India was the third most affected country in 2013 to be attacked by the notorious Zeus malware that is used to steal sensitive data from industries like finance, government, manufacturing and services, security solutions firm Websense said.
Zeus is a malware that runs on PCs running versions of Microsoft Windows operating system. While it can carry out many malicious and criminal tasks, it is often used to steal banking information by keystroke logging and form grabbing.
It is also used to install CryptoLocker ransomware, which locks access to the computer unless a fee (usually is paid to the hacker by the user.
India followed the US and the UK, in terms of attacks based on geographic location, Websense said in its 2014 Threat Report.
Other countries in the list included Canada, Brazil, Australia, Mexico, Italy, France and Turkey, it added.
While services was the most attacked vertical, manufacturing, finance and government sectors followed closely on the list.
Other target sectors included communications, education, retail, healthcare, transportation and utilities.
Zeus is spread mainly through drive-by downloads and phishing schemes.
“Originally designed as a financial threat, the Zeus malware was repurposed in 2013 for other vertical market objectives, from widely distributed attack sources,” Websense said.
Zeus started attacking systems sometime in 2006 and in June 2009, security company Prevx estimated that Zeus had compromised over 74,000 FTP accounts on websites of companies like Bank of America, NASA, Monster.com, ABC, Oracle, Cisco, Amazon and BusinessWeek.
The report said the attack ecosystem — along with actors, their motivations and techniques used — continue to grow in number, complexity and sophistication.
“As the attack ecosystem grows in scope, it is getting increasingly difficult to attribute the source of an attack.
Many experts and organizations claim to be able to pinpoint the source of an attack, but it is rarely that easy or straightforward,” it added.
This is exemplified in the Zeus attack with the reusing of attack components, compromising of websites and using numerous redirections that all serve to thwart identification of sources, it said.