3 May 2017

Your inbox is probably out to get you, says Symantec 2017 threat report


by Tony Ware

Malicious emails, politically motivated cyberattacks and internet of things compromises are all on the rise, according to a new Internet Security Threat Report from security products and solutions company Symantec.

With 1 in 131 emails containing an infected link or attachment, and spear-phishing targeting 400 businesses every day, cyber criminals are ramping up efforts to compromise systems for the purpose of economic and political gain. Email is a particularly popular vector because it does not require a preexisting vulnerability to be exploited, just simple deception of victims to make a single click or disclose credentials.

New ransomware families identified in 2016 have tripled to 101, infections worldwide have increased in frequency by 36 percent, and the average ransom demand has ballooned 266 percent from around $300 to over $1,000 because 64 percent of Americans (the No. 1 targeted group) are willing to pay. 

Once in a system, cyber criminals are exploiting simple, commonly installed tools to exfiltrate information. The scripting language PowerShell, as well as Microsoft Office files, are commonly having their macros weaponized. They are also reviving tools for sabotage, such as the disk-wiping Trojan Shamoon, and targeting utilities such as power stations.

Campaigns are being carried out on individuals and businesses, but also banks in what could potentially be a way for nation states to fund destabilization efforts. Evidence has linked North Korean actors to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland, with up to $94 million stolen. 

State-sponsored groups attempting to manipulate politics, the most highly publicized example being the cyberattacks on the U.S. Democratic Party during the 2016 election, has been an increasing trend made possible by simple spear-phishing and more complex exploits.

A proliferation of cloud apps and Internet of Things devices has created more vectors for attack. A lack of proper authentication allowed for tens of thousands of cloud databases from one provider to be hijacked and held for ransom in 2016, proving that CIOs must get a grip on the true number and management of cloud services in their organizations.

A botnet of IoT devices, Mirai, used infected routers and security cameras to great effect, and provides an example of why IoT devices are now being attacked every two minutes.

The entire report — including insights into global threat activity, disruption trends and motivations for attackers — can be downloaded from Symantec’s website.

No comments: