Indian netizens are under regular cyber-attacks with almost 1 in 3 users in the country encountering cyber-attacks in the Q1 of the current fiscal 2019–20, reveals the latest findings of K7 Computing’s Cyber Threat Monitor (CTM), which is one of the largest and deepest study on the Indian cybersecurity landscape. The study also detected that South India’s Metros – including Chennai, Bangalore and Hyderabad have witnessed more cyber-attacks than Tier1 cities in other parts of the country – North, West and East.
K7 Computing’s CTM is a quarterly report that provides an insightful look into the complex cybersecurity landscape in India and makes cyber safety recommendations that address both Enterprise and Consumer segments. As a part of this process, K7 Computing real-world telemetry data from almost 7 million unique devices and K7 Labs security incident investigation data were studied and presented in the form of an index. The report tracks all critical components like Enterprise, Mobile, Mac, Windows and IoT, covering 20 Indian cities that includes Metros, Tier1 and Tier2 regions.
According to the report, amongst Tier1 cities, Chennai has recorded the highest percentile of cyber-attacks with 48% in Q1, followed by Kolkata with 41% during the same period. The Capital city of India, Delhi has registered the lowest percentile of cyber-attacks with 28% in Q1. As per the report, cyber risk exposure steadily rises on working days in Metros, starting from Monday, and records the highest on Friday. In terms of time of day, the cyber riskiest hour in the Metros is around 4 PM and the cyber safest is around 6 AM.
The average percentage of cyber-attacks in the top dozen infected Tier2 cities was found to be worse when compared to Metros and Tier 1 regions. In the first quarter, Patna experienced the highest percentile of cyber-attacks (48%), closely followed by Guwahati (46%) and Lucknow (45%), while Thiruvananthapuram stood safest among others at 35%.
Commenting on the findings, K Purushothaman, CEO of K7 Computing said, “K7 Computing’s K7 Labs’ Cyber Threat Monitor highlights the ever-evolving threat landscape around the country and addresses the growing necessity of being more proactive in the approach towards cybersecurity. We see an increasing number of cyber-attacks in Tier 1 and Tier 2 cities, and therefore, we urge concerned stakeholders to leverage specific intelligence for countermeasures and threat hunting. As a pioneer in the industry, K7 Computing will continue to spread cybersecurity awareness and help its customers to mitigate risks by building a cyber-safe environment.”
Other key findings from the Study:
- Mismanaged servers continue to be the major threat as many servers are yet to patch Oracle WebLogic vulnerabilities CVE-2019-2725 and CVE-2019-2729
- Having even a single unprotected system in the same network environment as the other critical systems will invite trouble
- Remote Desktop Protocol (RDP) based attacks continues to be a dominant type of cyber threat in the country, typically due to inadequate system configuration settings and protective infrastructure
- Ransomware and Fileless attacks continued to grow faster in the country making them an ever-growing problem. The arrival of Ransomware-as-a-Service (RaaS) is helping ransomware attacks grow much faster
- Wrm.Gamerue.LNK, a component of a worm, was the most prolific type of malware artefact tracked
- Whilst it has been the Windows OS which has been at the bullseye of most cyber-attacks, cybercriminals are now increasingly targeting Apple’s home-grown operating system, macOS
- Trojan attacks, at 72%, detected to be the major threat for Mac followed by Adware (18%) and PUP / PUA (Potentially Unwanted Programs / Potentially Unwanted Applications) that stood at 9%
- Jio-4G-Offer, the PUP pretending to be related to the Indian network provider “Jio”, and claiming to provide new and exclusive offers for Jio mobile users, was found to be a new and major threat for the users
- The increasing presence of PUPs/PUAs in Google Play Store has significantly broadened the threat landscape for Android mobile users
- Threat actors are targeting immensely popular categories like photo editors, beautification filter apps, music players, equalisers, fake monitors or spying apps and fake Anti-Virus apps to deliver deceptive PUPs
Internet of Things (IoT) Attack
- A majority of IoT device manufacturers and users are found to be ignorant about the necessity of optimised security, thus inviting massive-scale attacks
- Sophisticated state-sponsored threat actors or APT groups are increasingly using IoT Bonet attacks to take down several IIoT (Industrial Internet of Things) networks such as those at large banking bodies, government enterprises, hotel chains, manufacturing companies, and utilities and natural resource companies
- The report states that routers are the most vulnerable IoT devices existing in the country, followed by printers, NAS, IP cameras, media players, set-top boxes, and smart TVs