Ransomware attackers are increasing their ransoms; more emails are containing malicious links; and disruption is the word of the day - it’s no wonder CIOs are becoming out of touch with what is happening in their organisations.
According to Symantec’s latest Internet Security Threat Report, 2016 was marked by a year of ambition and disruption.
One in 131 emails contains a malicious link or attachment, which is the highest rate in five years. Symantec says email is becoming a prime delivery method for malware.
Windows PowerShell and Microsoft Office are two of the main methods attackers are using to conduct attacks that leave ‘a lighter footprint’ and can hide in plain sight. 96% of PowerShell files in the wild were malicious, according to Symantec.
Business email compromise (BEC) scams are targeting more than 400 businesses every day - and raking in more than 3 billion dollars.
“There has been a shifting focus from attackers to focus more and more on email as the initial incursion vector. If you look back on 2014 in New Zealand, we saw one in 114 emails as malicious. We’ve seen the numbers of malicious emails doubling in the last few years,” Symantec’s local New Zealand spokesperson and technology strategist Mark Shaw.
Shaw says it shows that the attackers are confident that the email method works for delivering that initial payload.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” comments Kevin Haley, director, Symantec Security Response.
“Cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
Malware families are on the increase with more than 100 new families released in the wild. 36% of those are ransomware attacks.
Attackers are also becoming greedier through their ransom demands - the average ransom has increased 266% to an average of $1077 from just $294 in 2015. 34% of global ransomware victims will pay the ransom.
The survey also found increasing attacks against the US as part of political subversion and targeted sabotage. It’s not just political election attacks that are gaining momentum - nation states (particularly North Korea) are also going after banks in Bangladesh, Vietnam, Equador and Poland.
Shaw says New Zealand has little to worry about.
“Do we expect that to happen in New Zealand? No, I don’t think so. We don’t have a target on our back as much as the US elections, nor a determined attacker, nation state or attack group behind us,” he says.
CIOs are finding it difficult to keep track of how many cloud apps their organisations use. Most assume the number is up to 40 apps, when in reality there are almost 1000. Symantec believes that this disparity can lead to insufficient security policies and procedures, and that CIOs must get a grip - fast.
Cloud services are also at risk. Symantec cites a case in which cloud databases from a single provider were hijacked and ransom, because users left outdated databases open and without authentication enabled.
Symantec’s advice for businesses:
“One of the biggest things that businesses can be doing is making sure their employees are educated and aware. You can have all the technology in the world but without employees making the right decisions, that can be the difference between a significant outage or loss. Or it could be a good outcome when they’ve reported something and that’s been shut down,” Shaw concludes.