Alarming Increase in Targeted Attacks Aimed at
Politically Motivated Sabotage and Subversion
Politically Motivated Sabotage and Subversion
Annual Threat Report from Symantec Details How
Simple Tactics
Simple Tactics
Led to Unprecedented Outcomes
- One in 131 Emails Contained a Malicious Link or
Attachment – Highest Rate in Five Years - Size of Ransoms Spiked 266 Percent; U.S. Top Targeted
Country as 64 Percent of Americans Pay Their Ransom - CIOs Have Lost Track of How Many Cloud Apps are Used
Inside Their Companies – When Asked Most Will Say up to 40 When in Reality
the Number Nears 1,000
Singapore – April
27, 2017 – Cyber criminals
revealed new levels of ambition in 2016 – a year marked by extraordinary
attacks, including multi-million dollar virtual bank heists and overt attempts
to disrupt the U.S. electoral process by state-sponsored groups, according to
Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR),
Volume 22, released today.
27, 2017 – Cyber criminals
revealed new levels of ambition in 2016 – a year marked by extraordinary
attacks, including multi-million dollar virtual bank heists and overt attempts
to disrupt the U.S. electoral process by state-sponsored groups, according to
Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR),
Volume 22, released today.
“New
sophistication and innovation are the nature of the threat landscape, but
this year Symantec has identified seismic shifts in motivation and focus,” said
Peter Sparkes, Symantec Senior Director, Cyber Security Services for Asia
Pacific and Japan. “The world saw specific nation states double down on
political manipulation and straight sabotage. Meanwhile, cyber criminals caused
unprecedented levels of disruption by focusing their exploits on relatively
simple IT tools and cloud services.”
sophistication and innovation are the nature of the threat landscape, but
this year Symantec has identified seismic shifts in motivation and focus,” said
Peter Sparkes, Symantec Senior Director, Cyber Security Services for Asia
Pacific and Japan. “The world saw specific nation states double down on
political manipulation and straight sabotage. Meanwhile, cyber criminals caused
unprecedented levels of disruption by focusing their exploits on relatively
simple IT tools and cloud services.”
Symantec’s ISTR provides a comprehensive view
of the threat landscape, including
insights into global threat activity, cyber criminal trends and motivations for
attackers. Key highlights
include:
of the threat landscape, including
insights into global threat activity, cyber criminal trends and motivations for
attackers. Key highlights
include:
Subversion and
Sabotage Attacks Emerge at the Forefront
Sabotage Attacks Emerge at the Forefront
Cyber criminals are executing politically
devastating attacks in a move to undermine a new class of targets. Cyber
attacks against the U.S. Democratic Party and the subsequent leak of stolen
information reflect a trend toward criminals employing highly-publicized, overt
campaigns designed to destabilize and disrupt targeted organizations and countries.
While cyber attacks involving sabotage have traditionally been quite rare, the
perceived success of several campaigns – including the U.S. election and
Shamoon – point to a growing trend to criminals attempting to influence
politics and sow discord in other countries.
devastating attacks in a move to undermine a new class of targets. Cyber
attacks against the U.S. Democratic Party and the subsequent leak of stolen
information reflect a trend toward criminals employing highly-publicized, overt
campaigns designed to destabilize and disrupt targeted organizations and countries.
While cyber attacks involving sabotage have traditionally been quite rare, the
perceived success of several campaigns – including the U.S. election and
Shamoon – point to a growing trend to criminals attempting to influence
politics and sow discord in other countries.
Nation States Chase
the Big Scores
the Big Scores
A new breed of attackers revealed major
financial ambitions, which may be an exercise to help fund other covert and
subversive activities. Today, the largest heists are carried out virtually, with
billions of dollars stolen by cyber criminals. While some of these attacks are
the work of organized criminal gangs, for the first time nation states appear
to be involved as well. Symantec uncovered evidence linking North Korea to
attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
financial ambitions, which may be an exercise to help fund other covert and
subversive activities. Today, the largest heists are carried out virtually, with
billions of dollars stolen by cyber criminals. While some of these attacks are
the work of organized criminal gangs, for the first time nation states appear
to be involved as well. Symantec uncovered evidence linking North Korea to
attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
“This was an incredibly
audacious hack as well as the first time we observed strong indications of
nation state involvement in financial cyber crime,” said Peter Sparkes,
Symantec Senior Director, Cyber Security Services for Asia Pacific and Japan. “While their sights were set even higher, the attackers stole at
least US$94 million.”
audacious hack as well as the first time we observed strong indications of
nation state involvement in financial cyber crime,” said Peter Sparkes,
Symantec Senior Director, Cyber Security Services for Asia Pacific and Japan. “While their sights were set even higher, the attackers stole at
least US$94 million.”
Attackers Weaponize
Commonly Used Software; Email Becomes the Weapon of Choice
Commonly Used Software; Email Becomes the Weapon of Choice
In 2016, Symantec saw cyber criminals use
PowerShell, a common scripting language installed on PCs, and Microsoft Office
files as weapons. While system administrators may use these common IT tools for
daily management tasks, cyber criminals increasingly used this combination for
their campaigns as it leaves a lighter footprint and offers the ability to hide
in plain sight. Due to the widespread use of PowerShell by attackers, 95
percent of PowerShell files seen by Symantec in the wild were malicious.
PowerShell, a common scripting language installed on PCs, and Microsoft Office
files as weapons. While system administrators may use these common IT tools for
daily management tasks, cyber criminals increasingly used this combination for
their campaigns as it leaves a lighter footprint and offers the ability to hide
in plain sight. Due to the widespread use of PowerShell by attackers, 95
percent of PowerShell files seen by Symantec in the wild were malicious.
The use of email as an infection point also
rose, becoming a weapon of choice for cyber criminals and a dangerous threat to
users. Symantec found one in 131 emails contained a malicious link or
attachment – the highest rate in five years. Further, Business Email
Compromise (BEC) scams, which rely on little more than carefully composed
spear-phishing emails – scammed more than three billion dollars from businesses
over the last three years, targeting over 400 businesses every day.
rose, becoming a weapon of choice for cyber criminals and a dangerous threat to
users. Symantec found one in 131 emails contained a malicious link or
attachment – the highest rate in five years. Further, Business Email
Compromise (BEC) scams, which rely on little more than carefully composed
spear-phishing emails – scammed more than three billion dollars from businesses
over the last three years, targeting over 400 businesses every day.
Caving in to Digital
Extortion: Americans Most Likely to Pay Ransom Demands
Extortion: Americans Most Likely to Pay Ransom Demands
Ransomware continued to escalate as a global
problem and a lucrative business for criminals. Symantec identified over 100
new malware families released into the wild, more than triple the amount seen
previously, and a 36 percent increase in ransomware attacks worldwide.
problem and a lucrative business for criminals. Symantec identified over 100
new malware families released into the wild, more than triple the amount seen
previously, and a 36 percent increase in ransomware attacks worldwide.
However, the United States is firmly in the
crosshairs of attackers as the number-one targeted country. Symantec found 64
percent of American ransomware victims are willing to pay a ransom, compared to
34 percent globally. Unfortunately, this has consequences. In 2016, the average
ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.
crosshairs of attackers as the number-one targeted country. Symantec found 64
percent of American ransomware victims are willing to pay a ransom, compared to
34 percent globally. Unfortunately, this has consequences. In 2016, the average
ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.
Cracks in the Cloud:
The Next Frontier for Cyber Crime is Upon Us
The Next Frontier for Cyber Crime is Upon Us
A growing reliance on cloud services has left
organizations open to attacks. Tens of thousands of cloud databases from a
single provider were hijacked and held for ransom in 2016 after users left
outdated databases open on the internet without authentication turned on.
organizations open to attacks. Tens of thousands of cloud databases from a
single provider were hijacked and held for ransom in 2016 after users left
outdated databases open on the internet without authentication turned on.
Cloud security continues to challenge CIOs.
According to Symantec data, CIOs have lost track of how many cloud apps are
used inside their organizations. When asked, most assume their organizations
use up to 40 cloud apps when in reality the number nears 1,000. This disparity
can lead to a lack of policies and procedures for how employees access cloud
services, which in turn makes cloud apps riskier. These cracks found in the
cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on
the cloud apps used inside their organizations, they will see a shift in how
threats enter their environment.
According to Symantec data, CIOs have lost track of how many cloud apps are
used inside their organizations. When asked, most assume their organizations
use up to 40 cloud apps when in reality the number nears 1,000. This disparity
can lead to a lack of policies and procedures for how employees access cloud
services, which in turn makes cloud apps riskier. These cracks found in the
cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on
the cloud apps used inside their organizations, they will see a shift in how
threats enter their environment.
From the Experts: Security Tips and Tricks
As attackers evolve, there are many steps businesses
and consumers can take to protect themselves. As a starting point, Symantec
recommends the following best practices:
and consumers can take to protect themselves. As a starting point, Symantec
recommends the following best practices:
For
Businesses:
Businesses:
- Don’t get caught flat-footed: Use advanced threat intelligence solutions to
help you find indicators of compromise and respond faster to incidents. - Prepare for the worst: Incident management ensures your security
framework is optimized, measureable and repeatable, and that lessons
learned improve your security posture. Consider adding a retainer with a
third-party expert to help manage crises. - Implement a multi-layered
defense: Implement a multi-layered
defense strategy that addresses attack vectors at the gateway, mail server
and endpoint. This also should include two-factor authentication,
intrusion detection or protection systems (IPS), website vulnerability
malware protection, and web security gateway solutions throughout the
network. - Provide ongoing training about
malicious email: Educate
employees on the dangers posed by spear-phishing emails and other
malicious email attacks, including where to internally report such
attempts. - Monitor your resources – Make sure to monitor your resources and
networks for abnormal and suspicious behavior, and correlate it with
threat intelligence from experts.
For
Consumers:
Consumers:
- Change the default passwords on
your devices and services: Use
strong and unique passwords for computers, IoT devices and Wi-Fi networks.
Don’t use common or easily guessable passwords such as “123456” or
“password”.
· Keep your operating system and software up to
date: Software updates will
frequently include patches for newly discovered security vulnerabilities that
could be exploited by attackers.
date: Software updates will
frequently include patches for newly discovered security vulnerabilities that
could be exploited by attackers.
- Be extra careful on email: Email is one of the top infection methods. Delete any
suspicious-looking email you receive, especially if they contain links
and/or attachments. Be extremely wary of any Microsoft Office email
attachment that advises you to enable macros to view its content. - Back up your files: Backing up your data is the single most effective way
of combating a ransomware infection. Attackers can have leverage over
their victims by encrypting their files and leaving them inaccessible. If
you have backup copies, you can restore your files once the infection has
been cleaned up.
About the Internet
Security Threat Report
Security Threat Report
The
Internet Security Threat Report provides an overview and analysis of the year
in global threat activity. The report is based on data from Symantec’s Global
Intelligence Network, which Symantec analysts use to identify, analyze and provide
commentary on emerging trends in attacks, malicious code activity, phishing and
spam.
Internet Security Threat Report provides an overview and analysis of the year
in global threat activity. The report is based on data from Symantec’s Global
Intelligence Network, which Symantec analysts use to identify, analyze and provide
commentary on emerging trends in attacks, malicious code activity, phishing and
spam.
Symantec will host a webinar on this year’s
ISTR results on May 16 at 10 a.m. Pacific / May 17 at 1 a.m SGT . For
more information or to register, please go here . Please visit Symantec’s website to
download the full report plus supplemental assets.
ISTR results on May 16 at 10 a.m. Pacific / May 17 at 1 a.m SGT . For
more information or to register, please go here . Please visit Symantec’s website to
download the full report plus supplemental assets.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
