Advertisment

Hackers adopting new business-like strategies to target corporate India

author-image
CIOL Bureau
Updated On
New Update

NEW DELHI, INDIA: The latest Internet Security Threat Report (ISTR), Volume XII released in India by Symantec Corp. concludes that cyber criminals are employing business-like strategies to increasingly target tier-II  cities, while maintaining  their focus on impairing enterprises and consumers based in metros. Cities like Bhopal, Hyderabad, Noida, Pune and Surat now feature alongside Mumbai, Chennai, Bangalore and New Delhi in the list of bot-infected cities in India.

Advertisment

"As cyber-threats continue to grow in India with more than 30 million Internet users across tier I and II cities, it has never been more important to remain vigilant and informed on the evolving threat landscape," said Vishal Dhupar, managing director, Symantec India. "The Internet Security Threat Report provides critical information on the latest online security trends, helping enterprises and consumers to better protect their infrastructure, information and interactions."

Small and medium businesses in India are increasingly targeted by phishing, spam, bots, and malicious code (malcode) attacks that are created to target these organizations for information that can be used for financial gain. These businesses are also victims of data theft and data leakage as they lack a strategy of multiple layers of security defenses ("defense in-depth").

The report also states that cyber-criminals are increasingly becoming more professional with focused commercial intent in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber-criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.

Advertisment
 

During the reporting period of January 1, 2007, through June 30, 2007, globally, Symantec detected an increase in cyber-criminals leveraging sophisticated toolkits to carry out malicious attacks. One example of this strategy was MPack, a professionally developed toolkit sold in the underground economy. Once purchased, attackers could deploy MPack’s collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online, password-protected control and management console. MPack also exemplifies a coordinated attack, which Symantec reported as a growing trend in the previous volume of the ISTR, where cyber criminals deploy a combination of malicious activities.

"In the last several Internet Security Threat Reports, Symantec discussed a significant shift in the motivation of attackers - from fame to fortune,” said Anil Chakravarthy, Vice President, India Technical Operations, Symantec Corp.. "The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are now employing business-like practices to accomplish this goal."

Advertisment

Indian Security Landscape as observed in latest Symantec ISTR

During the period , India saw an average of 374 new bots per day. India, a hub for more than 40 command-and control servers, has approximately 38,465 distinct bot-infected computers. As per the list of bot-infected cities identified by Symantec, Mumbai at 33 percent tops the list followed by New Delhi at 25 percent, Chennai with 17 percent and Bangalore at 13 percent.

Tier-II locations are now also a target of bot-networks with Bhopal at 4 percent, and Hyderabad, Surat, Pune and Noida also at 1 percent apiece. Internet bots, also known as web robots, are software applications that run automated tasks over the Internet and are used in the coordination and operation of an automated attack on networked computers, such as a denial-of-service attack. In fact, the ‘Rontokbro’ worm which performs denial-of-service attacks was ranked third among the top ten malcodes in India.

 
Advertisment

New Malicious Code and Propagation Vectors in India

The report revealed the emergence of new malcodes such as the ‘Whybo’ worm which downloads and executes other files and the ‘Redlofwen’ worm which disabled security applications. Viruses like ‘Kakavex’ were aimed at stealing credit card information while ‘Pandex’, a Trojan, gathered email addresses and relayed spam. 

The report also revealed that 74 percent of all monitored e-mail traffic in India was spam with 2 percent of spam from EMEA originating in India and 6 percent of spam zombies of EMEA located in India.

The percentage of ‘worms’ as malicious code was at 57 percent in India, higher than the global average of 31 percent. The same was observed in the category of viruses, where India, at 21 percent, was higher than the global average of 4 percent.

Advertisment

The report also observed that among the top ten malicious code propagation vectors, File Sharing / Executables was a staggering 53 percent which is the highest propagation vector in India. This was much higher compared to the worldwide figure of 22 percent. This was an indication that organizations in India - small, medium or large - lack the security awareness to implement appropriate security policies like ‘not sharing whole network drives / folders over the intranet or Internet.’

Business Sectors Affected By Cybercrime

In the previously released ISTR , the ‘future watch’ part of the report indicated evidence of increased data leakage and financial driven crimes in India. The latest report has revealed that 46% of data breaches are caused on account of data theft or data loss. Hackers, motivated by financial gain, are increasingly targeting the Banking and Financial sector, Telecom, Information Technology and Information Technology Enabled Services sectors.

Advertisment

Key Global Findings

The Symantec Internet Security Threat Report, Volume XII covers the reporting period of January 1, 2007, through June 30, 2007.

* Credit cards were the most commonly advertised commodity on underground economy servers, making up 22 percent of all advertisements; bank accounts came in a close second with 21 percent.



*
Symantec documented 237 vulnerabilities in Web browser plug-ins. This is a significant increase over 74 in the second half of 2006, and 34 in the first half of 2006.



*
Malicious code that attempted to steal account information for online games made up 5 percent of the top 50 malicious code samples by potential infection. Online gaming is becoming one of the most popular Internet activities and often features goods that can be purchased for real money, which provides a potential opportunity for attackers to benefit financially.



*
Spam made up 61 percent of all monitored e-mail traffic, representing a slight increase over the last six months of 2006 when 59 percent of e-mail was classified as spam.



*
Theft or loss of computer or other data-storage medium made up 46 percent of all data breaches that could lead to identity theft. Similarly, Symantec’s IT Risk Management Report found that 58 percent of enterprises expect a major data loss at least once every 5 years.

The broadcast media can download multimedia at www.thenewsmarket.com/symantec

 
tech-news