Symantec’s 2016 Internet security threat report has revealed the lengths to which cybercriminals are now going to install malware and gain access to sensitive data. The past 12 months has seen a substantial increase in attacks, and organizations are now having to deal with more threats than ever before.
Internet Security Threat Report Shows Major Increases in Ransomware, Malware, Web-borne Threats and Email Scams
The new Internet Security Threat Report shows that new malware is being released at a staggering rate. In 2015, Symantec discovered over 430 million unique samples of malware, representing an increase of 36% year on year. As Symantec points out, “Attacks against businesses and nations hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.”
A new zero-day vulnerability is now being discovered at a rate of one per week, twice the number seen in 2014 and 2013. In 2015, 54 new zero-day vulnerabilities were discovered. In 2014 there were just 24 zero-day exploits discovered, and 23 in 2013.
The 2016 Internet Security Threat Report puts the total number of lost or stolen computer records at half a billion, although Symantec reports that organizations are increasing choosing to withhold details of the extent of data breaches. The breach may be reported, but there has been an 85% increase in organizations not disclosing the number of records exposed in breaches.
Ransomware Attacks Increased 35% in 2015
Ransomware is proving more popular than ever with cybercriminal gangs. In 2015, ransomware attacks increased by 35%. The upward trend in 2015 has continued into 2016. Spear phishing attacks have also increased. While these attacks are often conducted on large organizations, Symantec reports that spear phishing attacks on smaller companies – those with fewer than 250 employees – have been steadily increasing over the past five years. In 2015, spear phishing attacks increased by a staggering 55%.
Cybercriminals may now be favoring phishing attacks and zero-day exploits over spam email scams, but they still pose a major risk to corporate data security. There has also been a rise in the number of software scams. Scammers are getting consumers to purchase unnecessary software by misreporting a security problem with their computer. Symantec blocked 100 million fake technical support scams last year.
75% of Websites Found to Contain Exploitable Security Vulnerabilities
One of the most worrying statistics from this year’s Internet Security Threat Report is over 75% of websites contain unpatched security vulnerabilities which could potentially be exploited by hackers. Even popular websites have been found to contain unpatched vulnerabilities. If attackers can compromise those websites and install exploit kits, they can be used to infect millions of website visitors. Simply being careful which sites are visited and only using well known sites is no guarantee that infections are avoided.
With the dramatic increase in threats, organizations need to step up their efforts and improve cybersecurity protections. Failure to do so is likely to see many more of these attacks succeed.