High Time For India To Adopt New Cyber Security Strategies
• What are your thoughts on the current state of cyber threat landscape in India brimming with ransomware, spyware, and crypto miners?In general, India’s users are targeted more severely by cyber-attacks, than the global average. Earlier this year, we published our Avast Risk Report 2019, which showed that monthly, about 25.7% of Indian PC users are at risk of being targeted by a cyber-attack, while globally, there is only a risk of 20.1%, and in the U.S. a risk of only 13.8% of the PC user base.
On PCs, ransomware is still a major threat. Malware authors continue to develop new, sophisticated variants supported by standard marketing and social engineering techniques to infect as many devices as possible. Besides ransomware, spyware, sitting silently on the user’s PC while collecting personal data, banking information or online activities, and cryptomining malware, also belong to the most prevalent threats these days. In August, we announced that we detected Clipsa, a multi-functional password stealer that brute-forces and steals admin credentials from unsecured WordPress websites, steals cryptocurrencies, and mines cryptocurrencies on infected machines. The campaign was most prevalent in India, where we blocked more than 43,000 infection attempts, protecting more than 28,000 users in India from this malware.
However, as India is a mobile first country, users should also beware of threats targeting their smartphone. There are different types of infections targeting smartphones, including, for example, adware, spyware, ransomware, downloaders and cryptomining malware. One of the most spread threats or unwanted programs on smartphones is adware. You will realize that you have adware on your phone if ads appear out of nowhere when you’re not even using an app, or sometimes adware also appears inside of apps, and oftentimes are so aggressive that it will make it impossible for you to use the app in a proper way. Another indication could be requests for the installation of unknown applications, or applications that you haven’t downloaded before.
• What are the potential benefits of AI-based threat-detection when compared with signature-based threat detection? Also, what other detection methods do you suggest to companies today?
Signature-based threat detections were the basis for antivirus engines in the early years of antivirus software, and still are one of the tools used by the industry today, however the mass of cyberattacks every day and every minute have
basically forced security companies to move on to automated systems.
Artificial intelligence (AI) has the potential to completely remodel the way that cybercrime is fought, thanks to its ability to detect threats in real-time and accurately predict emerging threats as attacks evolve. Security researchers use it to learn from databases of known threats so that malware files classified in the past can be used to model attack behaviours to better protect against new and unknown threats. This is a task that would require monumental resource for humans to perform.
But it does not mean that humans are no longer needed. AI has a major role to play in cybersecurity moving forwards, but it cannot work independently from cybersecurity professionals. For example, machines will always receive the distinction for rapid classification of malware at scale, but humans will win the award for deep malware analysis and precise malware strain identification thanks to our ability to see issues in a wider context. The man-machine collaboration is what creates a more secure and efficient system. And this is Avast’s approach to AI integration - one we consider really important as malware variants grow in volume and sophistication. If AI can be responsible for detecting and blocking malware en masse, researchers can allocate more time to the study of more complex and evasive threats which can then be fed into the AI machine.
• Brief us about the current cyber security industry in India, as well as the trends that can greatly impact and revolutionize its present state.
Analytics India Mag reported that the Indian cybersecurity industry is at $4.4 billion a year, and that predictions say the industry will grow to $35 billion by 2025. With the spread of artificial intelligence, the rise of the Internet of Things, and the advent of 5G, new solutions are required to protect these technologies. 5G-enabled IoT devices will change the way we look at perimeter protection, because the devices will be connected through a carrier network rather than home Wi-Fi. Cooperations with telecommunications carriers will play a vital role in protecting the 5G IoT. There are also ways for cybercriminals to abuse AI to create threats, for example deepfakes - fake voice or video content generated through AI algorithms. Also, with 5G, novel VR and AR applications will enter the market, and they will create new attack vectors, and requirements for the security industry to protect them. We need research in these fields to create protection mechanisms for emerging threats, and this might be an interesting field for the industry in India, as well.
• How can companies effectively stay abreast of the various cyber threats, android malware, mobile banking Trojans, adware and fake apps? What suggestions do you have for them?
First and foremost, people should use an antivirus solution on their PC, Mac and Android phone that can detect and block threats for them. They also should make sure the software and apps they use is up-to-date and apply patches when offered by the vendor. Attackers often exploit vulnerabilities, which can be found in outdated software and by exploiting outdated software they can infect your device with malware. People should also avoid clicking on links and attachments that are included in emails. It's always safer to enter URLs directly into your browser and to look out for the green HTTPS padlock next to the website's address in your browser's address bar. If you are on a check out page and you don’t see the HTTPS padlock, do not enter your personal data and financial information.
For Android users, it is also recommendable to check which permissions an app requests, and if the permissions requested are really needed for the app to work properly. We also advise people to take a look at the ratings and comments of other users in the store, as they often reveal if an app may be problematic. In terms of mobile banking trojans, banking trojans create an overlay over your regular banking app, to steal the details you enter. However, the overlay may look different than the real app, so always pay attention to the look of your banking app and first contact the bank if the design looks different.
Artificial intelligence (AI) has the potential to completely remodel the way that cybercrime is fought, thanks to its ability to detect threats in real-time and accurately predict emerging threats as attacks evolve. Security researchers use it to learn from databases of known threats so that malware files classified in the past can be used to model attack behaviours to better protect against new and unknown threats. This is a task that would require monumental resource for humans to perform.
But it does not mean that humans are no longer needed. AI has a major role to play in cybersecurity moving forwards, but it cannot work independently from cybersecurity professionals. For example, machines will always receive the distinction for rapid classification of malware at scale, but humans will win the award for deep malware analysis and precise malware strain identification thanks to our ability to see issues in a wider context. The man-machine collaboration is what creates a more secure and efficient system. And this is Avast’s approach to AI integration - one we consider really important as malware variants grow in volume and sophistication. If AI can be responsible for detecting and blocking malware en masse, researchers can allocate more time to the study of more complex and evasive threats which can then be fed into the AI machine.
• Brief us about the current cyber security industry in India, as well as the trends that can greatly impact and revolutionize its present state.
Analytics India Mag reported that the Indian cybersecurity industry is at $4.4 billion a year, and that predictions say the industry will grow to $35 billion by 2025. With the spread of artificial intelligence, the rise of the Internet of Things, and the advent of 5G, new solutions are required to protect these technologies. 5G-enabled IoT devices will change the way we look at perimeter protection, because the devices will be connected through a carrier network rather than home Wi-Fi. Cooperations with telecommunications carriers will play a vital role in protecting the 5G IoT. There are also ways for cybercriminals to abuse AI to create threats, for example deepfakes - fake voice or video content generated through AI algorithms. Also, with 5G, novel VR and AR applications will enter the market, and they will create new attack vectors, and requirements for the security industry to protect them. We need research in these fields to create protection mechanisms for emerging threats, and this might be an interesting field for the industry in India, as well.
• How can companies effectively stay abreast of the various cyber threats, android malware, mobile banking Trojans, adware and fake apps? What suggestions do you have for them?
First and foremost, people should use an antivirus solution on their PC, Mac and Android phone that can detect and block threats for them. They also should make sure the software and apps they use is up-to-date and apply patches when offered by the vendor. Attackers often exploit vulnerabilities, which can be found in outdated software and by exploiting outdated software they can infect your device with malware. People should also avoid clicking on links and attachments that are included in emails. It's always safer to enter URLs directly into your browser and to look out for the green HTTPS padlock next to the website's address in your browser's address bar. If you are on a check out page and you don’t see the HTTPS padlock, do not enter your personal data and financial information.
For Android users, it is also recommendable to check which permissions an app requests, and if the permissions requested are really needed for the app to work properly. We also advise people to take a look at the ratings and comments of other users in the store, as they often reveal if an app may be problematic. In terms of mobile banking trojans, banking trojans create an overlay over your regular banking app, to steal the details you enter. However, the overlay may look different than the real app, so always pay attention to the look of your banking app and first contact the bank if the design looks different.
.jpg "Pixel Web Series: MVPS That Act As Catalyst Of Growth")
