Web-based attacks remain the biggest cyber security threat in India with 51 per cent of all the cyber intrusions recorded in this segment. Mismanaged and unpatched servers, weak passwords and rogue apps are found to be the top culprits.
This was revealed in the maiden survey conducted by a Chennai-based cyber security solutions company K-7 Computing.
Adware were found to be the second largest threat to consumers from cyber criminals who use both advertising services and advertising frameworks to compromise Android mobile devices.
Rogue apps too are being used to dupe the unsuspecting mobile phone users, who download apps from the third party app platforms.
The firm’s research division K-7 Labs has come out with the maiden edition of Cyber Risk Monitor. It gathered intelligence from its network of 10 million customers in the country.
K7 Computing, which has a share of 23 per cent in the consumer protection space, has about 15 million customers in Japan through a partnership.
“We made a revenue of ₹74 crore in 2018-19. We are looking at touching the ₹100-crore this current financial year,” Purushothaman, Chief Executive Officer of K7 Computing, has said.
“The reasons for web-based attacks include browser vulnerabilities, malevolent URLs (phishing links), insecure websites and social engineering (social networks and email),” Samir Kanu Mody, Vice-President (Threat Research) of K7 Computing, said.
“We find unpatched servers expose the systems for intrusions. This happens when administrators skipped installing a critical patch. Exploiting the vulnerability, the hacker creates two user accounts remotely with admin privileges and logs on to the server,” he said.
The report found that there has been a significant increase in the frequency of cyber attacks across the country in the last few years as the cyber criminals have become more smart and lethal.
“Consumers downloading apps based on rating in the Google Play store have enabled the Hiddad family of malware to become more popular in the last few months,” the report said.
“Hiddad uses different methods to display as many ads as possible to the user, including by installing new hidden adware. By taking advantage of user rights, the malware can hide in the device folder, making it very difficult to delete,” he pointed out.
Many users also encountered a certain number of apps that look like Google-service related apps.
Weak passwords continue to be a top choice by hackers to launch the attacks.