Story image

Criminals on a mission of ambition and disruption, says Symantec

01 May 2017

Ransomware attackers are increasing their ransoms; more emails are containing malicious links; and disruption is the word of the day - it’s no wonder CIOs are becoming out of touch with what is happening in their organisations.

According to Symantec’s latest Internet Security Threat Report, 2016 was marked by a year of ambition and disruption.

One in 131 emails contains a malicious link or attachment, which is the highest rate in five years. Symantec says email is becoming a prime delivery method for malware.

Windows PowerShell and Microsoft Office are two of the main methods attackers are using to conduct attacks that leave ‘a lighter footprint’ and can hide in plain sight. 96% of PowerShell files in the wild were malicious, according to Symantec.

Business email compromise (BEC) scams are targeting more than 400 businesses every day - and raking in more than 3 billion dollars.  

“There has been a shifting focus from attackers to focus more and more on email as the initial incursion vector. If you look back on 2014 in New Zealand, we saw one in 114 emails as malicious. We’ve seen the numbers of malicious emails doubling in the last few years,” Symantec’s local New Zealand spokesperson and technology strategist Mark Shaw.

Shaw says it shows that the attackers are confident that the email method works for delivering that initial payload.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” comments Kevin Haley, director, Symantec Security Response.

“Cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

Malware families are on the increase with more than 100 new families released in the wild. 36% of those are ransomware attacks.

Attackers are also becoming greedier through their ransom demands - the average ransom has increased 266% to an average of $1077 from just $294 in 2015. 34% of global ransomware victims will pay the ransom.

The survey also found increasing attacks against the US as part of political subversion and targeted sabotage. It’s not just political election attacks that are gaining momentum - nation states (particularly North Korea) are also going after banks in Bangladesh, Vietnam, Equador and Poland.

Shaw says New Zealand has little to worry about.

“Do we expect that to happen in New Zealand? No, I don’t think so. We don’t have a target on our back as much as the US elections, nor a determined attacker, nation state or attack group behind us,” he says.

CIOs are finding it difficult to keep track of how many cloud apps their organisations use. Most assume the number is up to 40 apps, when in reality there are almost 1000. Symantec believes that this disparity can lead to insufficient security policies and procedures, and that CIOs must get a grip - fast.

Cloud services are also at risk. Symantec cites a case in which cloud databases from a single provider were hijacked and ransom, because users left outdated databases open and without authentication enabled.

 Symantec’s advice for businesses:

  • Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
  • Prepare for the worst: Incident management ensures your security framework is optimised, measurable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
  • Implement a multi-layered defence: Implement a multi-layered defence strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
  • Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
  • Monitor your resources – Make sure to monitor your resources and networks for abnormal and suspicious behaviour, and correlate it with threat intelligence from experts.

“One of the biggest things that businesses can be doing is making sure their employees are educated and aware. You can have all the technology in the world but without employees making the right decisions, that can be the difference between a significant outage or loss. Or it could be a good outcome when they’ve reported something and that’s been shut down,” Shaw concludes.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.