Annual Threat Report from Symantec Details
How Simple Tactics Led to Unprecedented Outcomes
- One in 131 Emails Contained a Malicious
Link or Attachment – Highest Rate in Five Years
- Size of Ransoms Spiked 266 Percent;
U.S. Top Targeted Country as 64 Percent of Americans Pay Their
Ransom
- CIOs Have Lost Track of How Many Cloud
Apps are Used Inside Their Companies – When Asked Most Will Say up
to 40 When in Reality the Number Nears 1,000
Cyber criminals revealed new levels of ambition in 2016 – a year
marked by extraordinary attacks, including multi-million dollar
virtual bank heists and overt attempts to disrupt the U.S.
electoral process by state-sponsored groups, according to
Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR),
Volume 22, released today.
“New sophistication and innovation are the nature of the threat
landscape, but this year Symantec has identified seismic shifts in
motivation and focus,” said Kevin Haley, director, Symantec
Security Response. “The world saw specific nation states double
down on political manipulation and straight sabotage. Meanwhile,
cyber criminals caused unprecedented levels of disruption by
focusing their exploits on relatively simple IT tools and cloud
services.”
Symantec’s ISTR provides a comprehensive view of the threat
landscape, including insights into global threat activity, cyber
criminal trends and motivations for attackers. Key highlights
include:
Subversion and Sabotage Attacks Emerge
at the Forefront
Cyber criminals are executing politically devastating attacks in
a move to undermine a new class of targets. Cyber attacks against
the U.S. Democratic Party and the subsequent leak of stolen
information reflect a trend toward criminals employing
highly-publicized, overt campaigns designed to destabilize and
disrupt targeted organizations and countries. While cyber attacks
involving sabotage have traditionally been quite rare, the
perceived success of several campaigns – including the U.S.
election and Shamoon – point to a growing trend to criminals
attempting to influence politics and sow discord in other
countries.
Nation States Chase the Big
Scores
A new breed of attackers revealed major financial ambitions,
which may be an exercise to help fund other covert and subversive
activities. Today, the largest heists are carried out virtually,
with billions of dollars stolen by cyber criminals. While some of
these attacks are the work of organized criminal gangs, for the
first time nation states appear to be involved as well. Symantec
uncovered evidence linking North Korea to attacks on banks in
Bangladesh, Vietnam, Ecuador and Poland.
“This was an incredibly audacious hack as well as the first time
we observed strong indications of nation state involvement in
financial cyber crime,” said Kevin Haley, director, Symantec
Security Response. “While their sights were set even higher, the
attackers stole at least US$94 million.”
Attackers Weaponize Commonly Used
Software; Email Becomes the Weapon of Choice
In 2016, Symantec saw cyber criminals use PowerShell, a common
scripting language installed on PCs, and Microsoft Office files as
weapons. While system administrators may use these common IT tools
for daily management tasks, cyber criminals increasingly used this
combination for their campaigns as it leaves a lighter footprint
and offers the ability to hide in plain sight. Due to the
widespread use of PowerShell by attackers, 95 percent of PowerShell
files seen by Symantec in the wild were malicious.
The use of email as an infection point also rose, becoming a
weapon of choice for cyber criminals and a dangerous threat to
users. Symantec found one in 131 emails contained a malicious link
or attachment – the highest rate in five years. Further, Business
Email Compromise (BEC) scams, which rely on little more than
carefully composed spear-phishing emails – scammed more than three
billion dollars from businesses over the last three years,
targeting over 400 businesses every day.
Caving in to Digital Extortion:
Americans Most Likely to Pay Ransom Demands
Ransomware continued to escalate as a global problem and a
lucrative business for criminals. Symantec identified over 100 new
malware families released into the wild, more than triple the
amount seen previously, and a 36 percent increase in ransomware
attacks worldwide.
However, the United States is firmly in the crosshairs of
attackers as the number-one targeted country. Symantec found 64
percent of American ransomware victims are willing to pay a ransom,
compared to 34 percent globally. Unfortunately, this has
consequences. In 2016, the average ransom spiked 266 percent with
criminals demanding an average of $1,077 per victim up from $294 as
reported for the previous year.
Cracks in the Cloud: The Next Frontier
for Cyber Crime is Upon Us
A growing reliance on cloud services has left organizations open
to attacks. Tens of thousands of cloud databases from a single
provider were hijacked and held for ransom in 2016 after users left
outdated databases open on the internet without authentication
turned on.
Cloud security continues to challenge CIOs. According to
Symantec data, CIOs have lost track of how many cloud apps are used
inside their organizations. When asked, most assume their
organizations use up to 40 cloud apps when in reality the number
nears 1,000. This disparity can lead to a lack of policies and
procedures for how employees access cloud services, which in turn
makes cloud apps riskier. These cracks found in the cloud are
taking shape. Symantec predicts that unless CIOs get a firmer grip
on the cloud apps used inside their organizations, they will see a
shift in how threats enter their environment.
About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and
analysis of the year in global threat activity. The report is based
on data from Symantec’s Global Intelligence Network, which Symantec
analysts use to identify, analyze and provide commentary on
emerging trends in attacks, malicious code activity, phishing and
spam.
Symantec will host a webinar on this year’s ISTR results on May
16 at 10 a.m. Pacific / 1 p.m. Eastern. For more information
or to register, please go here. Please visit Symantec’s website to
download the full report plus supplemental assets.
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber
security company, helps organizations, governments and people
secure their most important data wherever it lives. Organizations
across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global
community of more than 50 million people and
families rely on Symantec’s
Norton and LifeLock product suites to protect
their digital lives at home and across their devices.
Symantec operates one of the world’s largest civilian cyber
intelligence networks, allowing it to see and protect against the
most advanced threats. For additional information, please
visit www.symantec.com or connect with us on Facebook,
Twitter, and LinkedIn.
NOTE TO U.S. EDITORS: If you would like additional
information on Symantec Corporation and its products, please visit
the Symantec News Room at http://www.symantec.com/news. All prices
noted are in U.S. dollars and are valid only in the United
States.
Symantec, the Symantec logo and the Checkmark logo are
trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170425007007/en/
SymantecMatt Nagel, 650-527-8853Matt_Nagel@symantec.comorEdelman
for SymantecJenn Foss, 503-471-6804Jenn_Foss@edelman.com
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Mar 2024 to Apr 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Apr 2023 to Apr 2024