April 14, 2015
Hackers are faster and smarter than ever — and the security measures employed by companies and organizations are simply not good enough to offer any real protection, according to Symantec’s 2015 Internet Security Threat Report.
Attackers pulled off 312 major hacks against companies last year — a 23 percent rise over 2013. Cyber-attackers are simply “leap-frogging” over corporate defenses, Symantec says.
“As organizations look to discover attackers using stolen employee credentials and identify signs of suspicious behavior throughout their networks, savvy attackers are using increased levels of deception and, in some cases, hijacking companies’ own infrastructure and turning it against them,” the report reads.
The most common tricks used by advanced attackers included:
- Deploying legitimate software onto compromised computers to continue their attacks without risking discovery by anti-malware tools.
- Leveraging a company’s management tools to move stolen IP around the corporate network.
- Using commonly available crimeware tools to disguise themselves and their true intention if discovered.
- Building custom attack software inside their victim’s network, on the victim’s own servers.
- Using stolen email accounts from one corporate victim to spear-phish their next corporate victim.
- Hiding inside software vendors’ updates, in essence “Trojanizing” updates, to trick targeted companies into infecting themselves.
Hackers are not choosy when it comes to their targets, either. The report revealed five out of every six companies with more than 2,500 employees were hit by spear-phishing attacks in 2014 — up 40 percent over the previous year. Small- and medium-sized businesses have also been victimized more often, with attacks rising 26 percent and 30 percent, respectively.
Malware is also on the rise with more than 317 million new pieces created last year. That means nearly one million new threats were released into the wild on a daily basis.
“Some of this malware may not be a direct risk to organizations and is instead designed to extort end-users,” the report reads. “Beyond the annoyance factor to IT, however, it impacts employee productivity and diverts IT resources that could be better spent on high-level security issues.”
Use of ransomware is also on the rise. Attacks skyrocketed a whopping 113 percent last year, driven by a 4,000-plus percent increase in crypto-ransomware attacks.
“Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, crypto-ransomware holds a victim’s files, photos and other digital media hostage without masking the attacker’s intention,” Symantec says. “The victim will be offered a key to decrypt their files, but only after paying a ransom that can range from $300-$500—and that’s no guarantee their files will be freed.”
While e-mail remains a weapon of choice for cyber-criminals, social media platforms are becoming more popular. Symantec observed last years that 70 percent of social media scams were manually shared.
“These scams spread rapidly and are lucrative for cyber-criminals because people are more likely to click something posted by a friend,” the report reads.
Mobile is also a danger because Smartphone users neglect even basic security precautions. Symantec discovered 17 percent of all Android apps (nearly one million total) last year were actually malware in disguise.
Jennifer Cowan is the Managing Editor for SiteProNews.