Krishna Sastry Pendyala Exposes Dark Reality of Cybercrime—From ₹2.5 Crore Scams to 915 Million Dollar Bank Heists
In a revealing interview with a local YouTube channel ‘Raw Talks With VK’, Krishna Sastry Pendyala—one of India’s most experienced cyber security and digital forensics experts with over 34 years of service to the Ministry of Home Affairs and premier investigative agencies—painted a chilling portrait of the cyber threat landscape that is costing the global economy an estimated $10 trillion annually, with India losing between ₹24,000 to ₹30,000 crores each year.
Having investigated over 1,500 cases spanning state and central government agencies, Pendyala’s insights offer a rare ground-level view of how cybercriminals are exploiting technology gaps, human psychology, and regulatory weaknesses to perpetrate fraud at an unprecedented scale.
$10 Trillion Third Economy:
Cybercrime Surpasses Nations
According to the World Economic Forum’s 2025 report cited by Pendyala, the global cost of cybercrime reached $5.5 trillion in 2025, with projections indicating it could soar to $10 trillion by February 2026. “This would make cybercrime the third-largest economy in the world, after the United States and China,” Pendyala emphasized, highlighting how cyber risk has now overtaken environmental concerns as the number one global risk factor.
In India specifically, government statistics show losses between ₹24,000 to ₹30,000 crores annually. However, Pendyala suggests this figure represents only reported cases. “The question is: how many victims actually go to the police station when they lose money through digital arrest scams or APK file frauds? The actual numbers could be significantly higher.”
From Cosmos Bank Heist to ₹2.5 Crore IPS Officer Scam
Pendyala recalled several landmark cases that demonstrate the sophistication of modern cybercrime:
The Cosmos Bank Cyber Heist (August 11, 2018): In one of the largest banking sector cyber attacks, criminals executed coordinated ATM withdrawals across 24 countries, stealing $915 million (₹915 crores) in a single day. The attack exploited vulnerabilities in the bank’s ATM infrastructure, allowing fraudulent transactions worth 20 lakhs per account to be processed before detection systems could respond.
The Former IPS Officer’s Wife Scam: Just recently, the wife of a former IPS officer lost ₹2.5 crores to cyber fraudsters—a case that made headlines and shocked the law enforcement community. Despite the victim’s proximity to security expertise, the sophisticated social engineering tactics employed by criminals proved devastatingly effective.
The Tragic Suicide Case: Pendyala shared a particularly haunting case of a couple—both working in private companies with a combined monthly income of ₹2.5 lakhs—who committed suicide. Six months before the tragedy, the wife received an audio message from an unknown number. The incident highlighted how cyber threats can have fatal psychological consequences, though Pendyala noted that defence lawyers often exploit ambiguous questioning during cross-examination to create reasonable doubt.
The Evolution of Digital Deception: From Phishing to Deepfakes
Pendyala traced the evolution of cybercrime through technological generations:
1960s-1980s: The Agricultural and Industrial Eras – Pendyala, born in the 1960s, witnessed the transition from agricultural to industrial revolutions, providing him unique perspective on technological change.
1980s: Computer Revolution – Early cybercrimes involved basic document manipulation using scanners, printers, and software like Photoshop—what Pendyala calls “first generation” fraud involving certificate forgery and recruitment scams.
1990s: Internet Revolution – The arrival of widespread internet connectivity opened new vectors for fraud, including email phishing and early online scams.
2000s: Mobile Revolution – The proliferation of mobile devices created opportunities for SMS-based fraud (smishing), vishing (voice phishing), and mobile malware.
2010s-Present: IoT Revolution – Today’s “Internet of Things” era means everything from refrigerators to cars connects to the internet, exponentially expanding the attack surface. “Fifteen years ago, I couldn’t connect my car to the internet. Today, even your refrigerator is online,” Pendyala noted.
Today’s Sophisticated Threat Landscape
Pendyala detailed several prevalent scam methodologies currently plaguing India:
1. Market Investment Scams: Fraudsters send links claiming “invest ₹1 today, get ₹2 tomorrow.” These schemes exploit what Pendyala calls India’s “materialistic view” and greed. The scams have become so prevalent that Parliament sessions have featured complaints from prominent figures including Infosys Chairman Narayana Murthy’s wife, Sudha Murthy, and Finance Minister Nirmala Sitharaman, whose voices and videos have been deepfaked to promote fraudulent investment schemes.
2. Deepfake Technology (Social Engineering 2.0): Pendyala highlighted a shocking case where a Hong Kong company lost $25 million through a deepfake video call scam. Criminals created realistic deepfake versions of the CFO, MD, and other executives on a Zoom call, complete with real-time responses about weather conditions and other contextual details. Only one person—the Hong Kong employee who transferred the funds—was real. “The conversation lasted 40 minutes. They discussed everything normally, asked about weather in the UK. After the call ended, the money was transferred. Later it was discovered that except for the Hong Kong employee, all three others were deepfakes,” Pendyala explained.
This incident has fundamentally changed corporate recruitment practices. “Companies used to say ‘turn on your video’ during interviews. Now they’ve stopped that. They insist: ‘Come physically.’ Because determining whether someone on a phone call is original or fake has become extremely difficult.”
3. Digital Arrest Scams and Sextortion: Victims receive calls claiming to be from Delhi Police, alleging their son has committed rape or is hospitalized. Using deepfake voice technology, scammers can perfectly replicate a son’s voice saying “Dad, the police are beating me” or “I’m in the hospital, send money immediately.” The fear factor prevents rational thinking. “We tell people: call your son’s actual number. But how can you think clearly when you hear his exact voice saying he’s in trouble?”
4. APK File Malware and RAT Trojans: Criminals send APK files that install Remote Access Trojans (RATs) on victims’ devices, giving attackers complete control over the phone, including access to banking apps, messages, and camera.
5. QR Code Frauds: Malicious QR codes direct users to phishing sites or automatically install malware when scanned.
6. Ransomware Attacks: Pendyala described a case where an organization’s entire 8 terabytes of data was encrypted. “We had no option but to transfer the money. Saturday and Sunday passed with no response. We were panicking that all our money was gone. But Monday evening, the attacker came online and said ‘Sorry, we will not send this.’ Sometimes they keep their word, sometimes they don’t.”
Dark Web Ecosystem: Crime-as-a-Service
Pendyala revealed his investigative experience accessing the dark web, where illegal marketplaces operate with impunity. “You can go to certain market places and buy drugs. You can buy an AK-47. Everything is available,” he stated matter-of-factly.
The dark web operates as a “crime-as-a-service” ecosystem where criminals can purchase:
• Malware and ransomware kits
• Stolen credentials and banking information
• Hacking services and distributed denial-of-service (DDoS) attacks
• Weapons and contraband
• Forged documents and identity credentials
Digital Forensics: Cat and Mouse Game
Pendyala offered fascinating insights into digital forensics, describing it as an eternal “cat and mouse game” between investigators and criminals.
Steganography—Hidden Images Within Images: In one memorable case, investigators found 15 photos of the same actress on a suspect’s computer during an income tax raid. “One photograph means I might keep 15 different photographs of my favorite actress. ice1.jpg, ice2.jpg, ice3.jpg… But when you open these photographs with specialized software, behind each photograph there is another photograph hidden.” The hidden images contained criminal evidence.
Anti-Forensics Techniques: Sophisticated hackers employ “anti-forensics” to erase their digital footprints. “Just like a murderer erases the crime scene, hackers use malware to infiltrate systems, exfiltrate data, and then erase all the logs in the computer. When logs are erased, we cannot investigate. Our success depends on how many traces of evidence the criminal leaves behind.”
The investigator emphasized that successful police work often hinges on criminals’ weaknesses, not necessarily investigative brilliance. “A good police officer is one who can think like a criminal 100%. But the criminal has to leave some evidence. Our success in investigation depends on the weakness on the other part.”
Unexpected Evidence Sources: Pendyala noted that modern investigations can extract evidence from unexpected sources—smart meters, gaming consoles, IoT devices, and even metadata from seemingly innocuous files. Timing, device logs, and forensic discipline often prove crucial in court cases.
The Android vs. iPhone Security Debate
When asked why he uses Android despite iPhone’s reputation as the “most secure phone,” Pendyala offered a pragmatic hacker’s perspective that challenges conventional wisdom.
“I’ll mention two points. First, I won’t say which is more secure,” he began diplomatically. “But ultimately, if I’m a hacker wanting to develop malware, I want to maximize victimization. Today, 90% of mobile operating systems are X (Android), and 10% are Y (iPhone). I’ll develop malware targeted toward X—90% market share. But by 2090, if Y becomes 90% and X becomes 10%, hackers will automatically target Y.”
He compared it to terrorism: “If a terrorist takes a bomb somewhere, where will he detonate it? Where more people are gathered. Because the purpose is maximum explosion, maximum impact. Similarly, hacker groups concentrate on operating systems with maximum users to create maximum vibration and get identified by governments.”
This market-share-driven threat model suggests security is relative and temporal, not absolute. As market dominance shifts, so too do attack vectors.
Culture, Compliance & Fear Factor
Beyond technical vulnerabilities, Pendyala identified cultural and systemic failures that enable cybercrime:
Under-Reporting: Many victims don’t report cybercrimes due to embarrassment, fear of being blamed, or concern about social stigma. “People worry: ‘What will neighbors think? What will people think? My reputation will be ruined. Tomorrow it will come in the media.’ This fear factor must go.”
Rule-Breaking Culture: Using the example of traffic signals, Pendyala illustrated India’s compliance problem. “We installed signal lights to remove the need for constables. But in India, we have both—the signal and the constable. You know why? Because we don’t care about the signal. We look left and right, and even if it’s red, we cross. Red signal means according to rules you must stop, whether the road is empty or not. We have to imbibe that culture.”
Psychological Conditioning: Pendyala urged parents to stop using police as a threat. “When children don’t eat, parents say ‘I’ll give you to the police.’ Don’t say that. Police are friendly. They are there to help us. This fear factor toward police must be removed.”
Weak Regulatory Systems: “Regulatory systems must be strong,” Pendyala insisted. “From home, family values, cultural values, ethical values—all must be present.” He emphasized that cybersecurity isn’t just a technical problem but a societal one requiring strong institutional frameworks and citizen responsibility.
Emerging Threats: Critical Infrastructure and AI
Pendyala warned about evolving threats in critical infrastructure. He cited Australian water treatment plants that recycle sewage water for environmental sustainability. “Hackers can compromise these automated systems and potentially introduce harmful substances like bleach,” threatening public health at scale.
The integration of AI into both cyber attacks and defences represents the next frontier. “Malware codes are increasingly sophisticated, leading to more frequent cyber attacks. Integrating AI into cybersecurity practices can enhance protection against these threats,” though he cautioned that AI also empowers attackers to create more convincing deepfakes and automate attack vectors.
Career Perspectives in Cybersecurity
Addressing career prospects in cybersecurity, Pendyala acknowledged challenges for fresh graduates. “Initial placement opportunities in cybersecurity are scarce for fresh graduates. After gaining two years of experience, competitive job offers become available.”
He emphasized that breaking into the field requires proving capabilities and continuous learning. “Skills and experience in cyber forensics matter most. Hard work and dedication are essential for long-term success.”
A Call for Collective Responsibility
Throughout the interview, Pendyala returned repeatedly to a central theme: cybersecurity is everyone’s responsibility.
“Technology is a double-edged sword,” he reflected. “It makes our lives easier but can also be used for harm. We’re lucky to have witnessed multiple technological revolutions—from agriculture to AI. But with these benefits come responsibilities.”
He urged citizens to overcome the fear factor, report crimes promptly, maintain digital hygiene, verify unexpected communications, and support strong regulatory systems. “We have to play our role as citizens,” he concluded. “When we do that, compulsorily, change will come.”
For businesses, he emphasized the critical importance of cyber insurance, regular security audits, employee training, and incident response plans. Governments must strengthen cross-agency collaboration and invest in forensic capabilities.
The Road Ahead
As cybercrime evolves from opportunistic hacking to sophisticated, organized, AI-powered operations, Pendyala’s 34 years of experience offer sobering lessons. His cases—from the ₹915 million Cosmos Bank heist to the $25 million Hong Kong deepfake scam—demonstrate that no institution is immune.
The expert’s message is clear: In a borderless digital world where every second brings a new cyber attack and reported crimes represent only the tip of the iceberg, the battle against cybercrime requires not just technical expertise but cultural transformation, institutional strengthening, and unwavering citizen vigilance.
“This is not just India’s problem—every country is facing this,” Pendyala emphasized. “But we can’t afford to wait. The cost of inaction is measured not just in billions of rupees, but in broken lives, shattered families, and a society increasingly vulnerable to invisible digital predators.”
As technology continues its relentless advance—from IoT to AI and beyond—Pendyala’s expertise serves as both warning and roadmap: The future of security depends on how seriously we take these threats today.
- NSH Digi Desk
About the Expert
Krishna Sastry Pendyala is one of India’s most senior cyber security and digital forensics experts with over 34 years of experience. He has investigated 1,500+ cases for the Ministry of Home Affairs, state governments, central government investigating agencies, and leading private organizations. Born in the 1960s, Pendyala has witnessed and adapted to every major technological revolution—from agricultural to IoT. His expertise spans cyber forensics, digital evidence preservation, malware analysis, dark web investigations, ATM fraud, ransomware attacks, and critical infrastructure security. He has provided expert testimony in numerous high-profile court cases and continues to work on complex cybercrime investigations across India.
