India is emerging as one of the growing unwitting participants in the global threat landscape. As a country, it consistently ends up in top 10 lists of bad actors whether as a source of spam or malicious URLs or as the country with most number of system infections.
TrendLabs’ recent half-year report supports this, citing that “the country is second to the United States as top spam sender (and top source of botnet activity) and one of the top 20 victims of malicious URLs.” Major malware threats have hit the country as well. Two years after it first became a problem, DOWNAD/Conficker infections are still commonplace in the region. STUXNET was also a major problem in India with a significant number of infections present.
Like other developing countries, India’s growth means it is becoming part of the global cybercriminal economy. In 2008, it was reported that India hosted the majority of CAPTCHA-breaking contact centers, among others.
India’s top-level domain (TLD) .IN is also being heavily abused by cybercriminals. While the domain registrars offering .IN domains are quick to act when malicious domains are reported, abuse of the TLD is still a significant problem.
There are several environmental reasons why India is becoming a significant segment in the world of cybercrime. These include:
- Language: English may not be the official language in India but it is considered important for most types of “official” national, political, and commercial communications. The current Internet users in India are also said to prefer consuming their online content in English. Since a large chunk of threats such as spam (now at 83 percent as of Q3) are in English, they are more likely to succumb to these threats than their non-English-speaking Asian neighbors.
- IT infrastructure: There are approximately 160 ISPs in India but the top 6 account for almost 90 percent of all the users. The varying levels of security that the said ISPs are willing to provide their customers may very well be the main factor that causes a certain set of users to be affected by a certain threat and be protected from another. Another reason why the Indian IT environment severely suffers from security issues is piracy. As of 2009, almost two-thirds of all the software in the country was pirated. Pirated software has a twofold effect on security. First of all, cybercriminals frequently use pirated software as bait in their attacks. Second, users of pirated software frequently do not update their applications, leaving themselves open to potential vulnerability exploits.It’s not surprising then that India continues to be plagued by DOWNAD/Conficker. Many systems have not yet been patched to close the security hole that was exploited.
- User behavior: User studies of Indian Internet users indicate that the majority are young men. These users go online primarily to look for jobs and, more recently, to visit business and finance websites. These activities can easily be leveraged in social engineering attacks. How Indian users access the Internet is also relevant. Many users do so from Internet cafes and not by using their own systems. The burden of system maintenance is thus passed on to business owners who may not have the knowledge nor resources to perform this task. Other user behaviors that increase risks are:
- 80 percent of users have clicked banner ads at least once. This makes malvertisements a more enticing ploy for cybercriminals.
- Facebook has surpassed Orkut as the top social media network in India. This means that users are now more exposed to social media threats such as KOOBFACE.
- 72 percent are willing to exchange personal information in return for “something of value.” This means that social engineering ploys may well be more successful since this is the very tactic that users rely on. Given that personal use of office Internet connection is also commonplace, confidential information from organizations are also put at risk.
Taken together, all this information indicates that India is emerging not just economically but in the world of cybercrime as well. Several unique aspects of the region also differentiate the threats in it from other regions.