sb-nz logo
Story image

Criminals on a mission of ambition and disruption, says Symantec

01 May 2017

Ransomware attackers are increasing their ransoms; more emails are containing malicious links; and disruption is the word of the day - it’s no wonder CIOs are becoming out of touch with what is happening in their organisations.

According to Symantec’s latest Internet Security Threat Report, 2016 was marked by a year of ambition and disruption.

One in 131 emails contains a malicious link or attachment, which is the highest rate in five years. Symantec says email is becoming a prime delivery method for malware.

Windows PowerShell and Microsoft Office are two of the main methods attackers are using to conduct attacks that leave ‘a lighter footprint’ and can hide in plain sight. 96% of PowerShell files in the wild were malicious, according to Symantec.

Business email compromise (BEC) scams are targeting more than 400 businesses every day - and raking in more than 3 billion dollars.  

“There has been a shifting focus from attackers to focus more and more on email as the initial incursion vector. If you look back on 2014 in New Zealand, we saw one in 114 emails as malicious. We’ve seen the numbers of malicious emails doubling in the last few years,” Symantec’s local New Zealand spokesperson and technology strategist Mark Shaw.

Shaw says it shows that the attackers are confident that the email method works for delivering that initial payload.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” comments Kevin Haley, director, Symantec Security Response.

“Cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

Malware families are on the increase with more than 100 new families released in the wild. 36% of those are ransomware attacks.

Attackers are also becoming greedier through their ransom demands - the average ransom has increased 266% to an average of $1077 from just $294 in 2015. 34% of global ransomware victims will pay the ransom.

The survey also found increasing attacks against the US as part of political subversion and targeted sabotage. It’s not just political election attacks that are gaining momentum - nation states (particularly North Korea) are also going after banks in Bangladesh, Vietnam, Equador and Poland.

Shaw says New Zealand has little to worry about.

“Do we expect that to happen in New Zealand? No, I don’t think so. We don’t have a target on our back as much as the US elections, nor a determined attacker, nation state or attack group behind us,” he says.

CIOs are finding it difficult to keep track of how many cloud apps their organisations use. Most assume the number is up to 40 apps, when in reality there are almost 1000. Symantec believes that this disparity can lead to insufficient security policies and procedures, and that CIOs must get a grip - fast.

Cloud services are also at risk. Symantec cites a case in which cloud databases from a single provider were hijacked and ransom, because users left outdated databases open and without authentication enabled.

 Symantec’s advice for businesses:

  • Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
  • Prepare for the worst: Incident management ensures your security framework is optimised, measurable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
  • Implement a multi-layered defence: Implement a multi-layered defence strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
  • Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
  • Monitor your resources – Make sure to monitor your resources and networks for abnormal and suspicious behaviour, and correlate it with threat intelligence from experts.

“One of the biggest things that businesses can be doing is making sure their employees are educated and aware. You can have all the technology in the world but without employees making the right decisions, that can be the difference between a significant outage or loss. Or it could be a good outcome when they’ve reported something and that’s been shut down,” Shaw concludes.

Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Fortinet SOARs to new heights of protection on the wings of AI & automation
Jon McGettigan, Fortinet A/NZ Regional Director, talks about SOAR (security orchestration, automation and response) and explains that effective SOAR starts with your security policy.More