SonicWall, the trusted security partner protecting more than a million business networks worldwide, have announced findings from its Annual Threat Report, which highlights the most notable advancements made by security professionals and cyber criminals in 2016. The report was compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense [GRID] Threat Network with daily feeds from more than 1 million security sensors in nearly 200 countries and territories.

According to the 2017 SonicWall Annual Threat Report, 2016 could be considered a highly successful year from the perspective of both security professionals and cyber criminals. Unlike in years past, SonicWall saw the volume of unique malware samples collected fall to 60 million compared with 64 million in 2015, a 6.25 percent decrease. Total malware attack attempts dropped for the first time in years to 7.87 billion from 8.19 billion in 2015. However, cyber criminals garnered quick payoffs from ransomware, fueled partly by the rise in ransomware-as-a-service [RaaS].

Bill Conner, president and CEO of SonicWall said

It would be inaccurate to say the threat landscape either diminished or expanded in 2016-rather, it appears to have evolved and shifted. Cyber-security is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.

Security Industry Advances

Point-of-sale malware attacks declined by 93 percent from 2014 to 2016

High-profile retail breaches in 2014 led to companies adopting more proactive security measures. Since then, the industry has seen the implementation of chip-based POS systems, usage of the Payment Card Industry Data Security Standard [PCI-DDS] checklist and other ongoing security measures.

  • Back in 2014, the SonicWall GRID Threat Network observed a 333 percent increase in the number of new POS malware countermeasures developed and deployed compared with the year prior.
  • The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent year-over-year and 93 percent since 2014. This implies that cyber criminals are becoming less interested in devoting time to POS malware innovation.

Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted traffic grew by 38 percent, partly in response to growing cloud application adoption

The trend toward SSL/TLS encryption has been on the rise for several years. As web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016 according to the SonicWall GRID Threat Network.

  • The majority of web sessions that the SonicWall GRID Threat Network detected throughout the year were SSL/TLS-encrypted, comprising 62 percent of web traffic.
  • One reason for the increase in SSL/TLS encryption is the growing enterprise appetite for cloud applications. The SonicWall GRID Threat Network has seen cloud application total usage grow from 88 trillion in 2014 and 118 trillion in 2015 to 126 trillion in 2016.

While this trend toward SSL/TLS encryption is overall a positive one, it also merits a word of caution. SSL/TLS encryption makes it more difficult for cyber thieves to intercept payment information from consumers, but it also provides an uninspected and trusted backdoor into the network that cyber criminals can exploit to sneak in malware. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection [DPI] in order to detect malware hidden inside of SSL/TLS-encrypted web sessions.

Dominant exploit kits Angler, Nuclear and Neutrino disappeared in mid-2016

As 2016 began, the malware market was dominated by a handful of exploit kits, particularly Angler, Nuclear and Neutrino. Following the arrest of more than 50 Russian hackers for leveraging the Lurk Trojan to commit bank fraud, the SonicWall GRID Threat Network saw the Angler exploit kit suddenly stop appearing, leading many to believe Angler’s creators were among those arrested. For a while following Angler’s disappearance, Nuclear and Neutrino saw a surge in usage, before quickly fading out as well.

  • The SonicWall GRID Threat Network noticed the remaining exploit kits began to fragment into multiple, smaller versions to fill this void. By the third quarter of 2016, Rig had evolved into three versions leveraging different URL patterns, landing page encryption and payload delivery encryption.
  • As with spam and other distribution methods in 2016, SonicWall saw exploit kits become part of the ransomware delivery machine, making variants of Cerber, Locky, CrypMIC, BandarChor, TeslaCrypt and others their primary payloads throughout the year. However, exploit kits never recovered from the massive blow they received early in the year with the takedown of their dominant families.

Cyber Criminal Advances

Ransomware usage grew by 167x YOY and was the payload of choice for malicious email campaigns and exploit kits

The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to an astounding 638 million in 2016. The rise of RaaS made ransomware significantly easier to obtain and deploy. The unprecedented growth of the malware was likely driven as well by easier access in the underground market, the low cost of conducting a ransomware attack, the ease of distributing it and the low risk of being caught or punished.

  • Ransomware remained on an upward climb throughout the year, beginning in March 2016 when ransomware attack attempts shot up from 282,000 to 30 million over the course of the month, and continuing through the fourth quarter, which closed at 266.5 million ransomware attack attempts for the quarter.
  • The most popular payload for malicious email campaigns in 2016 was ransomware, typically Locky, which was deployed in about 90 percent of Nemucod attacks and more than 500 million total attacks throughout the year.
  • No industry was spared from ransomware attack attempts. Industry verticals were targeted almost equally, with the mechanical and industrial engineering industry reaping 15 percent of average ransomware hits, followed by a tie between pharmaceuticals (13 percent) and financial services (13 percent), and real estate (12 percent) in third place.

Internet of Things devices were compromised on a massive scale due to poorly designed security features, opening the door for distributed denial-of-service attacks

With their integration into the core components of our businesses and lives, IoT devices provided an enticing attack vector for cyber criminals in 2016. Gaps in IoT security enabled cyber thieves to launch the largest distributed denial-of-service [DDoS] attacks in history in 2016, leveraging hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.

  • The SonicWall GRID Threat Network observed vulnerabilities on all categories of IoT devices, including smart cameras, smart wearables, smart homes, smart vehicles, smart entertainment, and smart terminals.
  • During the height of the Mirai surge in November 2016, the SonicWall GRID Threat Network observed that the United States was by far the most targeted, with 70 percent of DDoS attacks directed towards the region, followed by Brazil [14 percent] and India [10 percent]

Android devices saw increased security protections but remained vulnerable to overlay attacks

Google worked hard in 2016 to patch the vulnerabilities and exploits that cyber criminals have used against Android in the past, but attackers used novel techniques to beat these security improvements.

  • The SonicWall GRID Threat Network observed cyber criminals leveraging screen overlays to mimic legitimate app screens and trick users into entering login info and other data. When Android responded with new security features to combat overlays, SonicWall observed attackers circumventing these measures by coaxing users into providing permissions that allowed overlays to still be used.
  • Compromised adult-centric apps declined on Google Play but cyber-criminals continued to find victims on third-party app stores. Ransomware was a common payload as were self-installing apps. The SonicWall GRID Threat Network observed more than 4,000 distinct apps with self-installing payloads in a matter of two weeks.

Summary

  • The volume of unique malware samples declined to 60 million, a 6.25 percent decrease.
  • Point-of-sale malware creation declined by 93 percent since 2014.
  • Secure Sockets Layer/Transport Layer Security encrypted traffic increased by 38 percent year-over-year.
  • Cyber criminals shifted their focus to new threats, including ransomware attacks which grew by 167x year-over-year.
  • Internet of Things devices created a new attack vector, opening the door for large scale distributed denial-of-service attacks.

This 2017 SonicWall Annual Threat Report also identified best practices and security predictions for 2017, which are discussed in detail in the report.

To learn more, please visit

CashKaro.com, India’s largest Cashback and Coupons site today announced the results of its 2017 Valentine’s Day Survey-LOVEconomics. The national survey, which was conducted online and fielded more than 1,000 adults, revealed that 91% of the respondents preferred to shop online than offline for gifts.

The survey asked men and women about their Valentine’s Day gifting plans and revealed their spending behavior.

While it may be established in most minds that men ‘have’ to spend more on Valentine’s Day, CashKaro survey just threw all such assumptions right out the window. The main focus of the survey was to find out the spending behavior of men and woman on this love-filled occasion and it turns out both the expectations and reality of spending are quite in sync. When they asked respondents how much they would spend on their beloved this year, a majority of both men and women [56% & 53%] mentioned that they would spend anywhere between Rs 1000 – Rs 5000. Only 7% men and 8% women would shell over the Rs 10,000 mark.

To make things interesting, they asked them how much they expect their partners to spend on them and it turned out that both men and women [50% and 46%] expected their partners to spend approximately the same amount – Rs 1,000 ~ Rs 5,000 that they would spend on them. Only 5 % men and 10% women expected their love to spend over 10,000 on them.

Amazon.in, Flipkart and Ferns & Petals seems to have taken the cake when it comes to shopping online for gifts. It was closely followed by sites like Myntra, Shopclues and Nearbuy.

On the survey Swati Bhargava, Co-Founder, CashKaro.com said

The survey shows that this Valentine’s Day is all about love, and the youth want to find the perfect gift for their significant other. The survey shines the light on the ideas, behavior and gifting patterns that are expected this Valentine’s Day. The survey is also an indication that online is the most preferred channel to buy gifts or book reservations. Attractive deals and cashback offers do impact the buying behavior. From now through Valentine’s Day, we at CashKaro are also offering Extra Cashback/Rewards on Valentine’s Day gifting across partner retailers including Amazon.in, Flipkart, Tata Cliq etc.

The survey also revealed that 91% of the respondents would shop online for gifts to save time and money. To make things, even more, budget friendly, 89% of them would look for deals, coupons, and cashback when they buy gifts or book reservations at a restaurant.

It looks like both men and women are pretty much on the same page while choosing gifts for their partner. 23% men and 28% women would shop for clothing & accessories for their valentine.  Men [20%] and women [26%] both admit that a date night out for dinner at a nice restaurant is the gift they’d most like to receive. Chocolates & cakes and Jewellery were among the other preferred gifting choices.

CashKaro Valentine’s Day survey

The respondents were majorly between 18 ~ 30 years of age with 70% male participation. This mostly included residents of Delhi-NCR, Mumbai, Bangalore, and Hyderabad.

It seems like there will be no lover’s squabbles this Valentine’s Day. According to this survey, everyone’s getting what they want.

 

While in the last two months, households across India have had to take some tough decisions. The cash problem is directing consumers to online stores where they can pay with cards or mobile wallets and buy grocery.

The days of heading to the supermarket are over as people now trade trolleys for home delivery services. New research from CashKaro, India’s Largest Cashback & Coupons site, takes a closer look at the cultural shifts in the way millennials stock their kitchen cupboards after demonetization.

Key Findings

  • BigBasket, Grofers, Godrej Nature’s Basket, ZopNow and Grocermax are the most preferred grocery sites
  • More than 50% of the respondents have started buying grocery/daily items online after demonetization
  • 44% would like to avail a subscription service for grocery, owing to their busy schedule
  • 79% have grocery applications installed in their mobile phones out of which 33% use more than one App

The online grocery industry seems to be an unintended beneficiary of the move as the customer cannot postpone essential purchases for their home. The survey indicated that more than 50% of the respondents have started buying grocery/daily items online after demonetization & a quarter would like to start soon. BigBasket, Grofers, Godrej Nature’s Basket, ZopNow and Grocermax are voted amongst top hyper-local sites. BigBasket ranks top in overall service [37%], Grofers leads in packaging [34%], Grocermax has the best prices [32%], ZopNow in delivery convenience [34%] & Godrej Nature’s Basket for fresh products [38%].

The main reason consumers cite for shopping grocery/daily items online is that it allows Cash-free transactions [31%] and offers better deals & discounts [25%]. This is followed by the fact that online shopping gives consumers more convenience than visiting stores [24%] as well as offers the luxury of delivery time slots as per own availability [10%].

Added innovations such as subscription-based service may have a significant impact on the growth in online grocery shopping, as 44% of respondents said they would like to avail this service considering their busy schedule. 79% of total respondents said they have grocery applications installed in their mobile phones out of which 33% have more than one App. However, 15% of these App buyers said they still like to order via Desktop.

On the survey Swati Bhargava, Co-Founder, CashKaro.com said

It’s very interesting to notice this changing consumer behavior towards shopping grocery. The shift from superstores/local vendors to online shopping channels is certainly visible as a lot of users have started to shop for daily items online after demonetization. The survey is also an indication that while the changing lifestyle coupled with long working hours has shifted grocery purchasing trend from offline to online format, attractive offers by grocery players are also wooing the consumers to opt for online purchases. We at CashKaro also have seen a 2X growth in the number of transactions on these sites post November 8 last year.

While the survey indicates a rise in willingness to shop grocery online, not all consumers are ditching the trip to the offline shops. 31% still feel concerned about the quality of online products, 26% are not sure about the return policy whereas 20% prefer to inspect products themselves before buying.

The survey also revealed that almost 61% respondents shop for groceries weekly and a majority of them spend between Rs 500 – 2,000 per month. The survey was conducted at a pan-India level with 53% male and 47% female participants. A majority of the participants were over 35 years of age and were employed.

CashKaro, India’s largest Cashback & Coupons site did a survey titled E-Shopping Revelations 2016 to understand the ever evolving preferences and behaviour of online shoppers. The survey was conducted at a pan-India level and registered more than thousand respondents.

On the survey Swati Bhargava, Co-founder CashKaro.com commented

As one of the largest affiliate sites in India, we are in a unique position to talk about the e-commerce ecosystem and what drives consumers to shop online more. CashKaro survey is a reflection of how buying habits of the Indian online shopper are changing and increasing importance of softer aspects like fast delivery, prompt customer service, discounts and cashbacks. 2016 was an eventful year for Indian e-commerce. The advent of subscription based services like Amazon Prime, Flipkart First, Snapdeal Gold etc. helped in enhancing shopping experience while Cashback offers became mainstream. Post demonetization, we saw a great increase in the use of payment wallets and also witnessed an increased number of users using Cashback sites like CashKaro to save on their daily transactions.

Key findings

  • Amazon.in is the most preferred site when it comes to Quickest & Hassle-Free Deliveries
  • Flipkart ranked the best for Customer Care Service
  • Paytm rules as the best payment wallet followed by Freecharge
  • 55% respondents feel Subscription based services like Amazon Prime, Flipkart First, Snapdeal Gold etc. enhance online shopping experience
  • Shopping for daily items/groceries online has gained momentum

 

For more information, please visit CashKaro on E-Shopping Revelations’ 2016

The term Demonetization has become a household name since the Government pulled the old Rs 500 and Rs 1,000 notes out of circulation. While the unprecedented action by the Prime Minister Narendra Modi comes with both short-term and long-term implications for the e-commerce industry, but has there been an impact on the consumers and their shopping behaviour.

CashKaro-India’s largest Cashback & Coupons site did a Survey recently to understand the Effects of Demonetization on Online Shopping. Over 1000 people across India participated in the survey.

Major findings from the CashKaro survey

The survey stated that Online shopping has seen a surge; Paytm wallet & CoD payments via bank cards are most preferred amongst shoppers.

Demonetization has given a boost to digital payments and is encouraging people to shop online more. While as a business CashKaro’s transactions fell 20% post the announcement but now things are stabilizing.

The announcement has bought a lot of value consciousness amongst shoppers and as a result, users are looking for more Cashback deals on basic items like groceries, consumables etc.

CashKaro is seeing an increase in the number of people clicking through our site and going to their partner retailers to purchase such daily essentials. Retailers too are offering incentives to promote the ‘Go Cashless’ movement.

Looking ahead, with increased adoption of cashless payment methods CashKaro will be able to drive more sales to partner e-tailers including Amazon, Flipkart, Snapdeal and more.

Infographic Source – CashKaro

For more detailed information and statistics, please refer CashKaro’s Blog on demonetization effects on Online Shopping

Contrary to popular belief, the genesis of technology focused startups and entrepreneurship India is longer than one thinks. The story perhaps begins in the mid-70s when companies like HCL and Patni Computers were founded. The 80’s saw another group of individuals leave their jobs to start a company that grew into the giant Infosys is today. Today the Unicorns are carrying forward that legacy.

The complete story of India’s entrepreneurial journey was never really told until recently, when Microsoft Accelerator pieced together the narrative in an e-book titled History of the Indian Startup Ecosystem. This e-book contains over 150 defining moments which shaped the thriving ecosystem that we see today.

Indian Startup Infographic
Indian Startup Infographic [Click to Zoom]
Four distinct phases of growth and maturity that have been traversed so far*

  1. Software Services and Global Delivery Model
  2. The Dotcom era
  3. Rise of Product startups
  4. Growth of startup ecosystem

Chronicling the history of the ecosystem was an 18-month long exercise which involved interviewing the industry veterans like Sharad Sharma, Ravi Gururaj and Bharat Goenka and perusing hundreds of documents, research papers and newspaper articles. As the story took shape, four distinct phases of growth and maturity came to light: The Software Services and Global Delivery Model | The Dotcom era | The Rise of Product startups and The Growth of startup ecosystem.

To know more about untold story and to download the ebook, visit https://aka.ms/indiastartups

[Source* – Microsoft Accelerator Blog]

Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released by Gemalto, the world leader in digital security.

Key Findings

  • One-third of organizations have experienced a data breach in past 12 months
  • 69% of IT professionals are not confident their data would be secure if perimeter defenses were breached
  • 66% of IT professionals say unauthorized users can access their networks and 16% believe unauthorized users have access to their entire networks

Of the 1,100 IT decision makers surveyed worldwide, 61% said their perimeter security systems [firewall, IDPS, AV, content filtering, anomaly detection, etc.] were very effective at keeping unauthorized users out of their network. However, 69% said they are not confident their organization’s data would be secure if their perimeter security was breached. This is up from 66% in 2015 and 59% in 2014. Furthermore, 66% believe unauthorized users can access their network and nearly two in five [16%] said unauthorized users could access their entire network.

Gemalto_Data Security Confidence Index_Infographic_2016
Please click to enlarge

Jason Hart, Vice President & Chief Technology Officer for Data Protection at Gemalto said

This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security. The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mind set from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.

Perimeter security is a focus, but not a panacea for data breaches

According to the research findings, 78% of IT decision makers said they had adjusted their strategies as a result of high profile data breaches, up from 71% in 2015 and up 53% in 2014. 86% said they had increased spending on perimeter security and 85% believe that their current investments are going to the right security technologies.

Despite the increased focus on perimeter security, the findings show the reality many organizations face when it comes to preventing data breaches. 64% of those surveyed said their organizations experienced a breach at some time over the past five years. More than a quarter [27%] said they experienced a breach in the past 12 months, with a similar number of IT decision makers [30%] reporting the same frequency in 2015. This suggests that organizations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.

Jason Hart, Vice President & Chief Technology Officer for Data Protection at Gemalto concluded saying

While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organization and, most importantly, the data.

To download the entire report & get India specific data, click here

About the Survey

Independent technology market research specialist Vanson Bourne surveyed 1,100 IT decision makers across the US, UK, France, Germany, Russia, India, Japan, Australia, Brazil, Benelux and the Middle East on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, organizations with 250 to more than 5,000 employees. For more information, please visit Gemalto

VMware,Inc have announced the findings of a study on corporate data security practices conducted by The Economist Intelligence Unit, which VMware sponsored globally. The research highlights growing cyber-security vulnerabilities in India, with nearly 8 in 10 IT and C-suite business leaders experiencing increased cyber-attacks on their firms in 2015.

Indian businesses are under increasing risk from serious cyber-attacks, with a third [33 percent] of the respondents expecting to be targeted within 90 days – a number higher than the Asia-Pacific region. These findings suggest that many leaders in India are concerned about growing instances of cyber-attacks and their lack of preparedness as they explore new IT innovations to advance their business. This reinforces the need for a new approach to security.

Conducted by The Economist Intelligence Unit in the first quarter of 2016, the survey’s primary objective was to analyze the differences, if any, between the C-suite and senior IT executives on data security.

A key finding from the study is the opposing view of the perceived importance of cyber-security as a high-priority initiative in India. IT leaders [32 per cent] in India regard cyber-security as their number one corporate priority, while only 8 percent of C-suite business leaders share a similar point of view. Similarly, while 36 percent of IT leaders believe security budgets will significantly increase in the next two years, only 21 percent of C-suite business leaders foresee likewise.

Arun Parameswaran, Managing Director, VMware India said

Forward-thinking organizations understand that the reactive security approach of today is no longer doing its job. They also acknowledge that people and systems can be easily bypassed or blindsided if the business lacks a ubiquitous IT architectural plan that cuts across all levels of compute, network, storage, clouds and devices. By taking a software-defined approach to IT, security is ‘architected’ into everything, empowering organizations to gain the flexibility required to succeed as a digital business.

Critical risks identified by both groups were ‘unknown cyber threats that move faster than their defenses’, ‘resources and data that may unknowingly reside in the cloud’, ’employees who are careless or untrained in cyber-security’ and ‘illegitimate users and devices accessing corporate networks’. Leaders in India are more concerned about the ‘theft of customer data’ than their regional counterparts, with four in 10 [31.8 percent] believing that this could cause the greatest harm to their businesses.

As cyber threats grow in sophistication, any gaps in security resulting from a ‘disconnect’ between C-suite and IT leaders can lead to the loss of intellectual property, competitive positioning and customer data. IT leaders must therefore become more conversant with business risks and objectives. By having deeper conversations and translating cyber risks into business terms, IT leaders can justify requests for more investment in security. The C-suite can then better understand the business implications associated with evolving threats and make informed decisions around strategy and budgets.

VMware NSX : The Platform for Network Virtualization

A layer in between physical infrastructure and applications will be necessary for businesses to detect and respond to cyber-attackers taking advantage of new gaps or exposed frontiers. Virtualization has become the most ubiquitous infrastructure layer covering compute, network, storage, clouds and devices.

Network virtualization through VMware NSX delivers a completely new operational model for networking that forms the foundation of the software-defined data center. NSX builds networks in software, allowing data center operators to achieve levels of agility, security and cost savings that were previously not possible through physical networks.

Arun Parameswaran, Managing Director, VMware India added

What’s needed is an organizing framework, a true architecture that all the leading players can align to so that security can be architected in. By changing the dynamics of how we deliver trusted services over vulnerable infrastructure, the IT security industry has an opportunity to chart a new path forward.

The full EIU research paper is available here

About the Research

In January to February 2016, Economist Intelligence Unit, sponsored by VMware,Inc, surveyed 1,100 senior executives recruited from companies between $500 million and $5 billion in revenues, on data security practices within their firms. The survey’s primary objective was to analyze the differences, if any, between the C-suite and senior IT executives on data security. The full EIU research paper is available here.