India becomes favourite destination for cyber criminals amid Covid-19

 

With pandemic disrupting businesses and with remote working becoming reality, cyber criminals have been busy exploiting vulnerabilities. Year 2020 saw one of the largest numbers of data breaches and the numbers seem to be only rising.

According to Kaspersky’s telemetry, when the world went into lockdown in March 2020, the total number of bruteforce attacks against remote desktop protocol (RDP) jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March—a 197 per cent increase. The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November 2020. In July 2020, India recorded its highest number of attacks at 4.5 million.

In February 2021—nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks—a far cry from the 93.1 million witnessed at the beginning of 2020. India alone witnessed 9.04 million attacks in February 2021. The total number of attacks recorded in India during Jan & Feb 2021 was around 15 million.

A data breach, irrespective of the modus operandi, has grown many folds in India. However, the disturbing trend in India has been firms’ failure to acknowledge that a breach has happened, which then makes individual users wonder if their data is safe at all.

Take the instance of the recent data breach at the payment firm Mobikwik. It was reported that the data breach incident has affected 3.5 million users, exposing know-your-customer documents such as addresses, phone numbers, Aadhaar card, PAN cards and so on. The company, till now, has maintained that there was no such data breach. It was only after the regulator Reserve Bank of India (RBI) asked Mobikwik to get the forensic audit conducted immediately by a CERT-IN empanelled auditor and submit the report, that the company is working with requisite authorities.

Rajshekhar Rajaharia, cybersecurity researcher who first tweeted about the MobiKwik issue, and many such breaches in India said: “Most companies, small or big, accept that they have been breached, especially when evidence of a data breach comes forward. In my experience, this makes their customers trust them even more. In the case of MobiKwik, it is surprising why they are not admitting to having been breached. They have threatened legal action against cybersecurity researchers and the fact that the leaked data has now been taken off the dark net is possibly giving them a false sense of security.”

Read Complete Article


Comments

Popular posts from this blog

Infinix Smart 2 review: 'Value for money' smartphone with tall 18:9 screen

Year in review: From OnePlus to Asus, best midrange flagship phones of 2019

OnePlus 8 review: Meaningful innovations elevate experience, justify price