Symantec’s latest threat report says that zero-day vulnerabilities and sophisticated malware now tend to be used sparingly, and attackers are increasingly attempting to hide in plain sight.
According to the Symantec Internet Security Threat Report (ISTR) April 2017, cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of IoT devices.
The Symantec ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends, and motivations for attackers.
Weapon of choice
In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95% of PowerShell files seen by Symantec in the wild were malicious.
The use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users. Symantec found one in 131 emails contained a malicious link or attachment – the highest rate in five years. Further, Business Email Compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails – scammed more than three billion dollars from businesses over the last three years, targeting over 400 businesses every day.
Caving in to digital extortion
Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36% increase in ransomware attacks worldwide.
However, the United States is firmly in the crosshairs of attackers as the number-one targeted country. Symantec found 64% of American ransomware victims are willing to pay a ransom, compared to 34% globally. Unfortunately, this has consequences. In 2016, the average ransom spiked 266% with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.
Cracks in the cloud: the next frontier for cyber crime
A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.
Cloud security continues to challenge CIOs. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier. These cracks found in the cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their environment.
The bottom line: CTIOs and CISOs need to make sure they are covering the more obvious bases. Man the barricades, train and drill the staff constantly (“Just don’t click it!”) and don’t forget those backups. According to Symantec, most of the scary stuff is coming right through the front door.
Full IST report here.
This article was originally published on CyberSecBuzz