India had the third highest rate of Stuxnet infections, after Iran and Indonesia. Stuxnet, which employs groundbreaking technology, targeted sensitive information by exploiting a zero-day vulnerability in order to infect machines through removable drives.
The high infection statistics of Stuxnet in India can be attributed to the large number of computer users in the country relying on removable media for copying data. During the reporting period, Symantec observed that the majority of malware samples in India were spread through removable drives.
Indicative of the state of enterprise security in India the presence of older malware like DownadupB in the country is widespread, pointing to the lack of basic security software and lax signature updates in Indian enterprises.
A new report by internet security firm Symantec Corp, Internet Security Threat Report, volume 16 (ISTR XVI) highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers' infection tactics. It also sheds new light on how attackers are exhibiting a notable shift in focus toward mobile devices.
In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims' networks.
Due to their targeted nature, many of these attacks succeeded even when victim organisations had basic security measures in place. Moreover, 2010 witnessed the emergence of over 286 million new threats last year, accompanied by several new megatrends in the threat landscape.