Cyberattacks and frauds: India tops the list of most targeted nation for mobile malware attacks, ahead of US, Canada

India has overtaken the United States and Canada as the most targeted nation for mobile malware attacks, a report by the Zscaler ThreatLabz 2024 stated. Cloud security firm Zscaler Inc analysed 20 billion mobile threat transactions from June 2023 to May 2024 to arrive at this conclusion.

According to the report, India now makes up 28% of global mobile malware attacks, surpassing the US (27.3%) and Canada (15.9%). This significant increase in attacks highlights the urgent need for Indian organisations to enhance their cybersecurity defence amid the rapid digitalization and escalating cyber threats landscape. 

India has observed a significant rise in advanced phishing campaigns, specifically targeting mobile users of three of the top five private banks. Cybercriminals are utilizing authentic-looking fake banking websites to deceive users into disclosing sensitive information like login credentials and banking details. Despite its vulnerabilities, India has decreased its role as a malware origin point, moving from fifth place to seventh in the APAC region.

In contrast, countries such as Singapore, China, and South Korea have been identified as primary sources of outbound threats. The report also highlights global trends in cyberattacks, revealing that more than 200 malicious apps were discovered on the Google Play Store, with a combined installation base exceeding eight million.

The report also noted a 45% year-on-year rise in malware activities associated with Internet of Things (IoT) devices, mainly accelerated by botnets, which are networks of compromised devices commonly utilised in extensive cyber attacks.

RBI on deepfake vidoes

Last month, the Reserve Bank of India expressed concerns regarding the circulation of deceptive "deepfake" videos of the governor on social media platforms, falsely claiming the endorsement or launch of certain investment schemes by the central bank. The bank issued a warning to the public, advising against interacting with or being misled by such fabricated deepfake videos disseminated on social media.

Earlier this year, the National Stock Exchange (NSE) also issued a similar advisory, cautioning investors against falling for fraudulent or AI-generated deepfake videos depicting their MD and CEO, Ashishkumar Chauhan, allegedly recommending specific stocks.

There have been numerous instances where fabricated videos featuring prominent business leaders circulating on social media, providing false recommendations on stock purchases and business strategies. It is important for individuals to exercise caution and discernment when encountering such misleading videos, as they are often created using Artificial Intelligence technology.

What can be done?

"With a 51% surge in ransomware attacks in last year alone, cybersecurity in India has become a critical battleground demanding defense strategies. As the country is projected to witness nearly 1 trillion cyberattacks every year by 2033, staying ahead of these threats is necessary. To combat this, one should be cautious with email and messages. Don't open attachments or click links in emails from unknown sources. Learn to recognize phishing attempts – look for poor grammar, urgent language, or requests for sensitive information. Regularly backup important data to an external hard drive or a secure cloud service. This protects against data loss from malware or hardware failure. Look for 'https' in the URL when visiting websites, especially for sensitive transactions. Consider using privacy-focused browsers or adding security extensions to your current browser," said Harsha Solanki, VP GM Asia, Infobip.

"While securing yourself online can seem complex, there are many straightforward steps individuals and businesses can take to significantly improve their online safety. Partnering with specialized technology providers, establishing secure AI model development and deployment, prioritizing data security and privacy, and enhancing security awareness through training are all crucial measures of strong cyber security. Whenever possible, enable two-factor authentication (2FA) on your accounts. This adds an extra layer of security beyond just a password. Use authenticator apps rather than SMS for 2FA when available, as they are more secure. Regularly update your operating system, browsers, and applications. Enable automatic updates where possible, as these updates often include security patches for newly discovered vulnerabilities," said Aninesh Jha, VP of Fraud and Risk Management, Wibmo.