Security Market Segment LS
Thursday, 27 April 2017 15:45

Cyber attackers reveal new levels of ambition Featured

By

Symantec’s Internet Security Report Volume 22 reveals new levels of ambition and sophistication displayed by cyber attackers.

The 77-page report covers information gained from Symantec’s Global Intelligence Network tracking over 700,000 global adversaries and records events from 98 million attack sensors in more than 157 countries. But it also includes Endpoint Protection, Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources, generating more than nine trillion rows of security data.

For example, its email statistics were gathered from more than two billion emails each day, its website security from over 2.4 billion Web requests each day, and its cloud and apps from Symantec CloudSOC security technology, which in 2016 safeguarded more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails.

Kevin Haley, director, Symantec Security Response, said, “New sophistication and innovation is the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus. Zero-day vulnerabilities and sophisticated malware are now used sparingly, as nation states shift their attention from espionage to straight sabotage. Meanwhile, cybercriminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

A summary reveals:

  • New levels of ambition including a multi-million-dollar bank heist – well planned and executed and aimed at the bank, not its customers.
  • Attempts to disrupt the US electoral process by state-sponsored hackers.
  • The biggest DDoS attacks in history powered by IoT botnets comprising routers and cameras.
  • More emphasis on impact and disruption – making a splash via disk wiping or power outages.
  • Increasing use of simple tools but more widely spread e.g. socially engineered spear-phishing emails driven by machine learning, off-the-shelf tools etc. One in every 131 emails sent was malicious
  • Less zero-day exploits as these become harder to monetise – the patching message is finally working.
  • Ransomware continues to be the biggest threat to consumers and small business. The average ransom demand in 2016 rose to $1077 ($294 a year ago) and 101 new ransomware families were discovered in 2016 (36% increase).
  • Enterprise is using 928 cloud apps, up from 841 earlier in the year. However, most chief information officers think their organisations only use around 30 or 40 cloud apps, meaning the level of risk could be underestimated, leaving them open to attack from newly emergent threats.

Mobile

Mobile operating systems remained the prime target with a new total of 290 vulnerabilities for iOS and 316 for Android. Interestingly, in 2015 iOS had 463 and Android only 89.

Working malware on iOS is still a relatively rare occurrence. However, in August 2016 it was discovered that three zero-day vulnerabilities on iOS, known as Trident, were being exploited in targeted attacks to inject the Pegasus malware onto victims’ phones. Pegasus is spyware that can access messages, calls, and emails. It can also gather information from apps including Gmail, Facebook, Skype, and WhatsApp. The attack worked by sending a link to the victim through a text message. If the victim clicked on the link then the phone was jailbroken and Pegasus could be injected into it and start it’s spy work.

Web

Web threats were found in 76% of scanned websites, and 9% were critical. Symantec blocked an average of 229,000 websites each day in 2016.

Ransomware

Up from 30 families in 2015 to 101 families and average ransom amounts rose to US$1077 from US$294, in part reflecting bitcoin appreciation.

Email and phishing

About 1 in 131 emails were malware-driven by mass-mailing malware groups, primarily spreading Locky, Dridex, and TeslaCrypt. One of the major distributors of malware is a botnet known as Necurs that was responsible for massive campaigns that spread malware through JavaScript and Office macro attachments. These downloaders subsequently install the final payload, which in 2016 were typically ransomware threats such as Locky.

Business email compromise scams, rather than the mass-mailing phishing campaigns of old, are now favoured by attackers.

IoT

Vast armies of bots crawl the net for vulnerable IoT devices – it takes less than two minutes to find a new device and infect it. 

Sabotage and subversion

Symantec noted that several, likely nation-state sponsored groups had emerged from the shadows and engaged in more public, politically subversive activities. The ongoing power outage issues in Ukraine, the US election, and the Olympics have all been claimed to be affected by campaigns designed to steal and leak data to influence public opinion, create an atmosphere of distrust, and possibly influence political outcomes.

Due to these recent successes and, with key elections approaching in a number of countries in 2017, it is likely these kinds of activities will continue. Groups have, meanwhile, continually refined their tactics, with several moving away from customised malware and relying more on legitimate software tools to compromise targeted networks.

Cyber crime as a service

The cyber crime economy is thriving and ransomware toolkits can be purchased for as little as US$10 and mailing lists can be rented by the million records.

Symantec noted several significant disruptions, including several high-profile takedowns, helped put a dent in activity and send out a warning signal.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments