Cyber criminals revealed new levels of ambition in 2016 – a year marked
by extraordinary attacks, including multi-million dollar virtual bank
heists and overt attempts to disrupt the U.S. electoral process by
state-sponsored groups, according to Symantec’s (Nasdaq: SYMC) Internet
Security Threat Report (ISTR), Volume 22, released today.
“New sophistication and innovation are the nature of the threat
landscape, but this year Symantec has identified seismic shifts in
motivation and focus,” said Kevin Haley, director, Symantec Security
Response. “The world saw specific nation states double down on political
manipulation and straight sabotage. Meanwhile, cyber criminals caused
unprecedented levels of disruption by focusing their exploits on
relatively simple IT tools and cloud services.”
Symantec’s ISTR provides a comprehensive view of the threat landscape,
including insights into global threat activity, cyber criminal trends
and motivations for attackers. Key highlights include:
Subversion and Sabotage Attacks Emerge at the
Cyber criminals are executing politically devastating attacks in a move
to undermine a new class of targets. Cyber attacks against the U.S.
Democratic Party and the subsequent leak of stolen information reflect a
trend toward criminals employing highly-publicized, overt campaigns
designed to destabilize and disrupt targeted organizations and
countries. While cyber attacks involving sabotage have traditionally
been quite rare, the perceived success of several campaigns – including
the U.S. election and Shamoon – point to a growing trend to criminals
attempting to influence politics and sow discord in other countries.
Nation States Chase the Big Scores
A new breed of attackers revealed major financial ambitions, which may
be an exercise to help fund other covert and subversive activities.
Today, the largest heists are carried out virtually, with billions of
dollars stolen by cyber criminals. While some of these attacks are the
work of organized criminal gangs, for the first time nation states
appear to be involved as well. Symantec uncovered evidence linking North
Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
“This was an incredibly audacious hack as well as the first time we
observed strong indications of nation state involvement in financial
cyber crime,” said Kevin Haley, director, Symantec Security Response.
“While their sights were set even higher, the attackers stole at least
Attackers Weaponize Commonly Used Software;
Email Becomes the Weapon of Choice
In 2016, Symantec saw cyber criminals use PowerShell, a common scripting
language installed on PCs, and Microsoft Office files as weapons. While
system administrators may use these common IT tools for daily management
tasks, cyber criminals increasingly used this combination for their
campaigns as it leaves a lighter footprint and offers the ability to
hide in plain sight. Due to the widespread use of PowerShell by
attackers, 95 percent of PowerShell files seen by Symantec in the wild
The use of email as an infection point also rose, becoming a weapon of
choice for cyber criminals and a dangerous threat to users. Symantec
found one in 131 emails contained a malicious link or attachment – the
highest rate in five years. Further, Business Email Compromise (BEC)
scams, which rely on little more than carefully composed spear-phishing
emails – scammed more than three billion dollars from businesses over
the last three years, targeting over 400 businesses every day.
Caving in to Digital Extortion: Americans Most
Likely to Pay Ransom Demands
Ransomware continued to escalate as a global problem and a lucrative
business for criminals. Symantec identified over 100 new malware
families released into the wild, more than triple the amount seen
previously, and a 36 percent increase in ransomware attacks worldwide.
However, the United States is firmly in the crosshairs of attackers as
the number-one targeted country. Symantec found 64 percent of American
ransomware victims are willing to pay a ransom, compared to 34 percent
globally. Unfortunately, this has consequences. In 2016, the average
ransom spiked 266 percent with criminals demanding an average of $1,077
per victim up from $294 as reported for the previous year.
Cracks in the Cloud: The Next Frontier for
Cyber Crime is Upon Us
A growing reliance on cloud services has left organizations open to
attacks. Tens of thousands of cloud databases from a single provider
were hijacked and held for ransom in 2016 after users left outdated
databases open on the internet without authentication turned on.
Cloud security continues to challenge CIOs. According to Symantec data,
CIOs have lost track of how many cloud apps are used inside their
organizations. When asked, most assume their organizations use up to 40
cloud apps when in reality the number nears 1,000. This disparity can
lead to a lack of policies and procedures for how employees access cloud
services, which in turn makes cloud apps riskier. These cracks found in
the cloud are taking shape. Symantec predicts that unless CIOs get a
firmer grip on the cloud apps used inside their organizations, they will
see a shift in how threats enter their environment.
About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of
the year in global threat activity. The report is based on data from
Symantec’s Global Intelligence Network, which Symantec analysts use to
identify, analyze and provide commentary on emerging trends in attacks,
malicious code activity, phishing and spam.
Symantec will host a webinar on this year’s ISTR results on May 16 at 10
a.m. Pacific / 1 p.m. Eastern. For more information or to
register, please go here.
Please visit Symantec’s
website to download the full report plus supplemental assets.
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security
company, helps organizations, governments and people secure their most
important data wherever it lives. Organizations across the world look to
Symantec for strategic, integrated solutions to defend against
sophisticated attacks across endpoints, cloud and infrastructure.
Likewise, a global community of more than 50 million people and
families rely on Symantec’s Norton and LifeLock product suites to
protect their digital lives at home and across their devices. Symantec
operates one of the world’s largest civilian cyber intelligence
networks, allowing it to see and protect against the most advanced
threats. For additional information, please visit www.symantec.com or
connect with us on Facebook,
NOTE TO U.S. EDITORS: If you would like additional information on
Symantec Corporation and its products, please visit the Symantec News
Room at http://www.symantec.com/news.
All prices noted are in U.S. dollars and are valid only in the United
Symantec, the Symantec logo and the Checkmark logo are trademarks or
registered trademarks of Symantec Corporation or its affiliates in the
U.S. and other countries. Other names may be trademarks of their
View source version on businesswire.com: http://www.businesswire.com/news/home/20170425007007/en/