allure of deception? Addressing these queries is not a solitary task for policymakers or influencers but, indeed, a collective societal responsibility that will define our cultural ethics and the legacy we wish to preserve.

Conclusion 

As we contemplate the broader implications of this incident, let us not allow its sensational nature to eclipse the very real and pressing issue of cervical cancer—a condition that, beyond the glare of controversy, continues to shadow lives with its lethal silence. Instead, let our focus pivot towards tangible, truth-driven efforts aimed at education and empowerment. Truth, after all, is the beacon that dispels the murky shadows of ignorance and guides us toward enlightenment and healing.

References 

• https://www.hindustantimes.com/india-news/poonam-pandey-in-trouble-as-maharashtra-politician-seeks-case-for-faking-her-death-101707005742992.html
• https://www.nagpurtoday.in/state-mlc-tambe-demands-police-action-against-poonam-pandey-for-faking-her-death/02051417

‍

Introduction 

‍

The digital landscape of the nation has reached a critical point in its evolution. The rapid adoption of technologies such as cloud computing, mobile payment systems, artificial intelligence, and smart infrastructure has led to a high degree of integration between digital systems and governance, commercial activity, and everyday life. As dependence on these systems continues to grow, a wide range of cyber threats has emerged that are complex, multi-layered, and closely interconnected. By 2026, cyber security threats directed at India are expected to include an increasing number of targeted, well-organised, and strategic cyber attacks. These attacks are likely to focus on exploiting the trust placed in technology, institutions, automation, and the fast pace of technological change.

‍

1. Social Engineering 2.0: Hyper-Personalised AI Phishing & Mobile Banking Malware

‍

Cybercriminals have moved from generalised methods to hyper-targeted attacks through AI-based psychological manipulation. In addition to social media profiles, data breaches, and digital/tracking footprints, the latest types of cybercrimes expected in 2026 will involve AI-based analysis of this information to create and increase the use of hyper-targeted phishing emails.

Phishing emails are capable of impersonating banks, employers, and even family members, with all the same regionally or culturally relevant tone, language, and context as would be done if these persons were sending the emails in person.

With malicious applications disguised as legitimate service apps, cybercriminals have the ability to intercept and capture One-Time Passwords (OTPs), hijack user sessions, and steal money from user accounts in a matter of minutes.

These types of attempts or attacks are successful not only because of their technical sophistication, but because they take advantage of human trust at scale, giving them an almost limitless reach into the financial systems of people around the world through their computers and mobile devices.

‍

2. Cloud and Supply Chain Vulnerabilities

‍

As Indian organisations increasingly migrate to cloud infrastructure, cloud misconfigurations are emerging as a major cybersecurity risk. Weak identity controls, exposed storage, and improper access management can allow attackers to bypass traditional network defences. Alongside this, supply chain attacks are expected to intensify in 2026.

In supply chain attacks, cybercriminals compromise a trusted software vendor or service provider to infiltrate multiple downstream organisations. Even entities with strong internal security can be affected through third-party dependencies. For India’s startup ecosystem, government digital platforms, and IT service providers, this presents a systemic risk. Strengthening vendor risk management and visibility across digital supply chains will be essential.

‍

3. Threats to IoT and Critical Infrastructure

‍

By implementing smart cities, digital utilities, and connected public services, IoT has opened itself up to increased levels of operational technology (OT) through India’s initiative. However, there is currently a lack of adequate security in the form of strong authentication, encryption, and update methods available on many IoT devices. By the year 2026, attackers are going to be able to exploit these vulnerabilities much more than they already are.

Cyberattacks on critical infrastructure such as energy, transportation, healthcare, and telecom systems have far-reaching consequences that extend well beyond data loss; they directly affect the provision of essential services, can damage public safety, and raise concerns over national security. Effectively securing critical infrastructure needs to involve dedicated security solutions to deal with the specific needs of critical infrastructure, in contrast to conventional IT security.

‍

4. Hidden File Vectors and Stealth Payload Delivery

‍

SVG File Abuse in Stealth Attacks

‍

Cybercriminals are continually searching for ways to bypass security filters, and hidden file vectors are emerging as a preferred tactic. One such method involves the abuse of SVG (Scalable Vector Graphics) files. Although commonly perceived as harmless image files, SVGs can contain embedded scripts capable of executing malicious actions.

By 2026, SVG-based attacks are expected to be used in phishing emails, cloud file sharing, and messaging platforms. Because these files often bypass traditional antivirus and email security systems, they provide an effective stealth delivery mechanism. Indian organisations will need to rethink assumptions about “safe” file formats and strengthen deep content inspection capabilities.

‍

5. Quantum-Era Cyber Risks and “Harvest Now, Decrypt Later” Attacks

‍

Although practical quantum computers are still emerging, quantum-era cyber risks are already a present-day concern. Adversaries are believed to be intercepting and storing encrypted data now with the intention of decrypting it in the future once quantum capabilities mature—a strategy known as “harvest now, decrypt later.” This poses serious long-term confidentiality risks.

Recognising this threat, the United States took early action during the Biden administration through National Security Memorandum 10, which directed federal agencies to prepare for the transition to quantum-resistant cryptography. For India, similar foresight is essential, as sensitive government communications, financial data, health records, and intellectual property could otherwise be exposed retrospectively. Preparing for quantum-safe cryptography will therefore become a strategic priority in the coming years.

‍

6. AI Trust Manipulation and Model Exploitation

‍

Poisoning the Well – Direct Attacks on AI Models

‍

As artificial intelligence systems are increasingly used for decision-making—ranging from fraud detection and credit scoring to surveillance and cybersecurity—attackers are shifting focus from systems to models themselves. “Poisoning the well” refers to attacks that manipulate training data, feedback mechanisms, or input environments to distort AI outputs.

In the context of India's rapidly growing digital ecosystem, compromised AI models can result in biased decisions, false security alerts or denying legitimate services. The big problem with these types of attacks is they may occur without triggering conventional security measures. Transparency, integrity and continuous monitoring of AI systems will be key to creating and maintaining stakeholder confidence in the decision-making process of the automated systems.

‍

Recommendations

‍

Despite the increasing sophistication of malicious cyber actors, India is entering this phase with a growing level of preparedness and institutional capacity. The country has strengthened its cyber security posture through dedicated mechanisms and relevant agencies such as the Indian Cyber Crime Coordination Centre, which play a central role in coordination, threat response, and capacity building. At the same time, sustained collaboration among government bodies, non-governmental organisations, technology companies, and academic institutions has expanded cyber security awareness, skill development, and research. These collective efforts have improved detection capabilities, response readiness, and public resilience, placing India in a stronger position to manage emerging cyber threats and adapt to the evolving digital environment.

‍

Conclusion 

‍

By 2026, complexity, intelligence, and strategic intent will increasingly define cyber threats to the digital ecosystem. Cyber criminals are expected to use advanced methods of attack, including artificial intelligence assisted social engineering and the exploitation of cloud supply chain risks. As these threats evolve, adversaries may also experiment with quantum computing techniques and the manipulation of AI models to create new ways of influencing and disrupting digital systems. In response, the focus of cybersecurity is shifting from merely preventing breaches to actively protecting and restoring digital trust. While technical controls remain essential, they must be complemented by strong cybersecurity governance, adherence to regulatory standards, and sustained user education. As India continues its digital transformation, this period presents a valuable opportunity to invest proactively in cybersecurity resilience, enabling the country to safeguard citizens, institutions, and national interests with confidence in an increasingly complex and dynamic digital future.

‍

References

‍

1. https://www.seqrite.com/india-cyber-threat-report-2026/ 
2. https://www.uscsinstitute.org/cybersecurity-insights/blog/ai-powered-phishing-detection-and-prevention-strategies-for-2026
3. https://www.expresscomputer.in/guest-blogs/cloud-security-risks-that-should-guide-leadership-in-2026/130849/ 
4. https://www.hakunamatatatech.com/our-resources/blog/top-iot-challenges 
5. https://csrc.nist.gov/csrc/media/Presentations/2024/u-s-government-s-transition-to-pqc/images-media/presman-govt-transition-pqc2024.pdf
6. https://www.cyber.nj.gov/Home/Components/News/News/1721/214 

‍