Published: 23rd June 2020
Chennai records the highest number of cyberattacks in India: Report by global cybersecurity Major K7 Computing
Patna, Bengaluru, Hyderabad and Kolkata were some of the most targeted cities by cyber hackers during the Q4 2019-20
Global cybersecurity major K7 Computing’s, Cyber Threat Monitor Report, which provides a deep and comprehensive analysis of the cyberattack landscape in India, reports that Chennai recorded the highest number of cyberattacks in the country during the Q4 2019-20 analysis. The report analysed various cyberattacks within India during the period and found that threat actors targeted Chennai with a variety of attacks aimed at exploiting user trust and enterprise vulnerabilities. The infection rate in Chennai stood at 42%, followed by Patna at 38% and Bengaluru, Hyderabad and Kolkata at 35% each.
K7 Computing’s Cyber Threat Monitor Report found that among Tier-I cities, Chennai, Bengaluru, Hyderabad and Kolkata recorded the highest rate of infections, while among the Tier-II cities, Patna registered the highest infection rate at 38% followed by Guwahati, Jammu and Bhubaneswar. These attacks were designed to exploit user trust and scam people for financial gains. In Tier-I cities, threat actors predominantly targeted SMEs by exploiting vulnerabilities caused by the sudden shift to working from home and SMEs still being ill-equipped to handle cyberattacks. However, the report found that there was an 8% decrease in the overall rate of cyber-attacks in the country during the Q4 in comparison to the previous quarter.
Threat actors continued to exploit vulnerabilities in outdated software and operating systems in this quarter. Windows XP and Windows 7 were the most at risk as Microsoft has stopped providing updates and patches to these versions. The report revealed that attacks by rootkits like Curveball, Remote Code Execution, phishing attacks based on COVID-19 trends, and DOS attacks were popular. Complex USB attacks also saw an increase; popular among these were crypto-mining malware.
“SMEs and SOHOs must invest more in ensuring the safety of their IT infrastructure. We are seeing an increasing trend of threat actors targeting enterprises with complex viruses, Trojans, and even ransomware. On an individual level, the current risks facing users are fake apps, COVID-19 apps infected with malware, and phishing attacks. The most worrying of all is the new trend of many advanced threat actors offering malware as a service to cybercriminals,” said J Kesavardhanan, founder and CEO of K7 Computing.
Experts at K7 Labs predict that the number of COVID-19 themed attacks and complex Trojan attacks will continue to increase in the next quarter. This will be further exacerbated by the increase in threats from amateur attackers who purchase malware-related services to launch attacks at various individual and enterprise targets. To help mitigate these threats, experts at K7 Computing advise netizens to keep their systems updated with the latest patches, avoid using pirated software, install and use a reputed antivirus product, and practise proper digital hygiene.
Other Key Findings from the Study:
A high-risk read/include vulnerability, CVE-2020-1938, has been discovered in Apache Jserv Protocol (AJP) of Apache Tomcat between versions 6.x and 9.x
CVE-2020-3142 is a newly discovered vulnerability that lets a user join a password-protected meeting without a password in Webex, the Cisco-owned video conferencing platform that caters to many of the most prominent enterprises from all over the world
A Windows-based vulnerability that made it to the headlines is SMBGhost aka Eternal Darkness, a remotely exploitable vulnerability that is capable of exploiting a flaw found in Windows System Message Block version 3's file-sharing protocol
The three most prevalent Windows threats Adw.Dealply.91, Wrm.Gamarue.LNK, and Trj.ByteFence have recorded a presence of 17%, 16%, and 13% respectively
SMB-based vulnerabilities continue to be the most exploited type by malware operators this quarter
Danger in the Internet of Things
Modern IoT gadgets are riddled with flaws and vulnerabilities which invite threat actors to attack
Many enterprises, irrespective of their size, are more likely to overlook IoT related security compared to other connected devices
Popular Wi-Fi chipsets from Broadcom and Cypress have been affected by a vulnerability that allows unauthorised decryption of WPA2-encrypted traffic. It is believed that more than a billion devices could be exploited by this vulnerability
The number of Trojan infections has increased by 14%
Threat actors are increasingly rolling out complex Trojan-based apps that steal victims’ banking credentials
The notorious Operation Cerberus banking Trojan was primarily seen targeting Indian banking users
Many Potentially Unwanted Programs (PUPs) and adware were found, compared to malicious Trojans
The frequency of adware has reduced by 9%, while PUPs and Trojans have shot up by 2% and 7% respectively
Among the PUPs, MacKeeper topped the chart with a presence of 85% implying that most macOS users have been targeted by this infamous PUP