Small and emerging cities and small and medium enterprises are the latest targets for cyber criminals. Cities such as Bhubaneshwar, Surat, Cochin, Jaipur, Vishakhapatnam and Indore are increasingly facing the risk of cyber attacks, with 25% of bot- infections in India reported in such cities, said the new finiding from Symantec.
The Internet Security Threat Report, from Symantec also shows that advanced targeted attacks are spreading beyond the more commonly assumed target of large organizations with 50% targeting small and medium organizations in 2011. In addition, the report highlights that while the number of vulnerabilities decreased by 20%, the number of malicious attacks continued to skyrocket by 81%.
“Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world, in turn creating a new lucrative pool of targets for cyber criminals to exploit,” Shantanu Ghosh, vice president and managing director, India Product Operations, Symantec. Bots are malicious programmes that allows the attacker take control of the infected PC.
Additionally, some cities that repeatedly appear in the list for origin of phishing in India - Ahmedabad, Nashik and Coimbatore also figure in the list of bot-infections.
The report also stated that targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. Targeted attacks use social engineering and customised malware to gain unauthorised access to sensitive information. These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.
Targeted attacks are no longer limited to large organisations. More than 50% of such attacks target organisations with fewer than 2,500 employees, and almost 18% target companies with fewer than 250 employees. These organisations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended. Furthermore, 58% of attacks target non-execs, employees in roles such as human resources, public relations, and sales. Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company. They are also easy for attackers to identify online and are used to getting proactive inquiries and attachments from unknown sources.
Mobile vulnerabilities increased by 93% in 2011. At the same time, there was a rise in threats targeting the Android operating system.