Mobile cyber attacks on Indian firms up 845% in last 5 months

Microsoft's ransomware incident response engagements indicated insufficient privilege access and lateral movement controls in almost 93% of the cases.


Indian organisations witnessed a staggering 845 per cent increase in cyber-attacks on employees’ smartphones since October 2020, as remote working during the pandemic saw the mobile attack surface expand dramatically in the country, a new report said on Wednesday.

While the total number of mobile attacks on Indian organisations in October 2020 was 1,345, it reached 12,719 firms in March this year, according to the Threat Intelligence Report from cyber security firm Check Point.

During 2020, the researchers discovered a highly significant attack, in which threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75 of its managed mobile devices.

Worldwide, 97 per cent of organisations surveyed faced mobile threats that used multiple attack vectors last year.

While 46 per cent of organisations among those surveyed had at least one employee download a malicious mobile application, at least 40 per cent of the world’s mobile devices are inherently vulnerable to cyberattacks.

“As we have seen in 2020, the mobile threat landscape has continued to expand with almost every organisation now having experienced an attack,” said Neatsun Ziv, VP Threat Prevention at Check Point Software.

With 60 per cent of workers forecast to be mobile by 2024, mobile security needs to be a priority for all organisations, the report mentioned.

Almost every organisation experienced at least one mobile malware attack in 2020.

“Ninety-three per cent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials,” the findings showed.

The research showed that at least 40 per cent of the world’s mobile devices are inherently vulnerable to cyberattacks due to flaws in their chipsets, and need urgent patching.

“Threat actors have been spreading mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers, often hiding the malware in apps that claim to offer Covid-19 related information,” the report said.