Symantec's 2018 Internet Security Threat Report (ISTR) has been released, revealing the top cyber threats to your business, and the trends within the realm of cyber attackers. Know your enemy! See the full report here.
Cryptojacking risk soars
Incidents of cryptojacking - coin mining attacks - have shot to the top of Symantec's threat list as more and more cybercriminals "add it to their arsenal". As cryptocurrencies gain in notoriety and value, they naturally attract the attention of criminals. Said lawbreakers steal cloud CPU usage and computer processing power for their coin miners.
There's been an 8,500% rise in detections of coin miners on endpoint computers (2017), say Symantec. The huge profit incentive and low entry point have created a perfect storm. Cryptocurrencies have seen an "astronomic" rise in value during the past year, and coin miners require only a few lines of code to operate - a dangerous combination of circumstance.
Some companies don't take coin mining attacks as seriously as they might, because the immediate impact of cryptojacking doesn't seem catastrophic - they slow down computers and overheat batteries (although in some cases devices can be rendered totally unusable). However, organisations need to be aware of longer-term consequences of being host to these cybercriminals. Corporate networks are "at risk of shutdown", says the ISTR, and businesses could see themselves billed for cloud CPU usage.
Symantec also points out a future risk regarding the Internet of Things (IoT). As IoT-connected devices become more common, their potential for use in coin mining increases.
Software supply chains - a chink in your armour?
Although high-profile cases like EternalBlue turn our heads, in reality, vulnerabilities within corporations become trickier for cyber attackers to take advantage of. Symantec have spotted what they think is a response to this tend - an increase in criminals targeting software supply chains. Malware implants are injected into software updates, which can give attackers a soft entry point into the best-guarded networks. For an example of this, recall Petya - the outbreak targeted Ukrainian accounting software as a chink in the armour, which meant that Petya was then free to use a various method to spread across corporate networks, deploying their "malicious payload".
Symantec has recorded a 200% increase in these attacks year-on-year, with one for each month of 2017 in comparison to just four attacks per annum in years prior.
The business of ransom demands
Ransomware, in some aspects, is a business like any other. Looking at it from an economist's point of view, you can see that ransomware's high profitability in 2016 led to an overcrowded market driving up prices (ransom demands). 2017 saw this "market" corrected, as you might expect, with lower demands and fewer players on the criminal side of things. The correction was a sharp one - the average ransom demand from ransomware was $522 in 2017, which is less than half the average of 2016.
Symantec notes that the number of ransomware variants increased (indicating continued dedication by more established groups of attackers), but that families saw a decrease. The company speculates that some criminal groups may have moved to higher value targets such as cryptojacking.
Malware is mobile
Mobile malware threats continue to expand as the years roll by. Symantec calculated a 54% year-on-year increase in mobile malware variants in 2017 and counted an average of 24,000 malicious mobile apps blocked every day last year.
The ISTR points the finger at old OS usage, noting that only 20% of Android devices are running the newest major version of their system, with a startlingly low 2.3% on the latest minor release.
It's also worth considering "grayware", which are applications that are "troublesome" rather than totally malicious. These more insidious apps can leak the device's phone number.
To view the full report please click here, and if you have any questions, please don’t hesitate to contact a member of the Vuzion team by emailing email@example.com or calling 0333 009 5939.