The infection rate in Chennai stood at 42%, followed by Patna at 38% and Bengaluru, Hyderabad and Kolkata at 35% each
Chennai recorded the highest number of cyberattacks in the country during the Q4 2019-20 analysis by K7 Computing. The firm’s Cyber Threat Monitor Report analyzed various cyberattacks within India during the period and found that threat actors targeted Chennai with a variety of attacks aimed at exploiting user trust and enterprise vulnerabilities. The infection rate in Chennai stood at 42%, followed by Patna at 38% and Bengaluru, Hyderabad and Kolkata at 35% each.
The report found that among Tier-I cities, Chennai, Bengaluru, Hyderabad and Kolkata recorded the highest rate of infections, while among the Tier-II cities, Patna registered the highest infection rate at 38% followed by Guwahati, Jammu and Bhubaneswar. These attacks were designed to exploit user trust and scam people for financial gains. In Tier-I cities, threat actors predominantly targeted SMEs by exploiting vulnerabilities caused by the sudden shift to working from home and SMEs still being ill-equipped to handle cyberattacks. However, the report found that there was an 8% decrease in the overall rate of cyber-attacks in the country during the Q4 in comparison to the previous quarter.
Threat actors continued to exploit vulnerabilities in outdated software and operating systems in this quarter. Windows XP and Windows 7 were the most at risk as Microsoft has stopped providing updates and patches to these versions. The report revealed that attacks by rootkits like Curveball, Remote Code Execution, phishing attacks based on COVID-19 trends, and DOS attacks were popular. Complex USB attacks also saw an increase; popular among these were crypto mining malware.
“SMEs and SOHOs must invest more in ensuring the safety of their IT infrastructure. We are seeing an increasing trend of threat actors targeting enterprises with complex viruses, Trojans, and even ransomware. On an individual level, the current risks facing users are fake apps, COVID-19 apps infected with malware, and phishing attacks. The most worrying of all is the new trend of many advanced threat actors offering malware as a service to cybercriminals,” said J Kesavardhanan, founder and CEO of K7 Computing.
Experts at K7 Labs predict that the number of COVID-19 themed attacks and complex Trojan attacks will continue to increase in the next quarter. This will be further exacerbated by the increase in threats from amateur attackers who purchase malware related services to launch attacks at various individual and enterprise targets. To help mitigate these threats, experts at K7 Computing advise netizens to keep their systems updated with the latest patches, avoid using pirated software, install and use a reputed antivirus product, and practise proper digital hygiene.
Other Key Findings from the Study
- A high-risk read/include vulnerability, CVE-2020-1938, has been discovered in Apache Jserv Protocol (AJP) of Apache Tomcat between versions 6.x and 9.x
- CVE-2020-3142 is a newly discovered vulnerability that lets a user join a password-protected meeting without a password in Webex, the Cisco-owned video conferencing platform that caters to many of the most prominent enterprises from all over the world
- A Windows-based vulnerability that made it to the headlines is SMBGhost aka Eternal Darkness, a remotely exploitable vulnerability that is capable of exploiting a flaw found in Windows System Message Block version 3's file-sharing protocol
- The three most prevalent Windows threats Adw.Dealply.91, Wrm.Gamarue.LNK, and Trj.ByteFence have recorded a presence of 17%, 16%, and 13% respectively
- SMB-based vulnerabilities continue to be the most exploited type by malware operators this quarter
Danger in the Internet of Things
- Modern IoT gadgets are riddled with flaws and vulnerabilities which invite threat actors to attack
- Many enterprises, irrespective of their size, are more likely to overlook IoT related security compared to other connected devices
Popular Wi-Fi chipsets from Broadcom and Cypress have been affected by a vulnerability that allows unauthorised decryption of WPA2-encrypted traffic. It is believed that more than a billion devices could be exploited by this vulnerability.
- The number of Trojan infections has increased by 14%
- Threat actors are increasingly rolling out complex Trojan-based apps that steal victims’ banking credentials
- The notorious Operation Cerberus banking Trojan was primarily seen targeting Indian banking users
- Many Potentially Unwanted Programs (PUPs) and adware were found, compared to malicious Trojans
- The frequency of adware has reduced by 9%, while PUPs and Trojans have shot up by 2% and 7% respectively
- Among the PUPs, MacKeeper topped the chart with a presence of 85% implying that most macOS users have been targeted by this infamous PUP