Cyber Attacks: The Common In India In The Clusit
Cyber attacks are increasing and affecting businesses, as emerges from the latest Clusit Report. A picture of the situation and some advice to defend yourself. Cyber attacks are constantly increasing, as evidenced by the Clusit 2022 report published a few days ago.
Which collects data from various sources: the analysis of Fastweb’s Security Operations Center (SOC), the research carried out by Libraesva on the evolution of email security in India, the findings of the Postal Police, IBM data on Cyber-crime in the financial sector in Europe and, in the appendix, a study carried out by four experts from the CERT of the Bank of India.
In particular, in 2021, there was a 10% increase in attacks globally compared to the previous year. In Italy, the FASTWEB SOC recorded more than 42 million security events, a rise of 16% compared to those reported in 2020. The Report also highlights a constant growth of malware and botnets (+58% of compromised servers) and an increase in infections on mobile devices, particularly FluBot.
This malware affects Android devices by spreading through phishing links ( a fraudulent technique to steal information and sensitive data from users) shared via SMS or messaging apps. Lastly, regarding email security, it should be noted that attack techniques have evolved into ever more subtle forms, difficult to recognize, monitor, and intercept. Organizations and companies must recognize all these factors and stay updated on the evolution of cyber attacks.
It is no longer enough to have countermeasures such as a suitable antivirus or to comply with the most basic safety rules – avoiding, for example, opening links from unknown sources – but it is necessary to adopt a specific methodological and cultural approach for each possible object of attack (site, server, email, mobile devices, etc.). In addition, it is essential to educate your employees so that they are aware of these threats and avoid them.
What Are Cyber Attacks?
A computer attack or cyberattack is any action committed by individuals or organizations to affect networks, computer systems, infrastructures, or electronic devices to steal, alter or destroy data for espionage, extortion, or as a demonstrative act.
This is done by identifying a security hole in the system/network/server/device you want to hit, and infecting it with malicious software (Virus, Trojan, or Worm), which, depending on the case, will perform specific actions. A computer attack can be defined as syntactic or semantic.
In the first case, it is a direct attack through which malware or malicious software is installed; in the second case, it can consist of modifying data and information to spread incorrect or false information or damage an organization’s or an individual’s image.
Other attacks have the theft of personal data and passwords as their purpose. In contrast, others still address more specific objectives, such as the interruption of telecommunications (man-in-the-middle attack ) or the interruption of service ( amplification attack ).
The Most Common Cyber Attacks In India: Trends And Types Of Attacks
The analysis of Fastweb’s network infrastructure, which includes over 6.5 million public IP addresses reported in the 2022 Clusit Report, recorded over 42 million security events, an increase of +16% compared to the 2020 Report. In addition to the increase in cyber attacks (almost +10% globally in 2021), the analysis highlighted a constant growth trend in the severity – i.e., the impact and repercussions – of incidents, with 32% characterized by a rigor “critical” and 47 % “high.”
Cyber attacks in 2021 were better calibrated and more targeted towards specific targets, signaling an increasingly strong involvement of organized crime behind the phenomenon of cybercrime. Malware and botnets remain among the most relevant cybersecurity trends of 2021, with a net of +58% of compromised servers.
34% of these threats derive from specific platforms, such as Andromeda, used to distribute over 80 families of malware, or Downadup, which allows you to take total control of servers. Even at the level of mobile devices, the penetration of cyber threats is significantly increasing, mainly due to FluBot, a malware for Android devices that spreads via phishing via SMS and messaging apps.
The so-called 0-Day attacks, i.e., lightning attacks that exploit flaws unknown to IT infrastructure developers and undetectable by standard protection systems, are also rising. The geography of malware attacks has shifted, involving more servers hosted in Europe than the United States, but their extent is constantly growing. It must be addressed by adopting specific protection systems for each threat independent of the country of origin. Let’s now look more at the main types of cyber attacks.
Malware (in full: malicious software) allows you to carry out illegal activities against other users. Malware is mainly distinguished into two variants:
- Spyware: spy malware used to identify and steal sensitive user data and information, such as passwords and credentials for accessing online banking services;
- Ransomware: malware that limits or blocks a device’s access to ask for a ransom (ransom in English) to remove the limitation.
This malware can then be divided into viruses, trojans (trojan horses), worms, and other forms, which, each in different ways, infect devices and networks. Malware is often composed of multiple pieces of software that act coordinated. These attacks are often launched extensively, with the logic of the trawl net, low costs, and sound economic performance because they allow you to ” fish in a pile. “
A DoS attack (denial-of-service) or, in its advanced form, DDoS (Distributed denial-of-service) is a cyber attack in which large amounts of data are sent to a single network resource to saturate it and send it “out of use.” They can affect websites, but also SMTP or FTP networks, and in 2016 they were the protagonists of a massive cyber attack that put the sites of Netflix, Twitter, Amazon, and The New York Times out of action for a few hours. Again, the attack can be claimed for ransom. These are complex attacks that generally affect sites and networks of the Public Administration or large companies.
Attacks On Mobile Devices
In 2021 Fastweb noticed a growth in fraudulent phenomena that exploit the SMS service due to malware such as the Flubot, as mentioned earlier, conveyed through smishing and phishing via SMS. Phishing is a fraud attempt to steal sensitive information, such as username, password, and credit card number. The scammer sends emails to many people (often tens of thousands of emails).
- is designed to appear to come from a website or platform known to the recipients;
- Invites the user to provide their data following certain events (problems occurring in the provision of the service, need to update their password, etc.) or to benefit from exclusive offers;
- Contains a link that leads to a fictitious site that resembles the simulated platform as much as possible. The user is invited to click on the link and enter their data on the destination site, which is acquired by the fraudster.
Smishing is a form of phishing that uses SMS as an attack channel instead of email messages. In addition to causing potential data loss for users, this malware spread by sending new SMS to contacts found in the user’s address book and to predefined “command & control” telephone numbers, which can lead to saturation and the temporary slowdown of the network. Another form of smishing consists of messages inviting you to call toll-free numbers (e.g., 899 numbers).
The Report also highlighted a constant growth of threats affecting mail services. This is a symptom of a continuous evolution of systems to evade the security systems of mail services. In 87% of cases – with an increase of 11% – malware and ransomware are used, while attacks based on the direct sending of malicious attachments are decreasing.
Among the objectives of these attacks, the theft of user’s data, such as, for example, ” Credential Phishing, “despite presenting a slightly decreasing trend, remains the most used attack method, with a weight of 60% of the total.
In this type of attack, the individual threat remains high, as being launched on a large scale, they can also randomly hit the simple private user. However, it should be remembered that email attacks are increasingly organized through campaigns dedicated to particular subjects, such as organizations, institutions, and companies.
How To Defend Against Attacks: Awareness And Protection
Everyone now faces these threats, whether an organization, a company or a small business. Using antivirus software, the first step to defend against cyber attacks is to reduce the attack surface. Integrating these systems with antimalware and anti-spam solutions is necessary to reduce the chances of penetration of these threats.
Furthermore, frequent and regular checks of the devices and the corporate network are fundamental. However, the first form of prevention is proper training to prevent employees from accidentally introducing viruses into the network or providing information such as credentials or sensitive data based on deceptive requests.
In this sense, it is advisable to prepare a valid company policy that regulates the use of the devices and which, in the event of an error, involves a recovery and business continuity procedure (i.e., prompt resolution of the crisis and maintenance of the company activities ), as well as an accurate information system which, for example through circulars or newsletters, discloses the main cyber threats of the moment.
It is also instrumental to periodically carry out a penetration test, i.e., the simulation of an attack to assess the company’s security level from the outside by contacting qualified professionals. Other best practices to defend against cyber attacks are:
- regularly read up on reliable sites;
- subscribe to the newsletters of the leading antiviruses;
- periodically update the software (firewall, antivirus, antimalware…);
- have an eye on the choice of corporate passwords;
- carry out periodic checks of the company’s wi-fi network.
Among the most comforting data to emerge from the Clusit Report, it should be emphasized that in one year, the number of servers and devices without minimum levels of protection has dropped by 16%, in the wake of a trend of recent years which demonstrates how organizations and companies are progressively increasing their defensive lines. This is due to an ever-increasing awareness on the part of companies regarding IT risks and the need to invest in corporate security.
The ever-increasing use of interconnected digital tools has done businesses, and PAs face the need for more careful management of the security of their information systems, which employees increasingly access in a remote and distributed manner, especially after the recent diffusion of intelligent working. Corporate policies and structured training programs on IT security are indispensable tools for guaranteeing the security of one’s business.