Seqrite – a specialist provider of endpoint security, network security, enterprise mobility management, and data protection solutions – has highlighted the growing cyber threat to Indian enterprise ecosystem with the Seqrite Annual Threat Report 2020. The report is based on insights analysed by Quick Heal Security Labs, a leading source of threat research, threat intelligence and cybersecurity, and is based on the telemetry threat data sourced from enterprise endpoints and networks during 2019.
The most prominent trend highlight by the latest Seqrite threat report was the drastic increase in the volume, intensity, and sophistication of cyber-attack campaigns targeting Indian enterprises. Over the last 12 months, Seqrite detected and blocked more than 146 million enterprise threats – marking a year-on-year growth of 48 per cent compared to 2018. Interestingly, almost a quarter (23 per cent) of the threats were identified through Signatureless behaviour-based detection by Seqrite, indicating how a growing number of cybercriminals were deploying new or previously unknown threat vectors to compromise enterprise security.
The sharp spike should be a cause for concern for CIOs and CISOs in the country, especially given the growing digital penetration within their enterprise networks. With network vulnerabilities and potential entry points increasing at a rapid pace, threat actors are expected to leverage AI capabilities to power their malware campaigns in the future to capitalise on newer attack vectors.
Manufacturing, BFSI, Education, IT/ITES, Healthcare, and Government emerge as the most lucrative sectors for cybercriminals
The growing penetration of new-age digital technologies and services in enterprise networks has driven widespread transformations across all industries. Organisations across sectors have benefitted from this digital adoption and the unparalleled optimisation that it delivers.
However, this digital transformation is also giving rise to multiple cybersecurity concerns across the entire enterprise ecosystem. For instance, the rapid integration of IoT devices, BYOD, and third-party APIs into enterprise networks has created newer security vulnerabilities that might go unnoticed until a major breach occurs.
In 2019, cybercriminals were found trying to capitalise on this trend by targeting enterprise networks across multiple industries. Sectors such as manufacturing, BFSI, education, IT/ITES, healthcare, and government were identified as the most at-risk, as the massive volumes of high-value data that they process have made them lucrative targets for threat actors.
Threat researchers at Seqrite also observed several large-scale advanced persistent threats (APT) attacks deployed against organisations in the government sector, including prominent attack campaigns such as Operation m_project and BackDoor.DTrack. This trend highlighted how cybercriminals were now turning to newer, more nuanced attack methodologies to steal sensitive data of national importance. The entry of nation-states and organised cybercrime cells into the fray is expected to add more complication to this situation and will require Indian government bodies and corporate enterprises to shore up their cyberdefence strategies in 2020 and beyond.
Cyber-attacks grow more complex, even as simple attack surfaces remain undefended
Amongst other interesting trends highlighted in the Seqrite Annual Threat Report 2020 was the growing sophistication of malware attacks. Open-source tools, for instance, were used to drive the success of Emotet and Phobos ransomware campaigns, while BlueKeep-based RDP attacks have also grown due to the availability of freely-available exploit kits on popular exploitation frameworks.
More alarming, however, was the continued lack of security awareness amongst enterprises and government organisations. Unsecured Remote Desktop Protocol (RDP) and Server Message Block (SMB) protocols continued to be targeted through brute-force attacks. Spear phishing attack campaigns leveraging Office exploits and infected macros were also used extensively by cybercriminals to gain access to enterprise networks and steal critical data.