Massive digitisation has made Indian enterprises an attractive target for cybercriminals.
Global cybersecurity major K7 Computing’s Cyber Threat Monitor Report, a deep and comprehensive analysis of the cyber threat landscape in India, reports a sudden increase in ransomware attacks targeting Indian enterprises during Q1, 2020-21. The report analysed various cyberattacks during the quarter and found that threat actors are increasing the frequency of their attacks with new and sinister strategies. The increase in frequency of attacks in the country has been enabled by ransomware operators offering ransomware as a service to cyber attackers.
The report reveals that modern ransomware operators have transformed themselves into businesses and are extremely focused on their targets and attacking strategies. Threat actors now operate like high-end software enterprises offering Ransomware as a Service (RaaS). Modern RaaS solutions come with high-end tools like a dashboard to display attack status in real-time, customer helpline, and more. Threat actors are also increasing their advertisements on the dark web, offering a variety of customised attacks.
The K7 Q1, 2020-21 Cyber Threat Monitor Report discloses a 4% increase in the infection rate across the country. Malware in the form of ransomware, Remote Access Trojans (RATs) and Banking Trojans have been on the rise during the quarter. The report also found that Chennai, Pune, Ahmedabad and Hyderabad recorded the highest rate of infections amongst Tier-I cities; Guwahati, Jaipur and Jammu had the highest infection rate of 38% each followed by Patna at 35% amongst Tier-II cities. These attacks were designed to exploit user trust and scam people for financial gain. Threat actors have continued to exploit vulnerabilities in operating systems, application software, and firmware in this quarter. Zoom and Microsoft Teams were the most at risk. Apart from this, hackers have also taken advantage of salient weaknesses in Windows, Android, iOS, and IoT devices.
Commenting on the findings, J Kesavardhanan, Founder & CEO of K7 Computing, said “It is an area of significant concern for the country during this critical situation. Cyber attackers have been shifting their aim towards the enterprise market, exploiting the lack of cybersecurity awareness amongst start-ups and SMEs. It is not only a major threat to businesses but also to consumers who are dependent on the internet. Cybercriminals are getting smarter and cyberattacks are becoming more sophisticated. Be it malware, data loss, or hacking, netizens and especially enterprises are at greater risk of becoming victims of cybercrime than ever before.”
“We are also witnessing an increase in phishing attacks due to the panic caused by COVID-19 and offices transitioning their workforce from centralised secure hubs to remote workstations at home. This is particularly challenging for small- and medium-sized businesses that don’t have a full-time IT security professional to monitor and enforce adequate protection,” he added.
Other Key Findings from the Study
Vulnerabilities Galore
- Threat actors often invest a considerable amount of time in finding unknown vulnerabilities in software and hardware
- A partial path traversal vulnerability CVE-2020-6110 was noticed in the Zoom client
- Critical vulnerability CVE-2020-11470 in the Zoom app allows an attacker to take control of the victim’s microphone and camera without notifying them
- A vulnerability in Microsoft Teams allows cybercriminals to use a malicious GIF to sweep up the user’s data and take over an organisation’s Teams accounts
SMB Vulnerabilities
- Two new vulnerabilities were detected in Microsoft’s Server Message Block (SMB) protocol
- The vulnerability could achieve remote code execution by combining with the SMBGhost vulnerability, thereby exploiting all systems running on Windows 10 and Windows Server
Danger in the Internet of Things
- Vulnerability in the authorisation controls of the Cisco IOx application allows a remote attacker to execute commands without proper authorisation
- Researchers also found out two vulnerabilities in a TCP/IP software library developed by Treck, out of which CVE-2020-11896 could affect any device running on Treck with a specific configuration
Mobile Devices
- Adversaries are not only relying on malvertising apps to monetise their efforts but are also developing Trojans to deliver their malicious attacks
- The proportion of adware and Trojans on the Android platform have swapped their positions in just over a year
- The notorious Operation Cerberus banking Trojan was seen primarily targeting Indian banking users
Mac
- Adversaries are constantly developing malware to attack individual macOS powered machines or networks to make money, accumulate sensitive financial information, or mine cryptocurrency
- Q4, 2019-20 witnessed a 7% increase in Trojan attacks compared to Q3, 2019-20. The surge continued in Q1, 2020-21 with a growth of 11% in comparison to the prior quarter
A large variety of Potentially Unwanted Programs (PUPs), many belonging to the keylogger or activity monitor category, were found during the quarter.