Ransomware attacks targeting Indian enterprises have witnessed a sudden increase during Q1 of 2020-21. The Cyber Threat Monitor Report by global cyber security major K7 Computing, analysed various cyberattacks during the quarter and found that threat actors are increasing the frequency of their attacks with new strategies. The increase in frequency of attacks in the country has been enabled by ransomware operators offering ransomware as a service (RaaS) to cyber attackers.
The report reveals that modern ransomware operators have transformed themselves into businesses and are extremely focused on their targets and attacking strategies. Threat actors now operate like high-end software enterprises offering Ransomware as a Service (RaaS). Modern RaaS solutions come with high-end tools like a dashboard to display attack status in real time, customer helpline, and more. Threat actors are also increasing their advertisements on the dark web, offering a variety of customised attacks.
The Cyber Threat Monitor Report reveals a 4% increase in the infection rate across the country. Malware in the form of ransomware, Remote Access Trojans (RATs) and Banking Trojans have been on the rise during the quarter.
The report also found that Chennai, Pune, Ahmedabad and Hyderabad recorded the highest rate of infections amongst Tier-I cities; Guwahati, Jaipur and Jammu had the highest infection rate of 38% each followed by Patna at 35% amongst Tier-II cities. These attacks were designed to exploit user trust and scam people for financial gain. Threat actors have continued to exploit vulnerabilities in operating systems, application software, and firmware in this quarter. Zoom and Microsoft Teams were the most at risk. Apart from this, hackers have also taken advantage of salient weaknesses in Windows, Android, iOS, and IoT devices.
Other key findings
Threat actors often invest a considerable amount of time in finding unknown vulnerabilities in software and hardware. The study found a critical vulnerability CVE-2020-11470 in the Zoom app that allows an attacker to take control of the victim’s microphone and camera without notifying them. A vulnerability in Microsoft Teams allows cybercriminals to use a malicious GIF to sweep up the user’s data and take over an organisation’s Teams accounts.
Cybercriminals are not only relying on malvertising apps to monetise their efforts but are also developing Trojans to deliver their malicious attacks. The proportion of adware and Trojans on the Android platform have swapped their positions in just over a year. The notorious Operation Cerberus banking Trojan was seen primarily targeting Indian banking users, the study says.
Q4 2019-20 witnessed a 7% increase in Trojan attacks on Macs compared to Q3. The surge continued in Q1 2020-21 with a 11% rise in attacks in comparison to the previous quarter. A large variety of Potentially Unwanted Programs (PUPs), many belonging to the keylogger or activity monitor category, were found in Macs during the quarter.
Commenting on the findings, J Kesavardhanan, Founder & CEO of K7 Computing, said “It is an area of significant concern for the country during this critical situation. Cyber attackers have been shifting their aim towards the enterprise market, exploiting the lack of cybersecurity awareness amongst startups and SMEs. It is not only a major threat to businesses but also to consumers who are dependent on the internet. Cybercriminals are getting smarter and cyberattacks are becoming more sophisticated. Be it malware, data loss, or hacking, netizens and especially enterprises are at greater risk of becoming victims of cybercrime than ever before.”
“We are also witnessing an increase in phishing attacks due to the panic caused by COVID-19 and offices transitioning their workforce from centralised secure hubs to remote workstations at home. This is particularly challenging for small- and medium-sized businesses that don’t have a full-time IT security professional to monitor and enforce adequate protection,” he added.