“Extraordinary attacks” in 2016: Symantec’s Internet Security Threat Report
Symantec, the makers of Norton security products, has released its annual Internet Security Threat Report (ISTR), finding cyber criminals revealed new levels of ambition in 2016 — “a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups”.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Kevin Haley, director, Symantec Security Response. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
Key highlights from the ISTR include:
• Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets, the report finds. “While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns – including the U.S. election and Shamoon – point to a growing trend to criminals attempting to influence politics and sow discord in other countries.”
• Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well, according to the report. Symantec uncovered evidence-linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
• In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 per cent of PowerShell files seen by Symantec in the wild were malicious.
• The use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users.
• Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 per cent increase in ransomware attacks worldwide.
• A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016, the report says, after users left outdated databases open on the internet without authentication turned on.
• According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. Symantec predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their environment.
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity, based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze and provide commentary on emerging trends in attacks, malicious code activity, phishing and spam.