Cyber criminals are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them, states security firm Symantec.
The company's Internet security threat report says that there Industries like gas, transportation, electricity and communications saw a five time increase in the targeted attacks. The number of attacks on key sectors such as financial services was up from 11.1 pc in 2013 to 17.1 percent in 2014, transportation and communications were up from .8 pc in 2013 to 4.4 percent in 2014. Mining sector received the highest number of phishing mails and second highest number of virus-bearing emails in 2014.
The growing social media population provided an easy base for hacker and India became the second most targeted country in the world for social media scams. “Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,” added Tarun Kaura, Director, Technology Sales at Symantec, India. “Last year, India had the second highest number of social media scams globally. Over 80 percent of these scams were shared manually, as attackers took advantage of people’s willingness to trust content shared by their friends.”
Symantec states that software companies took an average of 59 days to create and roll out patches for threats like Heartbleed in 2014, making it easier for attackers to exploit systems. In all there were 24 total zero-day vulnerabilities discovered in 2014, which give cybercriminals an open field to exploit known security gaps before they were patched.
“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Tarun Kaura, Director – Technology Sales, India, Symantec. “We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”
Symantec has suggested some security tips so consumers and businesses can protect themselves against attacks. The security firm suggests that businesses should implement multi-layered endpoint security, encryption, strong authentication as well partner with a managed security service provider. Consumers should use strong and unique passwords for their accounts and devices, and update them on a regular basis. Users should not open unsolicited emails or social media messages from unknown sources.