India has been experiencing a massive shift towards the digital realm. While this brings opportunities and growth, it also opens doors for cybercriminals to exploit these increasingly used digital platforms.
Global cybersecurity company Kaspersky today reveals the threats that targeted Indian online users in 2023.
Latest data from the company’s Kaspersky Security Network (KSN) showed that in the period between January to December 2023, nearly 2 in 5 (33%) of web users in India faced a form of Internet-born cyberattack.
Overall, Kaspersky solutions detected and blocked a total of 62,574,546 Internet-borne cyberthreats in the country.
KSN is a distributed infrastructure that analyses cybersecurity data to understand threat scenarios.
“Year on year, India’s cybersecurity landscape gets more and more complex, as cybercriminals find newer ways to exploit the vulnerabilities of both the organisation’s systems and the individual users’ behaviours. In addition to this, the severity of attacks is increasing and the results impact both the financial and the reputational status of a person or a company. With the world moving towards AI and other next-gen technologies, we expect the fraud and scamming scenarios to get more intricate and challenging to detect. Thus, we urge Indian users to install security solutions on their devices to protect themselves from these web attacks,” says Jaydeep Singh, General Manager for South Asia at Kaspersky.
The report also reveals that cyberattacks via browsers and social engineering are the most prevalent methods of web infection.
Attacks via browsers remain a primary method of web threat
Attacks via browsers remain the main way of spreading malicious programs. Kaspersky’s report shows that cybercriminals often exploit the vulnerabilities in browsers and their plugins to penetrate the user systems.
Users are usually attacked when they visit an infected website. This happens without the user’s knowledge and intervention and may involve the download of dangerous file-less malware.
Social engineering to defraud users is another popular web threat
Kaspersky’s report also revealed that social engineering is another major cyber threat in India, and around the world. In social engineering, the user is manipulated by the cybercriminal to download a malicious file and give control of the system to the criminal.
Often cybercriminals make their targets believe that they are downloading a legitimate application or program, and once the user downloads the program, the cybercriminal starts to control the victim’s device and uses it for malicious purposes.
“Machine learning based modules and behaviour heuristics are key to fighting the stealthy threats that cyberattacks present. Our products apply Behavior Detection components to detect malicious activity even if the code is unknown. To prevent attacks through social engineering, we have security solutions capable of detecting threats as they are being downloaded from the Internet. Since many threat actors nowadays conceal malicious code to bypass static analysis and emulation, advanced technologies such as proactive Machine Language-based methods and behavior analysis are used to fight this type of threat,” explains Singh.
To stay protected, Kaspersky recommends users the following:
- Do not download and install applications from untrusted sources
- Do not click on any links from unknown sources or suspicious online advertisements
- Create strong and unique passwords, including a mix of lower case and upper-case letters, numbers, and punctuation, as well as activating two-factor authentication
- Always install updates
- Ignore messages asking to disable security systems for office or cybersecurity solution
- Use a robust cybersecurity solution appropriate to your system type and devices
For organisations, Kaspersky recommends the following:
- Always keep software updated on all the devices to prevent attackers from infiltrating network by exploiting vulnerabilities
- Use strong passwords to access corporate services. Use multi-factor authentication for access to remote services
- Choose a proven endpoint cybersecurity solution for business that is equipped with behaviors-based detection and anomaly control capabilities for effective protection against known and unknown threats
- Use dedicated set of effective endpoint protection, threat detection and response products to timely detect and remediate even new and evasive threats
- Use the latest threat intelligence information to empower your security experts
