: K7’s Cyber Risk Monitor
Android Mobile Devices are Easy-to-Target for Cybercriminals
The pioneer of Indian Cyber Security segment, K7 Computing today released the findings of K7’s Cyber Risk Monitor (CRM) report, proving an insightful look into the complex cyber security landscape in India and recommendations that addresses both Enterprise and Consumer segments.
The first Thread of K7’s Cyber Risk Monitor, the index of lakhs of records of telemetry and experiential data researched by K7 Labs, reveals that Indian organisations are more vulnerable to cyber attacks due to poor server configurations that enable cyber criminals to exploit and gain access to organisations.
The report shows that there has been a significant increase in the frequency of cyber attacks across India over the last few years as the cyber criminals have become more smart and lethal. While web-based attacks remained dominant in the Cyber Threat Type Breakdown, cyber criminals are using malicious apps to compromise Android mobile devices in Mobile Security Space.
Commenting on the launch of the study, Mr. Purushothaman, CEO of K7 Computing said, “Today, Cyber security is the real world problem and being the first Indian company, with proven experience of over 25 years, we take pride in introducing our Cyber Risk Monitor report at the time when India is fast emerging as one of the key targets for cyber criminals globally. K7’s CRM provides deep insights into the current landscape of cyber threat trends in India and we hope that this report contributes to enhance the understanding of cyber threats for organisations as well as every citizen of India. In addition, this report over a period of time will guide organisations to direct their efforts to align their cyber security solutions to be cyber safe.”
Below are some of other key Insights from the K7’s CRM:
Attack Type Breakdown
- Web-based attacks, found to be 51%, are dominant followed by device-based threats, whether yet to launch themselves or already launched.
- The reasons for web-based attacks include Browser Vulnerabilities, Malevolent URLs (phishing links), Insecure Websites and Social Engineering (social networks and email).
Mobile Security Space
- Adware are found to be the second largest threat to consumers from cyber criminals who use both advertising services and advertising frameworks to compromise Android mobile devices.
- Consumers downloading apps based on rating in the Google Play store has enabled the Hiddad family of malware to become more popular in the last few months. Hiddad uses different methods to display as many ads as possible to the user, including by installing new hidden adware. By taking advantage of user rights, the malware can hide in the device folder, making it very difficult to delete.
- Many users also encountered a certain number of apps pretending to be Google-service related apps like – Google Calendar Sync Adapter, Google Video pro, Google Apps and Google Search, and also Games, video downloaders, porn content providers, internet-speed/sound boosters and gallery apps.
Exploitation of Loopholes
- Weak Passwords and Remote Desktop Protocol (RDP) based attacks have become a dominant type of cyber threat in the country typically due to inadequate system configuration settings and protective infrastructure.
- While the awareness about the risks associated with older operating systems is there among users in India, a large number of users in the country still rely on unsupported versions of Microsoft Windows that is leading to exploitation of loopholes.
- The study found that around 86% of affected Indian users are still far away from Microsoft’s most secure OS which is Windows 10.
- Third-party software like application software, utility tools, internet browsers (86% of blocked attacks), document viewers, run time environments, etc. are also prone to cyber attacks.
The India-based study, takes a closer look at some of the telemetry and experiential data compiled by K7 Labs experts to portray the challenges faced by users and enterprises within India, providing insights into some real-life scenarios and explaining how to defend oneself or one’s organisation against such threats.