Small Town India Under Attack From Cyber Criminals

Small town India is gaining prominence on the cyber threat map. The latest Symantec Internet Security Threat Report shows an 81 per cent increase in malicious attacks and 93 per cent rise in mobile vulnerabilities. It is the emerging Indian cities that are increasingly facing the risk of cyber attacks, accounting for 25 per cent of the bot-infections.

Coupled with the prevalence of small and medium businesses which are targets of 50 per cent of the attacks and industrial clusters (housing supplier-companies that allow attackers entry into larger organisations and critical infrastructure providers, this year's report show that cyber attacks are going everywhere. More significant, moving beyond spam, cyber criminals are turning to social networks to launch their attacks.

2011 was also the first year that mobile malware presented a tangible threat to businesses and consumers targeting data collection, the sending of content and user tracking.

Shantanu Ghosh, vice president and managing director, India Product Operations, Symantec says as denizens of smaller and emerging cities are venturing into the virtual world, they are creating a new lucrative pool of targets for cyber criminals. "Lack of awareness and low adoption of security measures makes these cities susceptible to cyber threats  and warrants greater vigilance in protecting information assets," says Ghosh.


These are the findings of the survey

Smaller,  emerging cities face the risk of cyber attacks: Smaller cities like Bhubaneshwar, Surat, Cochin, Jaipur, Vishakhapatnam and Indore have a high proportion of SMBs and industry clusters. Symantec says these locations are being inducted as part of a network of compromised computers. Additionally, some cities repeatedly appear in the list for origin of phishing in India - Ahmedabad,  Nashik and Coimbatore also figure in the list of bot-infections. 

Targeted attacks on organizations of all sizes: The number of daily targeted attacks have increased from 77 per day to 82 per day by the end of 2011. Targeted attacks use social engineering and customized malware to gain unauthorized access to sensitive information. These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.

Also, these attacks are no longer confined to large organizations.  More than 50 per cent of such attacks target organizations with fewer than 2,500 employees, and almost 18 per cent target companies with fewer than 250 employees. These organizations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended. Furthermore, 58 per cent of attacks target non-execs, employees in roles such as human resources, public relations, and sales. Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company. They are also easy for attackers to identify online and are used to getting proactive inquiries and attachments from unknown sources.

Malicious attacks continue to grow rapidly: Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 per cent over the previous year.  In addition, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 per cent.

At the same time, spam levels fell considerably and new vulnerabilities discovered decreased by 20 per cent.  Attackers have embraced easy to use attack toolkits to efficiently leverage existing vulnerabilities.  Moving beyond spam, cyber criminals are then turning to social networks to launch their attacks.  The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims. 

Rise of data breaches, lost devices concern for the future: Approximately 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year.  Hacking incidents posed the greatest threat, exposing 187 million identities in 2011—the greatest number for any type of breach last year.  However, the most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.  

As tablets and smartphones continue to outsell PCs, more sensitive information will be available on mobile devices, Workers are bringing their smartphones and tablets into the corporate environment faster than many organizations are able to secure and manage them.  This may lead to an increase in data breaches as lost mobile devices present risks to information if not properly protected.


Mobile threats expose businesses and consumers: Mobile vulnerabilities increased by 93 per cent in 2011. At the same time, there was a rise in threats targeting the Android operating system.  With the number of vulnerabilities in the mobile space rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities, 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats are designed for activities including data collection, the sending of content, and user tracking.