Cryptojacking Skyrockets to the Top of the Attacker Toolkit, Signaling Massive Threat to Cyber and Personal Security
Annual Threat Report from Symantec Reveals One in Ten Targeted Attack
Groups Use
Groups Use
Malware Designed to Disrupt
SINGAPORE – March 27, 2018 – Cyber criminals are rapidly adding
cryptojacking to their arsenal and creating a highly profitable new revenue
stream, as the ransomware market becomes overpriced and overcrowded, according
to Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Volume 23, released today.
cryptojacking to their arsenal and creating a highly profitable new revenue
stream, as the ransomware market becomes overpriced and overcrowded, according
to Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Volume 23, released today.
“Cryptojacking is a rising threat
to cyber and personal security,” said Sherif El-Nabawi, Senior Director,
Systems Engineering, Asia Pacific, Symantec. “The massive profit incentive puts
people, devices and organizations at risk of unauthorized coin miners siphoning
resources from their systems, further motivating criminals to infiltrate
everything from home PCs to giant data centers.”
to cyber and personal security,” said Sherif El-Nabawi, Senior Director,
Systems Engineering, Asia Pacific, Symantec. “The massive profit incentive puts
people, devices and organizations at risk of unauthorized coin miners siphoning
resources from their systems, further motivating criminals to infiltrate
everything from home PCs to giant data centers.”
Symantec’s ISTR provides a
comprehensive view of the threat landscape, including insights into global
threat activity, cyber criminal trends and motivations for attackers. The
report analyzes data from the Symantec Global Intelligence Network™, the largest
civilian threat collection network in the world, records events from 126.5
million attack sensors worldwide, and monitors threat activities in over 157
countries and territories. Key highlights include:
comprehensive view of the threat landscape, including insights into global
threat activity, cyber criminal trends and motivations for attackers. The
report analyzes data from the Symantec Global Intelligence Network™, the largest
civilian threat collection network in the world, records events from 126.5
million attack sensors worldwide, and monitors threat activities in over 157
countries and territories. Key highlights include:
Cryptojacking Attacks Explode by 8,500 Percent
During the past year, an
astronomical rise in cryptocurrency values triggered a cryptojacking gold rush
with cyber criminals attempting to cash in on a volatile market. Detections of
coinminers on endpoint computers increased by 8,500 percent in 2017. Singapore
ranks sixth in the Asia-Pacific Japan (APJ) region, 25th globally in
terms of crypto mining activities.
astronomical rise in cryptocurrency values triggered a cryptojacking gold rush
with cyber criminals attempting to cash in on a volatile market. Detections of
coinminers on endpoint computers increased by 8,500 percent in 2017. Singapore
ranks sixth in the Asia-Pacific Japan (APJ) region, 25th globally in
terms of crypto mining activities.
With a low barrier of entry –
only requiring a couple lines of code to operate – cyber criminals are
harnessing stolen processing power and cloud CPU usage from consumers and
enterprises to mine cryptocurrency. Coinminers can slow devices, overheat
batteries, and in some cases, render devices unusable. For enterprise
organizations, coinminers can put corporate networks at risk of shutdown and inflate
cloud CPU usage, adding cost.
only requiring a couple lines of code to operate – cyber criminals are
harnessing stolen processing power and cloud CPU usage from consumers and
enterprises to mine cryptocurrency. Coinminers can slow devices, overheat
batteries, and in some cases, render devices unusable. For enterprise
organizations, coinminers can put corporate networks at risk of shutdown and inflate
cloud CPU usage, adding cost.
“Now you could be fighting for
resources on your phone, computer or IoT device as attacks use them for profit,”
said El-Nabawi. “People need to expand their defenses or they will pay for the
price for someone else using their device.”
resources on your phone, computer or IoT device as attacks use them for profit,”
said El-Nabawi. “People need to expand their defenses or they will pay for the
price for someone else using their device.”
IoT devices continue to be ripe
targets for exploitation. Symantec found a 600 percent increase in overall IoT
attacks in 2017, which means that cyber criminals could exploit the connected
nature of these devices to mine en masse.
Macs are not immune either with Symantec detecting an 80 percent increase in
coin mining attacks against Mac OS. By leveraging browser-based attacks,
criminals do not need to download malware to a victim’s Mac or PC to carry out
cyber attacks.
targets for exploitation. Symantec found a 600 percent increase in overall IoT
attacks in 2017, which means that cyber criminals could exploit the connected
nature of these devices to mine en masse.
Macs are not immune either with Symantec detecting an 80 percent increase in
coin mining attacks against Mac OS. By leveraging browser-based attacks,
criminals do not need to download malware to a victim’s Mac or PC to carry out
cyber attacks.
Majority of Targeted Attackers Use Single Method
to Infect Victims
The number of targeted attack
groups is on the rise with Symantec now tracking 140 organized groups. Last
year, 71 percent of all targeted attacks started with spear phishing – the
oldest trick in the book – to infect their victims. As targeted attack groups
continue to leverage tried and true tactics to infiltrate organizations, the
use of zero-day threats is falling out of favor. Only 27 percent of targeted
attack groups have been known to use zero-day vulnerabilities at any point in
the past.
groups is on the rise with Symantec now tracking 140 organized groups. Last
year, 71 percent of all targeted attacks started with spear phishing – the
oldest trick in the book – to infect their victims. As targeted attack groups
continue to leverage tried and true tactics to infiltrate organizations, the
use of zero-day threats is falling out of favor. Only 27 percent of targeted
attack groups have been known to use zero-day vulnerabilities at any point in
the past.
The security industry has long
discussed what type of destruction might be possible with cyber attacks. This
conversation has now moved beyond the theoretical, with one in ten targeted
attack groups using malware designed to disrupt.
discussed what type of destruction might be possible with cyber attacks. This
conversation has now moved beyond the theoretical, with one in ten targeted
attack groups using malware designed to disrupt.
Implanted Malware Grows by 200 Percent,
Compromising Software Supply Chain
Symantec identified a 200 percent
increase in attackers injecting malware implants into the software supply chain
in 2017. That’s equivalent to one attack every month as compared to four
attacks the previous year. Hijacking software updates provides attackers with
an entry point for compromising wellguarded networks. The Petya outbreak was
the most notable example of a supply chain attack. After using Ukrainian
accounting software as the point of entry, Petya used a variety of methods to
spread laterally across corporate networks to deploy their malicious
payload.
increase in attackers injecting malware implants into the software supply chain
in 2017. That’s equivalent to one attack every month as compared to four
attacks the previous year. Hijacking software updates provides attackers with
an entry point for compromising wellguarded networks. The Petya outbreak was
the most notable example of a supply chain attack. After using Ukrainian
accounting software as the point of entry, Petya used a variety of methods to
spread laterally across corporate networks to deploy their malicious
payload.
Mobile Malware Continues to Surge
Threats in the mobile space
continue to grow year-over-year, including the number of new mobile malware
variants which increased by 54 percent. Symantec blocked an average of 24,000
malicious mobile applications each day last year. As older operating systems
continue to be in use, this problem is exacerbated. For example, with the
Android operating system, only 20 percent of devices are running the newest
version and only 2.3 percent are on the latest minor release.
continue to grow year-over-year, including the number of new mobile malware
variants which increased by 54 percent. Symantec blocked an average of 24,000
malicious mobile applications each day last year. As older operating systems
continue to be in use, this problem is exacerbated. For example, with the
Android operating system, only 20 percent of devices are running the newest
version and only 2.3 percent are on the latest minor release.
Mobile users also face privacy risks from grayware apps that
aren’t completely malicious but can be troublesome. Symantec found that 63 percent
of grayware apps leak the device’s phone number. With grayware increasing by 20
percent in 2017, this isn’t a problem that’s going away.
aren’t completely malicious but can be troublesome. Symantec found that 63 percent
of grayware apps leak the device’s phone number. With grayware increasing by 20
percent in 2017, this isn’t a problem that’s going away.
Business-Savvy Cyber Criminals Price Ransomware
for Profit
In 2016, the profitability of
ransomware led to a crowded market. In 2017, the market made a correction,
lowering the average ransom cost to $522 and signaling that ransomware has
become a commodity. Singapore ranks 13th in the APJ region in terms
of ransomware threats, an improvement from rank eighth in last year’s report.
ransomware led to a crowded market. In 2017, the market made a correction,
lowering the average ransom cost to $522 and signaling that ransomware has
become a commodity. Singapore ranks 13th in the APJ region in terms
of ransomware threats, an improvement from rank eighth in last year’s report.
Many cyber criminals may have
shifted their focus to coin mining as an alternative to cashing in while
cryptocurrency values are high. Additionally, while the number of ransomware
families decreased, the number of ransomware variants increased by 46 percent,
indicating that criminal groups are innovating less but are still very
productive.
shifted their focus to coin mining as an alternative to cashing in while
cryptocurrency values are high. Additionally, while the number of ransomware
families decreased, the number of ransomware variants increased by 46 percent,
indicating that criminal groups are innovating less but are still very
productive.
From the Experts: Security Best Practices
As attackers evolve, there are
many steps businesses can take to protect themselves. As a starting point,
Symantec recommends the following best practices.
many steps businesses can take to protect themselves. As a starting point,
Symantec recommends the following best practices.
For businesses:
•
Don’t get caught flat-footed: Use advanced
threat intelligence solutions to help you find indicators of compromise and
respond faster to incidents.
Don’t get caught flat-footed: Use advanced
threat intelligence solutions to help you find indicators of compromise and
respond faster to incidents.
•
Prepare for the worst: Incident management
ensures your security framework is optimized, measurable and repeatable, and
that lessons learned improve your security posture. Consider adding a retainer
with a third-party expert to help manage crises.
Prepare for the worst: Incident management
ensures your security framework is optimized, measurable and repeatable, and
that lessons learned improve your security posture. Consider adding a retainer
with a third-party expert to help manage crises.
•
Implement a multi-layered defense: Implement a
multilayered defense strategy that addresses attack vectors at the gateway,
mail server and endpoint. This also should include two-factor authentication,
intrusion detection or protection systems (IPS), website vulnerability malware
protection, and web security gateway solutions throughout the network.
Implement a multi-layered defense: Implement a
multilayered defense strategy that addresses attack vectors at the gateway,
mail server and endpoint. This also should include two-factor authentication,
intrusion detection or protection systems (IPS), website vulnerability malware
protection, and web security gateway solutions throughout the network.
•
Provide ongoing training about malicious email:
Educate employees on the dangers posed by spear-phishing emails and other
malicious email attacks, including where to internally report such attempts.
Provide ongoing training about malicious email:
Educate employees on the dangers posed by spear-phishing emails and other
malicious email attacks, including where to internally report such attempts.
•
Monitor your resources: Make sure to monitor
your resources and networks for abnormal and suspicious behavior and correlate
it with threat intelligence from experts.
Monitor your resources: Make sure to monitor
your resources and networks for abnormal and suspicious behavior and correlate
it with threat intelligence from experts.
For consumers:
•
Change the default passwords on your devices and
services: Use strong and unique passwords for computers, IoT devices and Wi-Fi
networks. Don’t use common or easily guessable passwords such as “123456” or
“password”.
Change the default passwords on your devices and
services: Use strong and unique passwords for computers, IoT devices and Wi-Fi
networks. Don’t use common or easily guessable passwords such as “123456” or
“password”.
•
Keep your operating system and software up to
date: Software updates will frequently include patches for newly discovered
security vulnerabilities that could be exploited by attackers.
Keep your operating system and software up to
date: Software updates will frequently include patches for newly discovered
security vulnerabilities that could be exploited by attackers.
•
Be extra careful on email: Email is one of the
top infection methods. Delete any suspiciouslooking email you receive,
especially if they contain links and/or attachments. Be extremely wary of any
Microsoft Office email attachment that advises you to enable macros to view its
content.
Be extra careful on email: Email is one of the
top infection methods. Delete any suspiciouslooking email you receive,
especially if they contain links and/or attachments. Be extremely wary of any
Microsoft Office email attachment that advises you to enable macros to view its
content.
•
Back up your files: Backing up your data is the
single most effective way of combating a ransomware infection. Attackers can
have leverage over their victims by encrypting their files and leaving them
inaccessible. If you have backup copies, you can restore your files once the
infection has been cleaned up.
Back up your files: Backing up your data is the
single most effective way of combating a ransomware infection. Attackers can
have leverage over their victims by encrypting their files and leaving them
inaccessible. If you have backup copies, you can restore your files once the
infection has been cleaned up.
###
About the Internet Security Threat Report
The Internet Security Threat
Report provides an overview and analysis of the year in global threat activity.
The report is based on data from Symantec’s Global Intelligence Network, which
Symantec analysts use to identify, analyze and provide commentary on emerging
trends in attacks, malicious code activity, phishing and spam.
Report provides an overview and analysis of the year in global threat activity.
The report is based on data from Symantec’s Global Intelligence Network, which
Symantec analysts use to identify, analyze and provide commentary on emerging
trends in attacks, malicious code activity, phishing and spam.
Visit Symantec’s Threat Intelligence blog, and register for
Symantec’s ISTR webinar on April 12 at 1 p.m. SGT. Members of the press may
visit the digital press kit for
additional materials.
Symantec’s ISTR webinar on April 12 at 1 p.m. SGT. Members of the press may
visit the digital press kit for
additional materials.
About Symantec
Symantec Corporation (NASDAQ:
SYMC), the world’s leading cyber security company, helps organizations,
governments and people secure their most important data wherever it lives.
Organizations across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints, cloud and
infrastructure. Likewise, a global community of more than 50 million people and
families rely on Symantec’s Norton and LifeLock product suites to protect their
digital lives at home and across their devices. Symantec operates one of the
world’s largest civilian cyber intelligence networks, allowing it to see and
protect against the most advanced threats. For additional information, please
visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.
SYMC), the world’s leading cyber security company, helps organizations,
governments and people secure their most important data wherever it lives.
Organizations across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints, cloud and
infrastructure. Likewise, a global community of more than 50 million people and
families rely on Symantec’s Norton and LifeLock product suites to protect their
digital lives at home and across their devices. Symantec operates one of the
world’s largest civilian cyber intelligence networks, allowing it to see and
protect against the most advanced threats. For additional information, please
visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
