Annual Threat Report from Symantec Reveals
One in Ten Targeted Attack Groups Use Malware Designed to
Disrupt
Cyber criminals are rapidly adding cryptojacking to their
arsenal and creating a highly profitable new revenue stream, as the
ransomware market becomes overpriced and overcrowded, according to
Symantec's (Nasdaq: SYMC) Internet Security Threat Report (ISTR),
Volume 23, released today.
“Cryptojacking is a rising threat to cyber and personal
security,” said Mike Fey, president and COO, Symantec. “The massive
profit incentive puts people, devices and organizations at risk of
unauthorized coinminers siphoning resources from their systems,
further motivating criminals to infiltrate everything from home PCs
to giant data centers.”
Symantec's ISTR provides a comprehensive view of the threat
landscape, including insights into global threat activity, cyber
criminal trends and motivations for attackers. The report analyzes
data from the Symantec Global Intelligence Network™, the largest
civilian threat collection network in the world which tracks over
700,000 global adversaries, records events from 126.5 million
attack sensors worldwide, and monitors threat activities in over
157 countries and territories. Key highlights include:
Cryptojacking Attacks Explode by 8,500
Percent
During the past year, an astronomical rise in cryptocurrency
values triggered a cryptojacking gold rush with cyber criminals
attempting to cash in on a volatile market. Detections of
coinminers on endpoint computers increased by 8,500 percent in
2017.
With a low barrier of entry – only requiring a couple lines of
code to operate – cyber criminals are harnessing stolen processing
power and cloud CPU usage from consumers and enterprises to mine
cryptocurrency. Coinminers can slow devices, overheat batteries,
and in some cases, render devices unusable. For enterprise
organizations, coinminers can put corporate networks at risk of
shutdown and inflate cloud CPU usage, adding cost.
“Now you could be fighting for resources on your phone, computer
or IoT device as attackers use them for profit,” said Kevin Haley,
director, Symantec Security Response. “People need to expand their
defenses or they will pay for the price for someone else using
their device.”
IoT devices continue to be ripe targets for exploitation.
Symantec found a 600 percent increase in overall IoT attacks in
2017, which means that cyber criminals could exploit the connected
nature of these devices to mine en masse. Macs are not immune
either with Symantec detecting an 80 percent increase in coin
mining attacks against Mac OS. By leveraging browser-based attacks,
criminals do not need to download malware to a victim’s Mac or PC
to carry out cyber attacks.
Majority of Targeted Attackers Use
Single Method to Infect Victims
The number of targeted attack groups is on the rise with
Symantec now tracking 140 organized groups. Last year, 71 percent
of all targeted attacks started with spear phishing – the oldest
trick in the book – to infect their victims. As targeted attack
groups continue to leverage tried and true tactics to infiltrate
organizations, the use of zero-day threats is falling out of favor.
Only 27 percent of targeted attack groups have been known to use
zero-day vulnerabilities at any point in the past.
The security industry has long discussed what type of
destruction might be possible with cyber attacks. This conversation
has now moved beyond the theoretical, with one in ten targeted
attack groups using malware designed to disrupt.
Implanted Malware Grows by 200 Percent,
Compromising Software Supply Chain
Symantec identified a 200 percent increase in attackers
injecting malware implants into the software supply chain in 2017.
That’s equivalent to one attack every month as compared to four
attacks the previous year. Hijacking software updates provides
attackers with an entry point for compromising well-guarded
networks. The Petya outbreak was the most notable example of a
supply chain attack. After using Ukrainian accounting software as
the point of entry, Petya used a variety of methods to spread
laterally across corporate networks to deploy their malicious
payload.
Mobile Malware Continues to
Surge
Threats in the mobile space continue to grow year-over-year,
including the number of new mobile malware variants which increased
by 54 percent. Symantec blocked an average of 24,000 malicious
mobile applications each day last year. As older operating systems
continue to be in use, this problem is exacerbated. For example,
with the Android operating system, only 20 percent of devices are
running the newest version and only 2.3 percent are on the latest
minor release.
Mobile users also face privacy risks from grayware apps that
aren’t completely malicious but can be troublesome. Symantec found
that 63 percent of grayware apps leak the device’s phone number.
With grayware increasing by 20 percent in 2017, this isn’t a
problem that’s going away.
Business-Savvy Cyber Criminals Price
Ransomware for Profit
In 2016, the profitability of ransomware led to a crowded
market. In 2017, the market made a correction, lowering the average
ransom cost to $522 and signaling that ransomware has become a
commodity. Many cyber criminals may have shifted their focus to
coin mining as an alternative to cashing in while cryptocurrency
values are high. Additionally, while the number of ransomware
families decreased, the number of ransomware variants increased by
46 percent, indicating that criminal groups are innovating less but
are still very productive.
About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and
analysis of the year in global threat activity. The report is based
on data from Symantec’s Global Intelligence Network, which Symantec
analysts use to identify, analyze and provide commentary on
emerging trends in attacks, malicious code activity, phishing and
spam.
Visit Symantec’s Threat Intelligence blog, and register for
Symantec’s ISTR webinar on April 12 at 10 a.m. Pacific / 1 p.m.
Eastern. Members of the press may visit the digital press kit for
additional materials.
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber
security company, helps organizations, governments and people
secure their most important data wherever it lives. Organizations
across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global
community of more than 50 million people and
families rely on Symantec’s
Norton and LifeLock product suites to protect
their digital lives at home and across their devices.
Symantec operates one of the world’s largest civilian cyber
intelligence networks, allowing it to see and protect against the
most advanced threats. For additional information, please
visit www.symantec.com or connect with us on Facebook,
Twitter, and LinkedIn.
NOTE TO U.S. EDITORS: If you would like additional
information on Symantec Corporation and its products, please visit
the Symantec News Room at http://www.symantec.com/news. All prices
noted are in U.S. dollars and are valid only in the United
States.
Symantec, the Symantec logo and the Checkmark logo are
trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20180321006259/en/
SymantecMatt Nagel, 650-527-8853Matt_Nagel@symantec.comorEdelman
for SymantecTaylor Long, 503-471-6827Taylor.Long@edelman.com
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Feb 2024 to Mar 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Mar 2023 to Mar 2024