Security Market Segment LS
Thursday, 27 April 2017 15:45

Cyber attackers reveal new levels of ambition Featured


Symantec’s Internet Security Report Volume 22 reveals new levels of ambition and sophistication displayed by cyber attackers.

The 77-page report covers information gained from Symantec’s Global Intelligence Network tracking over 700,000 global adversaries and records events from 98 million attack sensors in more than 157 countries. But it also includes Endpoint Protection, Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources, generating more than nine trillion rows of security data.

For example, its email statistics were gathered from more than two billion emails each day, its website security from over 2.4 billion Web requests each day, and its cloud and apps from Symantec CloudSOC security technology, which in 2016 safeguarded more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails.

Kevin Haley, director, Symantec Security Response, said, “New sophistication and innovation is the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus. Zero-day vulnerabilities and sophisticated malware are now used sparingly, as nation states shift their attention from espionage to straight sabotage. Meanwhile, cybercriminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

A summary reveals:

  • New levels of ambition including a multi-million-dollar bank heist – well planned and executed and aimed at the bank, not its customers.
  • Attempts to disrupt the US electoral process by state-sponsored hackers.
  • The biggest DDoS attacks in history powered by IoT botnets comprising routers and cameras.
  • More emphasis on impact and disruption – making a splash via disk wiping or power outages.
  • Increasing use of simple tools but more widely spread e.g. socially engineered spear-phishing emails driven by machine learning, off-the-shelf tools etc. One in every 131 emails sent was malicious
  • Less zero-day exploits as these become harder to monetise – the patching message is finally working.
  • Ransomware continues to be the biggest threat to consumers and small business. The average ransom demand in 2016 rose to $1077 ($294 a year ago) and 101 new ransomware families were discovered in 2016 (36% increase).
  • Enterprise is using 928 cloud apps, up from 841 earlier in the year. However, most chief information officers think their organisations only use around 30 or 40 cloud apps, meaning the level of risk could be underestimated, leaving them open to attack from newly emergent threats.


Mobile operating systems remained the prime target with a new total of 290 vulnerabilities for iOS and 316 for Android. Interestingly, in 2015 iOS had 463 and Android only 89.

Working malware on iOS is still a relatively rare occurrence. However, in August 2016 it was discovered that three zero-day vulnerabilities on iOS, known as Trident, were being exploited in targeted attacks to inject the Pegasus malware onto victims’ phones. Pegasus is spyware that can access messages, calls, and emails. It can also gather information from apps including Gmail, Facebook, Skype, and WhatsApp. The attack worked by sending a link to the victim through a text message. If the victim clicked on the link then the phone was jailbroken and Pegasus could be injected into it and start it’s spy work.


Web threats were found in 76% of scanned websites, and 9% were critical. Symantec blocked an average of 229,000 websites each day in 2016.


Up from 30 families in 2015 to 101 families and average ransom amounts rose to US$1077 from US$294, in part reflecting bitcoin appreciation.

Email and phishing

About 1 in 131 emails were malware-driven by mass-mailing malware groups, primarily spreading Locky, Dridex, and TeslaCrypt. One of the major distributors of malware is a botnet known as Necurs that was responsible for massive campaigns that spread malware through JavaScript and Office macro attachments. These downloaders subsequently install the final payload, which in 2016 were typically ransomware threats such as Locky.

Business email compromise scams, rather than the mass-mailing phishing campaigns of old, are now favoured by attackers.


Vast armies of bots crawl the net for vulnerable IoT devices – it takes less than two minutes to find a new device and infect it. 

Sabotage and subversion

Symantec noted that several, likely nation-state sponsored groups had emerged from the shadows and engaged in more public, politically subversive activities. The ongoing power outage issues in Ukraine, the US election, and the Olympics have all been claimed to be affected by campaigns designed to steal and leak data to influence public opinion, create an atmosphere of distrust, and possibly influence political outcomes.

Due to these recent successes and, with key elections approaching in a number of countries in 2017, it is likely these kinds of activities will continue. Groups have, meanwhile, continually refined their tactics, with several moving away from customised malware and relying more on legitimate software tools to compromise targeted networks.

Cyber crime as a service

The cyber crime economy is thriving and ransomware toolkits can be purchased for as little as US$10 and mailing lists can be rented by the million records.

Symantec noted several significant disruptions, including several high-profile takedowns, helped put a dent in activity and send out a warning signal.

Read 5422 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News