The report found that the emergence of smart devices like connected cameras, cars, health and industrial automation devices is encouraging the “hacking for hire” industry.
“The emerging IoT devices come with a low memory and processing footprint and usually accommodate very little security capabilities including patching. Such devices, once “online” with an IP address, are easy prey for sophisticated hacking syndicates,” Wipro added.
Typically, all software running on the Internet should be ‘updated’ or ‘patched’ whenever new vulnerabilities come to light. While this does happen in case of computers, and to some extend for phones, it is rarely done for connected appliances and machines.
Hacking syndicates can develop custom malware to take control of connected devices en masse and use them as a launch pad for cyber-attacks, Wipro warned.
“Data breaches once made public, resulted immediately in high peaking of negative sentiments on social media against the enterprise concerned, indicates the post facto twitter sentiment analysis. 56% of breaches reported had user credentials (passwords) as part of the types of data stolen, implying that further damage could be perpetrated using the stolen data,” the Bangalore-based company said.
The report said 56% of all the malware attacks that took place in 2016 were the result of Trojans, while viruses and worms accounted for 19% and 20% respectively.
A computer virus is a type of malware that propagates by inserting itself into another program. It spreads from one computer to another, leaving infections as it travels. Worms are viruses that do not require a host program or human help to propagate.
Trojans are malware that imitates legitimate programs. Users are tricked into installing them by sending them in emails with enticing titles.
Other types of malware threat categories like PUA, adware and ransomware, together, though accounted for only 4% of attacks, often can lead to significant damages, said Wipro.
The report comes in the wake of widespread infections of the WannaCry virus.
The most favored ‘exploit kit’ was ‘angler’, which was used in 33% of the attacks.
RIG and Nuclear were also used quite often.
he survey covered 11 countries in North America, Europe, APAC, Middle East and South Asia to evaluate trends in current security practices and analyzing thousands of attempted security attacks and incidents captured in Wipro’s Cyber Defence Centres during 2016.
The study claimed that majority of the security products were themselves vulnerable to exploitation.