Chennai: Ransomware-related cyber attacks on the Indian enterprises saw a 4 per cent rise in the first three months of the year, and the increase has been enabled by operators offering ransomware as a service (RaaS) to cyber attackers.
The report from Global cyber security major K7 Computing also found that Chennai, Pune, Ahmedabad and Hyderabad recorded the highest rate of infections amongst Tier-I cities.
Guwahati, Jaipur and Jammu had the highest infection rate of 38 per cent each, followed by Patna at 35 per cent among Tier-II cities. "These attacks were designed to exploit user trust and scam people for financial gain. Threat actors have continued to exploit vulnerabilities in operating systems, application software and firmware in this quarter," said the report.
Zoom and Microsoft Teams were the most at risk. Apart from this, hackers have also taken advantage of salient weaknesses in Windows, Android, iOS and Internet of Things (IoT) devices.
Malware in the form of ransomware, Remote Access Trojans (RATs) and Banking Trojans have been on the rise during the quarter. "Cyber attackers have been shifting their aim towards the enterprise market, exploiting the lack of cybersecurity awareness amongst start-ups and SMEs," said J Kesavardhanan, Founder & CEO of K7 Computing.
"We are also witnessing an increase in phishing attacks due to the panic caused by COVID-19 and offices transitioning their workforce from centralised secure hubs to remote workstations at home".
A partial path traversal vulnerability was noticed in the Zoom client and a vulnerability in Microsoft Teams allowed cybercriminals to use a malicious GIF to sweep up the user's data and take over an organisation's Teams accounts.
Two new vulnerabilities were detected in Microsoft's Server Message Block (SMB) protocol, said the report. "Modern ransomware operators have transformed themselves into businesses and are extremely focused on their targets and attacking strategies," it added.
Modern RaaS solutions come with high-end tools like a dashboard to display attack status in real time, customer helpline, and more, said the report.