Feeds

Indian SMBs facing advanced attack threats

Symantec warns of lack of security know-how

The essential guide to IT transformation

India’s growing urban population is under concerted cyber attack as criminals increasingly focus advanced targeted techniques on small- and medium-sized businesses (SMBs) and look to exploit piecemeal security and low levels of awareness, according to the latest report from Symantec.

The security giant’s Internet Security Threat Report 17 paints the picture of a nation whose lack of information security know-how is being ruthlessly exploited.

It found that 25 per cent of bot infections are being reported in smaller cities such as Bhubaneshwar, Surat, Cochin and Jaipur, thanks in part because they have a large percentage of SMBs.

"Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world, in turn creating a new lucrative pool of targets for cyber criminals to exploit," said Shantanu Ghosh, MD of India product operations, in a canned statement.

"Lack of awareness and low adoption of security measures makes these cities susceptible to cyber threats and warrants greater vigilance in protecting information assets."

Advanced, targeted attacks are rising across the board – from 77 per day in 2010 to 82 per day by the end of 2011 – but especially against smaller organisations, with over half of such attacks hitting Indian SMBs last year.

These kinds of attack usually employ social engineering techniques to trick a user into following a malicious link or opening a malicious email attachment, thus triggering a malware download.

Typically, this bespoke malware will then jump around inside the corporate network, escalating privileges if necessary until it finds the data it is after.

Symantec said that SMBs are increasingly targeted by such attacks – traditionally the preserve of government and large private sector organisations – because they provide an easier, less well-defended route into the supply chain of a larger company.

In a similar way, non-execs in roles such as HR, sales or admin are usually targeted because they may be less alert to the dangers and are more used to getting unsolicited queries.

Interestingly, while the total number of attacks jumped by 81 per cent, with more than 5.5 billion blocked in the region last year, the number of new vulnerabilities discovered dropped by 20 per cent.

According to Symantec, this is a clear sign that the cyber crims are doing well enough exploiting existing vulnerabilities, with social networks an increasingly successful channel of infection.

As is the case all over the world, mobile threats were also highlighted as a risk to businesses and consumers, with mobile vulnerabilities rising 93 per cent in India last year, the report said.

Aside from the risks posed by financially motivated hackers, Indian organisations have also been battered over the years by Pakistani hacktivists.

The government in particular has had various sites defaced on numerous occasions, and was most recently DDoS-ed by online collective Anonymous. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?