Check Point’s Global Threat Index for October 2023 has identified the following cybersecurity threat trends in India.
- Remcos: Remcos is a Remote Access Trojan (RAT) that spreads through malicious email attachments, bypassing security measures to execute malware with elevated privileges.
Remcos poses a significant threat to Indian organizations and individuals due to its ability to infiltrate systems through phishing emails. It accounts for 5.85% of cybersecurity threats in India and 1.89% globally.
- Darkgate: Darkgate is a multifunctional malware combining ransomware, credential theft, RAT, and cryptomining capabilities. It employs various evasion techniques and primarily targets Windows OS.
Darkgate’s diverse range of cyber threats, including ransomware attacks, credential theft, and cryptomining activities, significantly affects India. It contributes to 5.29% of cybersecurity incidents in India and 0.55% globally.
- Formbook: Formbook is an Infostealer targeting Windows OS, known for harvesting credentials, capturing screenshots, logging keystrokes, and executing files. It is sold as Malware as a Service (MaaS) in underground forums.
Formbook’s focus on credential theft and keylogging poses a considerable risk to Indian users, especially those engaged in online transactions. It represents 4.63% of cybersecurity threats in India and 2.47% globally.
- Phorpiex: Phorpiex is a botnet involved in distributing malware through spam campaigns and facilitating large-scale spam and sextortion activities.
Phorpiex’s engagement in spam campaigns directly affects Indian users, leading to an increased number of phishing attempts and malware distribution. It accounts for 3.76% of cybersecurity threats in India and 1.00% globally.
- NJRat: NJRat is a remote access Trojan primarily targeting government agencies and organizations in the Middle East. It infiltrates systems through phishing attacks and drive-by downloads.
NJRat’s specific focus on governmental bodies raises concerns in India. It accounts for 3.54% of cybersecurity incidents in India and 1.92% globally.
- Ryuk: Ryuk ransomware is used by the TrickBot gang in targeted attacks against organizations worldwide. It operates human-operated, employing various tools for lateral movement.
Ryuk’s targeted attacks impact Indian organizations, causing financial losses and disruptions. It represents 2.88% of cybersecurity threats in India and 0.60% globally.
- Ramnit: Ramnit is a modular banking Trojan stealing web session information and account credentials from victims. It contacts C&C servers for additional modules.
Ramnit’s banking Trojan capabilities pose risks to Indian financial institutions and individuals. It accounts for 2.80% of cybersecurity incidents in India and 0.80% globally.
- Glupteba: Glupteba is a backdoor evolving into a botnet, employing browser stealing capabilities and a router exploiter.
Glupteba’s botnet activities raise concerns in India. It accounts for 2.66% of cybersecurity threats in India and 0.72% globally.
- Mirai: Mirai is an IoT malware turning vulnerable devices into bots for large-scale DDoS attacks.
Mirai’s attacks on IoT devices affect India’s network infrastructure. It accounts for 2.53% of cybersecurity incidents in India and 1.08% globally.
- Emotet: Emotet is an advanced, modular Trojan used for malicious campaigns and malware distribution via phishing emails.
Emotet’s self-propagating abilities and evasion techniques pose risks to Indian users. It accounts for 2.53% of cybersecurity threats in India and 1.48% globally.
These malware threats collectively contribute to the cybersecurity challenges faced by India and the global community, emphasizing the need for robust security measures, awareness campaigns, and proactive defense strategies to safeguard against evolving cyber threats.