Grabit: New cyber security threat to SMBs in India

By Kul Bhushan | Published on 29 May 2015

Cybercriminals have long targeted the top brands, businesses but the new Kaspersky Lab report reveals small and medium-sized businesses worldwide are now also on risk.

Grabit: New cyber security threat to SMBs in India

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more


Researchers at Kaspersky Lab have discovered a new cyber-spying campaign called Grabit that is targeting small, medium sized organisations based in mainly in India and even in countries such as Thailand and the US. Other countries affected are the UAE, Germany, Israel, Canada, France, Austria, Sri Lanka, Chile and Belgium.

Grabit is targeting businesses across sectors chemicals, nanotechnology, education, agriculture, media, construction and more. According to Kaspersky, India and Thailand were the maximum affected by this cyber-attack. Kaspersky Lab reveals malware were sent by employees to each other as stolen host names and internal applications are the same. According to researchers, infection starts when a user in a business organization receives an email with attachment that looks to be a MS word (.Doc) file. Users clicks to download the file and the spying programme is transferred to the machine from a remote server that has already been hacked by hackers. The compromised service acts as a malware hub. Cybercriminals take control of the machine using HawkEye keylogger and a onfiguration module having a number of Remote Administration Tools (RATs).

“We see a lot of spying campaigns focused on enterprises, government organizations and other high-profile entities, with small and medium-sized businesses rarely seen in the lists of targets. But Grabit shows that it’s not just a “big fish” game – in the cyber world every single organization, whether it possesses money, information or political influence, could be of potential interest to one or other malicious actor. Grabit is still active, and it’s critically important to check your network to ensure you’re safe. On May 15th a simple Grabit keylogger was found to be maintaining thousands of victim account credentials from hundreds of infected systems. This threat shouldn’t be underestimated,” – says Ido Naor, Senior Security Researcher, Global Research & Analysis Team. Check out the full Kaspersky Lab report here.

India has continued to be one of the top targets of cybercriminals. Even as efforts are on to beef up security features, cybercriminals have continued to innovate to target individuals. The latest revelation also highlights how the start ups and middle-sized companies are being targeted in India. The new development comes shortly after National Association of Software and Services Companies (NASSCOM) and Data Security Council of India teamed up to launch a NASSCOM Cyber Security Task Force, which will ensure India evolves as a global for cyber security solutions. The Indian government is also planning to set up a dedicated center that detect malicious programs and botnets and help device owners to remove harmful software for free.

Malware distribution by country


Kul Bhushan

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status