According to Symantec, one of the world’s largest security data companies, India is second only to the US in incidences of cyber attacks and malicious activity.
Smartphones, instant messaging, and social networks are the new playgrounds for virus and malware attacks in India. Attackers embed malware into apps that are available for download on app stores of smartphone makers. While these apps look legitimate, doing the same function the user downloaded them for, in the background, they function in a way they should not.
Symantec noticed that the vulnerabilities on mobile platforms had risen by 42%, and web-based attacks by 92%, in 2010. There were also over 286 million new threats.
India had the third highest Stuxnet infections (10%), after Iran and Indonesia. Stuxnet targets computers managing industrial control systems, and can reach computers that are not connected to the Internet, through USB drives. According to industry estimates, more than half of the critical infrastructure providers in the country have faced targeted cyber attacks.
Social networking is a major medium of attacks in the country, which is now the seventh largest social networking market in the world.Instant Messaging and shortened Uniform Resource Locator are also used to perpetuate malicious activity.
In 2010, 65% of malicious links in news feeds used shortened URLs.Of these, 73% were clicked 11 times or more, with 33% receiving between 11 and 50 clicks. Some malicious links that appear in social networking sites include stuff like ‘how will you look after 20 years’ , ‘check who viewed your profile,’ and so on.
The lack of vigilance among social networking users also results in their becoming a weak link for attackers. Hackers have used profile information on social networking sites to create targeted social engineering attacks. Attackers have launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as many smaller companies. In many cases, the attackers had researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks.
It is high time that businesses viewed cyber security with the same seriousness as physical security, and Internet users exercised more caution.