Security software firm Symantec on Thursday said Indian companies, especially utility and manufacturing firms, might be vulnerable to a new virus spreading through pen drives.
"This new threat, 'W32.Stuxnet', targets sensitive information by attacking an enterprise with global operations. It attempts to access SCADA (supervisory control and data acquisition) systems, which are usually not connected to the Internet," Symantec India Vice-President (Product Operations) Shantanu Ghosh said.
SCADA is a system that collects data from various sensors at a factory or grids and sends this data to a central system, which then manages and controls the data. SCADA systems are commonly used by manufacturing and utility (like electricity) firms.
The virus spreads when an infected USB removable media (pen drive) is inserted into a computer.
"This gives cyber-criminals the potential to attack firms for monetary gains by compromising company information and details such as project files, industrial automation layout design and control files," he said.
As soon as the user opens the infected drive to display the contents, the hidden infected file is installed on the computer. Information can then be accessed by outsiders, bypassing certain security solutions installed, making the data on the system vulnerable to cyber attacks.
According to company estimates, about 40 per cent of the attacks have been on PCs in India.
"India, by far, is the most affected by this threat, with an estimated 40 per cent of the systems effected originating from this region. About 33 per cent of the effected systems were from Indonesia," Ghosh said.
However, he declined to comment on the number of systems impacted or the estimated financial losses.
"As IT infrastructure is expanding, businesses now require a focus on security continuously and respond to internal and external threats, be it through online attacks or through external media like pen drives," he said.