Get subscribed to our newsletter
Get interesting updates to your email inbox.
After a year into the pandemic-driven remote working, 40 per cent of Indian businesses reported an increase in the cyber attack volume, severity and/or scope of cyber attacks in the last 12 months in comparison to the global figure of 47 per cent, a new report has showed. While 38 per cent of respondents from India continue to be very concerned about the security risks while working remotely, globally, this figure stands at 39 per cent, according to '2021 Thales Global Data Threat Report', a commissioned study conducted by 451 Research, part of S&P Global Market Intelligence.
Despite being over a year into remote working and the possibility of a likely shift to hybrid working models, security remains a key concern for the Indian businesses, the report said, adding that managing security risks is undoubtedly getting more challenging in the country. "Many organisations experienced heightened security challenges over the last year and with the increasing number of ransomware attacks, organisations are now facing a double extortion threat," said Ashish Saraf, VP and Country Director - India, Thales. "Not only could they be locked out of their critical IT and OT systems but also have their sensitive data released on the Internet," he added.
For respondents from India, malware (56 per cent) is the leading source of security attacks followed by ransomware (53 per cent), and phishing and credential stuffing (both 43 per cent). Malicious insiders (40 per cent), external attacks (25 per cent) and human error (25 per cent) have been spotted by respondents from India as the types of attacks seen with the greatest threat.
"The traditional aspect of just relying on a sound backup and restore strategy is no longer sufficient, organisations need to implement a comprehensive digital security including controlling access to data, encryption of sensitive data coupled with secure management and control of encryption keys," Saraf emphasized.
Despite the increased risk remote working has posed to enterprises throughout the pandemic, nearly half (48 per cent) of respondents from India report that their security infrastructure was not prepared to handle the risks caused by Covid-19.
In fact, only one in five (21 per cent) of organisations believe it was very prepared. "Forty eight per cent of respondents from India rank third-party vendor networks as the biggest target for cyber attacks, followed by on-premises legacy applications (44 per cent), cloud-based storage (40 per cent) and web applications (38 per cent)," the report revealed.(IANS/TI)
With most people working from home, due to the Coronavirus pandemic, there has been a surge in cybercrime. The year 2021 saw 5,258 data breaches across the globe, a third more breaches analyzed than last year, according to a report on Thursday. The 14th edition of the Data Breach Investigations Report (2021 DBIR) by US-based Verizon Business, analyzed 29,207 security incidents from data collected from 83 contributors, with victims spanning 88 countries; 12 industries, and three world regions.
The report showed that with an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times compared to last year. Additionally, breached data showed that 61 percent of breaches involved credential data. About 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year.
Follow NewsGram on Twitter to stay updated about the World news.
“The Covid-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO, Verizon Business, in a statement. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures” Erwin added.
Among Financial and insurance industries, 83 percent of data compromised in breaches was personal data, while in Professional, Scientific, and Technical Services industries only 49 percent was personal. Further, the 2021 DBIR report also revealed many breaches that took place in Asia Pacific regions were caused by financially motivated attackers — phishing employees for credentials, and then using those stolen credentials to gain access to mail accounts and web application servers.
Europe, Middle East, and Africa regions saw basic cybercrime in web application attacks, system intrusion, and social engineering, while Northern America was the target of financially-motivated cybercriminals searching for money or easily monetizable data. Social engineering, hacking, and malware continued to be the favored tools utilized by cybercriminals in this region. (IANS/SP)
Indian organizations witnessed a staggering 845 percent increase in cyber-attacks on employees’ smartphones since October 2020, as remote working during the pandemic saw the mobile attack surface expand dramatically in the country, a new report said on Wednesday.
While the total number of mobile attacks on Indian organizations in October 2020 was 1,345, it reached 12,719 firms in March this year, according to the Threat Intelligence Report from cybersecurity firm Check Point. In 2020, the researchers discovered a highly significant attack, in which threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75 of its managed mobile devices.
Follow NewsGram on Instagram to keep yourself updated.
Worldwide, 97 percent of organizations surveyed faced mobile threats that used multiple attack vectors last year. While 46 percent of organizations among those surveyed had at least one employee download a malicious mobile application, at least 40 percent of the world’s mobile devices are inherently vulnerable to cyberattacks.
“As we have seen in 2020, the mobile threat landscape has continued to expand with almost every organization now having experienced an attack,” said Neatsun Ziv, VP Threat Prevention at Check Point Software. With 60 percent of workers forecast to be mobile by 2024, mobile security needs to be a priority for all organizations, the report mentioned.
Almost every organization experienced at least one mobile malware attack in 2020. “Ninety-three percent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials,” the findings showed.
The research showed that at least 40 percent of the world’s mobile devices are inherently vulnerable to cyberattacks due to flaws in their chipsets, and need urgent patching. “Threat actors have been spreading mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers, often hiding the malware in apps that claim to offer Covid-19 related information,” the report said. (IANS/SP)
India is among six nations that may see a large cyberattack on June 21 in the form of Covid-19 themed phishing campaign from North Korean state hackers.
The attack is part of the Lazarus Group’s large-scale campaign targeting more than 50 lakh individuals and businesses, including small and large enterprises, across six countries: India, Singapore, South Korea, Japan the UK, and the US, according to a ZDNet report on Friday.
“The North Korean hacker group is looking to gain financially from the campaign, where targeted email recipients will be asked to visit fraudulent websites and lured into revealing their personal and financial data,” according to Singapore-headquartered cybersecurity vendor Confirm.
Also Follow our Twitter Account for more updates on related news.
Lazarus’ hackers claimed to have details of 11 lakh individual email IDs in Japan, another 20 lakh in India, and 180,000 business contacts in the UK.
The attack would include 8,000 organizations in Singapore where the business contacts highlighted in an email template were addressed to members of the Singapore Business Federation (SBF), said the report.
Introduced in 2001 by the Ministry of Trade and Industry, SBF is responsible for promoting Singapore businesses and currently represents 27,200 companies.
“The targeted Singapore businesses would reportedly receive phishing email messages — written in Chinese — from a spoofed Ministry of Manpower account, supposedly offering additional payouts for employees under the government’s Covid-19 support packages”.
According to Cyfirma’s Founder and CEO Kumar Ritesh, they have notified government CERTs (Computer Emergency Response Team) in Singapore, Japan, South Korea, India, and the US, as well as the UK National Cyber Security Center.
All six agencies had acknowledged the alert and currently were investigating.
“In the past six months, we have also monitored hacker activities related to the COVID-19 pandemic, especially with regards to hoax, phishing, and scam campaigns,” Ritesh was quoted as saying.
Lazarus group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.
The Lazarus Group’s activities were widely reported after it was blamed for the 2014 cyber attack on Sony Pictures Entertainment and the 2017 WannaCry ransomware attack on countries including the US and Britain.
In September last year, malware created to infiltrate Indian ATMs and steal customers’ card data was traced by Kaspersky security researchers to the Lazarus group. (IANS)