'Tactical shift' in cyberattacks and high ransomware for NZ
FYI, this story is more than a year old
New Zealand was the fourth most targeted country in Asia Pacific for ransomware in 2014 according to Symantec’s latest Internet Threat Report.
That equated to 14,833 ransomware attacks in 2014, the report says. Of those infections, 15% were crypto-ransomware.
Mark Shaw, Symantec technology strategist, says last year hackers perfected digital extortion such as ransomware, which rose 113% globally. Notably, there were 45 times more victims of crypto-ransomware attacks than in 2013.
Instead of pretending to be law enforcement seeking a fine for stolen content, Symantec says it saw more vicious crypto-ransomware attack styles holding a victim’s files, photos and other digital content hostage without masking the attackers intention.
The Internet Security Threat Report Volume 20 also reveals that midsized New Zealand corporate and government departments are prime targets for viruses and phishing attacks.
The report says 2014 was a year with ‘far-reaching vulnerabilities, faster attacks, files held for ransom and far more malicious code than in previous years’.
It was also a year which saw a tactical shift by cyberattackers as they infiltrated networks and evaded detection by hijacking the infrastructure of major corporations and using it against them.
“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” says Kevin Haley, Symantec Security Response director.
“We’re seeing attackers trick companies into infecting themselves by trojanising software updates to common programs and patiently waiting for their targets to download them – giving attackers unfettered access to the corporate network.”
Shaw says 2014 proved that 2013, which had set numerous records for cyberattacks and was dubbed the year of the mega breach, was not an anomaly.
“We continued with a high number of breaches and malware and increased in many instances.
“Attacks on healthcare, retail and finance all continued to be in the headlines as lucrative targets, but it wasn’t just those guys: there were a range of industries being attacked.”
Shaw says attackers succeeded with speed and precision, exploiting the fact that it took software companies an average of 59 days to create and roll out patches – up from four days in 2013.
Advanced attackers continued to breach networks with highly-targeted spearphishing attacks, which were up 8% in 2014. Those attacks were also more precise, using 30% fewer emails to successfully reach their targets and incorporating more drive-by malware downloads and other web-based exploits.
Social media scams also provided cybercriminals with quick cash.
Shaw says New Zealand is a nation of oversharers, ranking fourth in Asia Pacific for social media scams such as fake offerings, likejacking, comment jacking, fake apps and manual sharing of social media scams.
In 2014, 76% of social media scams were shared manually in New Zealand, above the global average of 70% and demonstrating that cybercriminals can still con people into giving up personal information or sharing content with their friends in exchange for – bogus – free stuff.
Shaw says the social media scams often take the form of a ‘giveaway’ of vouchers or cars, or a video which can only be viewed after you share it.
“Then you have to download a software plug-in which is often malicious.”
They can also take the form of a survey – sometimes even legitimate but where the scammer makes a few cents for every piece of traffic they drive to the survey site.
Symantec has offered up the following tips for businesses seeking to protect themselves from cyberthreats:
Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
Provide ongoing education and training: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams – and run practice drills – to ensure you have the skills necessary to effectively combat cyber threats.