India leads when it comes to mobile malware, says Symantec’s Internet Security Threat Report (ISTR) for 2018. The report also notes that cyber criminals are doubling down on alternative methods like formjacking to make money as returns from ransomware and cryptojacking are diminishing. The cyber security firm analyses data from its Global Intelligence Network to curate this report.
When it comes to smartphones and user privacy, Symantec notes that smartphones are one of the best spying devices. This is because they are a camera, a listening device and location tracker all in one. The report notes that attacks on smartphones have increased by a big number, and India is one of the top countries for mobile malware with 23.6 per cent of global infections.
The report also shows that consumer privacy has entered the limelight in the past year due to the Cambridge Analytica data scandal and implementation of EU’s General Data Privacy Regulation.
According to Symantec research, over 45 per cent of popular Android apps want access to device location, camera and e-mail addresses, whereas, over 24 per cent of popular iOS apps require permission for the same. Tools to gather this data are on the rise and clearing the way for abuse to track others without consent, says the report.
India has been ranked fourth globally and second in Asia Pacific and Japan region in terms of cryptomining activities. It has also been ranked second, both globally and in APJ in terms of ransomware activities.
Cryptojacking has allowed cyber criminals to harness stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. This method of attacking users has seen a drop-off in activity due to declining cryptocurrency values and increasing adoption of cloud and mobile computing, rendering attacks less effective.
Ransomware attacks have lowered by 20 per cent for personal use, however, have jumped up 12 per cent for enterprise users.
The report also states that formjacking is the new get rich quick scheme. These attacks are quite simple and easy to perform as cyber criminals only have to inject malicious code into a retailer’s website to steal its shoppers’ payment details. It states on an average over 4,800 websites are targeted by this attack every month. Many well-known websites like Ticketmaster and British Airways being compromised recently.
Symantec estimates cyber criminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information. The British Airways formjacking attack got the cyber criminals details of over 3,80,000 credit cards.
The report also states that enterprises adopting cloud-based solutions are making the same security mistakes that were made by initial enterprise PC adopters. Cloud services risk being exploited to gain access to data due to recently discovered chip vulnerabilities like Meltdown, Spectre and Foreshadow.
Supply chain and living off the land attacks have increased by 78 per cent in 2018 and are widely being adopted by cyber criminals and targeted attack groups. These attacks allow attackers to maintain a low profile and hide their activity in a mass of legitimate processes. The company says that identifying and blocking these attacks require the use of advanced detection methods like analytics and machine learning.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines