New Delhi, 3 Dec

In a startling revelation, India now tops the list for mobile malware attacks globally, surpassing the United States and Canada, with a disappointing step-up from its previous third-place ranking, according to a report.

The Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report analysed a dataset comprising over 20 billion threat-related mobile transactions and associated cyber threats, between June 2023 to May 2024.

"India has become the top global target for mobile malware attacks, accounting for 28 per cent of the total, surpassing the United States (27.3 per cent) and Canada (15.9 per cent). This significant jump from its 3rd place ranking last year underscores the critical need for Indian enterprises to adopt robust security measures, especially amid the rapid digital transformation and increasing cyber threats," the report said.

With nearly half of mobile attacks being trojans (malware that tricks users into downloading and running malicious software), the financial sector is particularly vulnerable. The report revealed a 29 per cent increase in banking malware attacks and a staggering 111 per cent rise in mobile spyware attacks.

"Most financially motivated malware attacks are highly capable of bypassing Multifactor Authentication (MFA) and frequently leverage phishing vectors, such as fake login pages for different financial institutions, social media sites, and crypto wallets," it said.

Phishing attempts targeting mobile customers of major Indian banks, such as HDFC, ICICI, and Axis banks, have increased, according to ThreatLabz analysts. These clever attacks deceive mobile users into disclosing critical bank information by using phoney banking websites that closely mimic the real ones, it said.

Previously, similar tactics were used to spread Android-based phishing malware through fake card update sites, leading to widespread financial fraud.

The Indian postal service has also become a target for attackers. Using SMS messages, they direct mobile users to phishing sites that prompt them to input credit card details. These fraudulent schemes often exploit common scenarios like missing packages and incomplete delivery addresses, capitalising on the urgency created by such messages, the report noted.

"Legacy systems and unprotected IoT/ OT (Internet of Things/Operational Technology) environments are becoming prime targets for cybercriminals. We see a significant rise in hacking campaigns targeted at these environments.

"It is necessary for Indian enterprises to adopt a robust zero-trust security framework to secure their core operational environments. This will not only protect critical systems but also ensure business continuity in an increasingly connected world," said Suvabrata Sinha, CISO-India, Zscaler.

The report also indicated a concerning global trend, with over 200 malicious applications discovered on the Google Play Store and a 45 per cent year-over-year increase in IoT malware transactions, underscoring the pervasive nature of cyber threats today.

On a positive note, India has improved its ranking as a malware origin point, moving from 5th to 7th place in the APAC (Asia–Pacific) region.