India third-most vulnerable to cyber threats behind US, China.

India is the third-most vulnerable country in terms of cyber threat risks including malware, spam, ransomware and one of the most recent and difficult-to-detect ones - cryptominers, according to a report.

About 5.09% global threats were detected in India in 2017 as compared to 5.11% in 2016, according to ‘Internet Security Threat Report’ released on Wednesday by Symantec. The US was was most vulnerable to attacks at 26.61% followed by China at 10.95%.

These rankings are based on eight parameters – malware, spam, phishing, bots, network attacks, web attacks, ransomware and cryptominers.

India continues to be second-most impacted by spam and bots and third-most impacted by network attacks and fourth-most impacted by ransomware. With the threat landscape becoming more diverse, attackers are working harder to discover new avenues of attack and cover their tracks, according to the report.

“From the sudden spread of WannaCry and Petya/NotPetya, to the swift growth in coinminers, 2017 provided us with another reminder that digital security threats can come from new and unexpected sources,” the report said.

Cryptojacking has captured the top slot at the attacker toolkit, which signals a massive threat to cyber and personal security. Cryptojacking is defined as the secret use of a computing device to mine cryptocurrency.

The detection of coinminers on end-point computers has increased by a whopping 8,500% in 2017.

In terms of cryptomining activities, India has ranked second in Asia-Pacific and Japan region (APJ), and ninth globally.

“Cryptojacking is a rising threat to cyber and personal security. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers,” Tarun Kaura, director, enterprise security product management, APJ at Symantec said.

During the past year, rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. India has ranked second in APJ region, ninth globally in terms of crypto mining activities.

With a low barrier of entry, requiring only a couple lines of code to operate, cyber criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency, the report says.

Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprise organisations, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost, it said.

IoT devices continue to be ripe targets for exploitation and there was a 600% increase in overall IoT attacks in 2017. Macs are not immune either, with Symantec detecting an 80% increase in coin mining attacks against Mac OS. India has been ranked among the top five countries as a source for IoT attacks.

“Now you could be fighting for resources on your phone, computer or Internet of Things (IoT) device as attackers use them for profit. People need to expand their defenses or they will pay the price for someone else using their device,” Kaura added.

There is also a 200% increase in attackers injecting malware implants into the software supply chain in 2017. Threats in the mobile space continue to grow year-over-year, including the number of new mobile malware variants rising 54%.

Symantec blocked an average of 24,000 malicious mobile applications each day last year. India also featured among the top-10 list of countries where mobile malware was most frequently blocked in 2017.