With cyber criminals adopting newer ways of attacking consumers and corporates, like via social networking sites, security solutions need to evolve from just providing antivirus protection, software maker Symantec today said.
According to a study in 2009, Indian enterprises lost Rs 58 lakh due to cyber attacks. This is set to increase further if companies do not take appropriate measures to protect themselves from various threats that lead to not just financial setbacks but also loss of crucial data.
Cyber criminals are using various means such as social networking and posting malicious links in instant messengers (IMs) along with spam mails.
With the increasing popularity of social networking sites, Symantec expects to see frauds being leveraged against site users to grow as well.
"Social engineering is already one of the primary attack vectors being used today and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010. Third party applications were made a target of fraud on various social networking sites and the trend is expected to continue," Symantec Vice President (India Product Operations) Shantanu Ghosh said.
In its Mid-Year report card, Symantec said more attackers are going directly after the end-user and attempting to trick them into downloading malware or divulging sensitive information under the pretence that they are doing something perfectly innocent.
As further validation that this trend is indeed developing, Facebook recently updated their application authorisation system in an effort to reduce the number of scams and misleading applications being propagated via their network, he added.
Now a user is informed when an application seeks permission to access the user's basic information or to post on their wall.
This becomes more serious as many enterprises allow their employees to access social networking sites such as Facebook from the work premises. According to an early study by Symantec, 82 per cent of the Indian enterprises surveyed allow employees to use Facebook at work.
"With the rise of polymorphic threats and unique malware variants in 2009, the industry is quickly realising that traditional approaches to antivirus solutions are not enough to protect against today's threats. Instead, approaches to security that look to ways to include all software files will become key in 2010," Symantec said. .
Another trend that is catching up is spam. Since 2007, spam mails (mails with links to other websites promising the reader of lottery, free holidays, medical procedures) have increased on average by 15 per cent.
Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software.
"From using the government as bait in the beginning of the year, to capitalising on India's obsession over sports and films, the spammers seem to be getting better at their game of hide and seek this year. According to Symantec State of Spam Report for the month of July, globally, spam made up 88.32 per cent of all messages in June and malware spam made up almost 12 per cent of all spam," Ghosh said.
India ranks at number two in terms of spam originating countries, i.e the highest in Asia, contributing six per cent to the global spam levels, he added.
The report also pointed that IMs are also proving to be a menace to security of data.
As of June 2010, Symantec data indicates that one in eight hyperlinks (links to another website) in a chat are of a malicious website.
"The use of IMs is high among Indian enterprises.
According to Symantec 2010 Enterprise Security Report Millennial Mobile Workforce and Data Loss, 69 per cent of the surveyed firms use Gtalk at work, while 61 per cent of them have employees using the Yahoo Messenger," Ghosh said.
In 2010 messenger, IM attacks will grow in popularity and the threats will largely be comprised of unsolicited spam messages, especially attacks aimed at attacking legitimate IM accounts, he added.
