Tier-II, tier-III cities vulnerable to malware attacks and information theft

There's little doubt that Internet penetration levels in India, particularly in rural areas, are far from ideal. Why, even in urban areas, the digital divide is all too ubiquitous.

However, Web security firm Symantec's annual report indicates that even when smaller cities, small and medium businesses in particular, are able to log on to the information highway, they're subjected to constant malware attacks and exposed to information theft risks.

The Internet Security Threat Report finds that 25 per cent of bot infections — computers that are compromised, allowing malcode writers to take control of your computers — in India are reported in tier-II and even tier-III cities.

The cities that figured on the ‘targeted' map are Bhubaneswar, Surat, Cochin, Jaipur, Visakhapatnam and Indore. Perhaps, for the first time, this edition of the report looks at smaller cities or district headquarters (for instance, Gondia in Maharashtra) where computers appear to be increasingly becoming soft targets.

Easy targets

Small and medium businesses in these cities, that are perhaps experimenting with newer technologies and opportunities offered by the virtual network, are easy targets because of low awareness levels and inadequate security measures, observes Shantanu Ghosh, vice-president and managing director, India Product Operations, Symantec.

This new segment, which is logging on to the network, is “unprotected” and, therefore, easy target for attackers worldwide. In fact, more than 50 per cent of malware attacks in 2011 targeted organisations with fewer than 2,500 employees, and almost 18 per cent target companies with fewer than 250 employees.

These organisations, Mr. Ghosh says, are perhaps targeted either because they are part of the business ecosystem of larger players or randomly by malware writers who are looking to add more computers to the malware network.

So, computers from smaller cities (where awareness on computer security is low) are being used as botnets to send out spam or to attack other computers. In fact, when it comes to consumer tech too this diversification of targets is visible, with malware now attacking Apple ecosystems, which were previously considered ‘virus-free', and Android operating systems. The report also indicates that mobile vulnerabilities increased by 93 per cent.

Globally, India tops the list of countries in terms of the number of spam ware zombies, or computers compromised and used as ‘command and control' units to send out spam.

Removable hard drives

Symantec studies in India reveal that even though firms are investing in securing their networks, lack of awareness about malware risks posed by the use of removable devices continues to expose computers, both at home and in the enterprise.

Six out of top 10 malcodes doing the rounds here spread through removable devices, such as USB drives, and 14.47 per cent of malware spreads through such external plug-and-play devices.