Mumbai, April 25, 2014: The latest Internet Security Threat Report (ISTR), Volume 19, from Net security solutions leader, Symantec Corporation, finds that the vast majority of targeted attacks in India have large enterprise in the crosswires.
The report finds a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
Attackers are unrelenting in their focus on large enterprises with over 69 percent or more than 2/3rds of the targeted attacks in India carried out on them. Personal assistants and those working in public relations were the two most targeted professions – cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.
Attackers are also targeting smaller businesses that have a relationship with a larger company. Not surprisingly, in India, small businesses received the highest number of phishing and virus-bearing emails - almost three times as much as the larger targets.
India emerged as a key threat frontier, ranking as the third highest source of overall malicious activity.
While it continued to hold its position as the spam capital of the world with 9.8 percent of spam zombies; it was also the highest source of botnet spam, with 6.6 percent or close to 1.45 billion spams originating from its borders every day. India ranked especially high in the number of top botnets like Cutwail, Kelihos, GRUM and GHEG. Large botnets like Cutwail and Kelihos have made their presence felt in the threat landscape this year by sending out malicious attachments. According to the report, Cutwail which is the spam-sending botnet for the malware Pandex sends 8.06 billion spam messages every day, out of which the highest are sent from India (over 620 million).
“One mega breach can be worth 50 smaller attacks,” says Tarun Kaura, Director, Technology Sales, Symantec India. “While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better.”
Globally, there was a 62 percent increase in the number of data breaches from the previous year, resulting in more than 552 million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
Adds Kaura: “The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture.”
Link to the main Symantec Internet Threat Security Report here