Feeds

Indian SMBs facing advanced attack threats

Symantec warns of lack of security know-how

Seven Steps to Software Security

India’s growing urban population is under concerted cyber attack as criminals increasingly focus advanced targeted techniques on small- and medium-sized businesses (SMBs) and look to exploit piecemeal security and low levels of awareness, according to the latest report from Symantec.

The security giant’s Internet Security Threat Report 17 paints the picture of a nation whose lack of information security know-how is being ruthlessly exploited.

It found that 25 per cent of bot infections are being reported in smaller cities such as Bhubaneshwar, Surat, Cochin and Jaipur, thanks in part because they have a large percentage of SMBs.

"Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world, in turn creating a new lucrative pool of targets for cyber criminals to exploit," said Shantanu Ghosh, MD of India product operations, in a canned statement.

"Lack of awareness and low adoption of security measures makes these cities susceptible to cyber threats and warrants greater vigilance in protecting information assets."

Advanced, targeted attacks are rising across the board – from 77 per day in 2010 to 82 per day by the end of 2011 – but especially against smaller organisations, with over half of such attacks hitting Indian SMBs last year.

These kinds of attack usually employ social engineering techniques to trick a user into following a malicious link or opening a malicious email attachment, thus triggering a malware download.

Typically, this bespoke malware will then jump around inside the corporate network, escalating privileges if necessary until it finds the data it is after.

Symantec said that SMBs are increasingly targeted by such attacks – traditionally the preserve of government and large private sector organisations – because they provide an easier, less well-defended route into the supply chain of a larger company.

In a similar way, non-execs in roles such as HR, sales or admin are usually targeted because they may be less alert to the dangers and are more used to getting unsolicited queries.

Interestingly, while the total number of attacks jumped by 81 per cent, with more than 5.5 billion blocked in the region last year, the number of new vulnerabilities discovered dropped by 20 per cent.

According to Symantec, this is a clear sign that the cyber crims are doing well enough exploiting existing vulnerabilities, with social networks an increasingly successful channel of infection.

As is the case all over the world, mobile threats were also highlighted as a risk to businesses and consumers, with mobile vulnerabilities rising 93 per cent in India last year, the report said.

Aside from the risks posed by financially motivated hackers, Indian organisations have also been battered over the years by Pakistani hacktivists.

The government in particular has had various sites defaced on numerous occasions, and was most recently DDoS-ed by online collective Anonymous. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.