Annual threat report from Symantec reveals one in ten targeted attack groups use malware designed to disrupt.
Cybercriminals are rapidly adding crypto jacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec's Internet Security Threat Report (ISTR).
“Cryptojacking is a rising threat to cyber and personal security,” said Tarun Kaura, Director, Enterprise Security Product Management, Asia Pacific and Japan, Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners syphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres.”
Symantec's ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. The report analyses data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, record events from 126.5 million attack sensors worldwide and monitors threat activities in over 157 countries and territories. Key highlights include:
Cryptojacking attacks explode by 8,500 per cent
During the past year, an astronomical rise in cryptocurrency values triggered a crypto jacking gold rush with cybercriminals attempting to cash in on a volatile market. Detections of coalminers on endpoint computers increased by 8,500 per cent in 2017. India ranks second in Asia-Pacific Japan (APJ) region, ninth globally in terms of crypto mining activities.
With a low barrier of entry – only requiring a couple lines of code to operate – cybercriminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. Symantec found a 600 per cent increase in overall IoT attacks in 2017. Macs are not immune either with Symantec detecting an 80 per cent increase in coin mining attacks against Mac OS. India ranks among the top five countries as a source for IoT attacks.
Majority of targeted attackers use a single method to infect victims
The number of targeted attack groups is on the rise with Symantec now tracking 140 organised groups. Last year, 71 per cent of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As targeted attack groups continue to leverage tried and true tactics to infiltrate organisations, the use of zero-day threats is falling out of favour. Only 27 per cent of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past.
Implanted malware grows by 200 percent, compromising software supply chain
Symantec identified a 200 per cent increase in attackers injecting malware implants into the software supply chain in 2017. That’s equivalent to one attack every month as compared to four attacks the previous year. Hijacking software updates provide attackers with an entry point for compromising well-guarded networks. The Petya outbreak was the most notable example of a supply chain attack.
Mobile malware continues to surge
Threats in the mobile space continue to grow year-over-year, including the number of new mobile malware variants which increased by 54 per cent. Symantec blocked an average of 24,000 malicious mobile applications each day last year. India also featured amongst the top 10 list of countries where mobile malware was most frequently blocked in 2017. As older operating systems continue to be in use, this problem is exacerbated. For example, with the Android operating system, only 20 per cent of devices are running the newest version and only 2.3 per cent are on the latest minor release.
Business-savvy cyber criminals price ransomware for profit
In 2016, the profitability of ransomware led to a crowded market. India ranks fourth globally with eight per cent of global detections of ransomware. In 2017, the market made a correction, lowering the average ransom cost to $522 and signalling that ransomware has become a commodity. Many cyber criminals may have shifted their focus to coin mining as an alternative to cashing in while cryptocurrency values are high. Additionally, while the number of ransomware families decreased, the number of ransomware variants increased by 46 per cent, indicating that criminal groups are innovating less but are still very productive.
From the experts: security best practices
As attackers evolve, there are many steps businesses can take to protect themselves. As a starting point, Symantec recommends the following best practices.
For businesses:
For consumers:
(source)