Symantec Outs Annual Cyber Threat Report, States Way To Avoid Cybercrimes

Symantec, one of the leaders in cyber security in the world has revealed the latest Internet Security Threat Report (ISTR) Volume 22, last year of 2016.

Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec

Data showed that there's an alarming increase in targeted attacks aim toward politically motivated sabotage and subversion. It includes multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

The report provided a comprehensive view of the threat landscape which includes insights into global security treat, trends, and motivation of attackers.

Subversion and Sabotage Attacks Emerge at the Forefront - Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. Cyber attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly-publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns - including the U.S. election and Shamoon - point to a growing trend to criminals attempting to influence politics and sow discord in other countries. 

Nation States Chase the Big Scores - A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland. 

“This was an incredibly audacious hack as well as the first time we observed strong indications of nation state involvement in financial cyber crime,” said Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec. “While their sights were set even higher, the attackers stole at least US$94 million.”

Attackers Weaponize Commonly Used Software; Email Becomes the Weapon of Choice - Last year, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 percent of PowerShell files seen by Symantec in the wild were malicious. 

Caving in to Digital Extortion: Americans Most Likely to Pay Ransom Demand - Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide. 

Cracks in the Cloud: The Next Frontier for Cyber Crime is Upon U - A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.

According to Symantec, here are some of the best practices on how to stay safe from cybercriminals:

For Businesses:

• Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
• Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
• Implement a multi-layered defense: Implement a multi-layered defense strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
• Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts. 
• Monitor your resources – Make sure to monitor your resources and networks for abnormal and suspicious behavior, and correlate it with threat intelligence from experts.

For Consumers:

• Change the default passwords on your devices and services: Use strong and unique passwords for computers, IoT devices and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”.
• Keep your operating system and software up to date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
• Be extra careful on email: Email is one of the top infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments. Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content.
• Back up your files: Backing up your data is the single most effective way of combating a ransomware infection. Attackers can have leverage over their victims by encrypting their files and leaving them inaccessible. If you have backup copies, you can restore your files once the infection has been cleaned up.

For more info, visit www.symantec.com now.