Security Market Segment LS
Thursday, 27 April 2017 15:45

Cyber attackers reveal new levels of ambition Featured

By

Symantec’s Internet Security Report Volume 22 reveals new levels of ambition and sophistication displayed by cyber attackers.

The 77-page report covers information gained from Symantec’s Global Intelligence Network tracking over 700,000 global adversaries and records events from 98 million attack sensors in more than 157 countries. But it also includes Endpoint Protection, Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources, generating more than nine trillion rows of security data.

For example, its email statistics were gathered from more than two billion emails each day, its website security from over 2.4 billion Web requests each day, and its cloud and apps from Symantec CloudSOC security technology, which in 2016 safeguarded more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails.

Kevin Haley, director, Symantec Security Response, said, “New sophistication and innovation is the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus. Zero-day vulnerabilities and sophisticated malware are now used sparingly, as nation states shift their attention from espionage to straight sabotage. Meanwhile, cybercriminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

A summary reveals:

  • New levels of ambition including a multi-million-dollar bank heist – well planned and executed and aimed at the bank, not its customers.
  • Attempts to disrupt the US electoral process by state-sponsored hackers.
  • The biggest DDoS attacks in history powered by IoT botnets comprising routers and cameras.
  • More emphasis on impact and disruption – making a splash via disk wiping or power outages.
  • Increasing use of simple tools but more widely spread e.g. socially engineered spear-phishing emails driven by machine learning, off-the-shelf tools etc. One in every 131 emails sent was malicious
  • Less zero-day exploits as these become harder to monetise – the patching message is finally working.
  • Ransomware continues to be the biggest threat to consumers and small business. The average ransom demand in 2016 rose to $1077 ($294 a year ago) and 101 new ransomware families were discovered in 2016 (36% increase).
  • Enterprise is using 928 cloud apps, up from 841 earlier in the year. However, most chief information officers think their organisations only use around 30 or 40 cloud apps, meaning the level of risk could be underestimated, leaving them open to attack from newly emergent threats.

Mobile

Mobile operating systems remained the prime target with a new total of 290 vulnerabilities for iOS and 316 for Android. Interestingly, in 2015 iOS had 463 and Android only 89.

Working malware on iOS is still a relatively rare occurrence. However, in August 2016 it was discovered that three zero-day vulnerabilities on iOS, known as Trident, were being exploited in targeted attacks to inject the Pegasus malware onto victims’ phones. Pegasus is spyware that can access messages, calls, and emails. It can also gather information from apps including Gmail, Facebook, Skype, and WhatsApp. The attack worked by sending a link to the victim through a text message. If the victim clicked on the link then the phone was jailbroken and Pegasus could be injected into it and start it’s spy work.

Web

Web threats were found in 76% of scanned websites, and 9% were critical. Symantec blocked an average of 229,000 websites each day in 2016.

Ransomware

Up from 30 families in 2015 to 101 families and average ransom amounts rose to US$1077 from US$294, in part reflecting bitcoin appreciation.

Email and phishing

About 1 in 131 emails were malware-driven by mass-mailing malware groups, primarily spreading Locky, Dridex, and TeslaCrypt. One of the major distributors of malware is a botnet known as Necurs that was responsible for massive campaigns that spread malware through JavaScript and Office macro attachments. These downloaders subsequently install the final payload, which in 2016 were typically ransomware threats such as Locky.

Business email compromise scams, rather than the mass-mailing phishing campaigns of old, are now favoured by attackers.

IoT

Vast armies of bots crawl the net for vulnerable IoT devices – it takes less than two minutes to find a new device and infect it. 

Sabotage and subversion

Symantec noted that several, likely nation-state sponsored groups had emerged from the shadows and engaged in more public, politically subversive activities. The ongoing power outage issues in Ukraine, the US election, and the Olympics have all been claimed to be affected by campaigns designed to steal and leak data to influence public opinion, create an atmosphere of distrust, and possibly influence political outcomes.

Due to these recent successes and, with key elections approaching in a number of countries in 2017, it is likely these kinds of activities will continue. Groups have, meanwhile, continually refined their tactics, with several moving away from customised malware and relying more on legitimate software tools to compromise targeted networks.

Cyber crime as a service

The cyber crime economy is thriving and ransomware toolkits can be purchased for as little as US$10 and mailing lists can be rented by the million records.

Symantec noted several significant disruptions, including several high-profile takedowns, helped put a dent in activity and send out a warning signal.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments