Sabotage, subversion and ransomware attacks all increased sharply in 2016, with malware-infected emails now at a five-year high according to the latest installment of Symantec’s Internet Security and Threat Report (ISTR).
For the 22nd volume of the report, the antivirus and antimalware software vendor analyzed data collected from millions of users of its security solutions – The world’s largest civilian threat collection network, consisting of 98 million attack sensors spread across 157 countries around the globe.
The 77-page Internet Security and Threat Report is one of the most highly respected publications issued by any cybersecurity company.
The Internet Security and Threat Report provides a valuable insight into the state of cybersecurity and details how global cybersecurity threats have changed over the course of the past 12 months.
Internet Security and Threat Report Shows Change in Attack Tactics
Data theft and financial fraud may be major motivators behind cyberattacks on businesses, but over the past 12 months there has been a sharp rise in politically motivated cyberattacks. Rather than steal data, the attackers are sabotaging businesses using destructive malware such as hard disk wipers.
The attacks are conducted to cause serious harm to business competitors, although nation state-backed hackers have also been targeting the critical infrastructure in many countries. Attacks on Ukrainian energy providers have been conducted to disrupt the power supply while attacks on companies in Saudi Arabia – using Shamoon malware – attempted to permanently delete corporate data.
Many attacks were conducted last year with a different aim – subversion. That was clearly demonstrated during the recent U.S presidential campaign. Sensitive data from the Democratic party was leaked in an attempt to influence the outcome of the U.S presidential election. The FBI investigation into the hacking of the presidential election is ongoing.
Sabotage is on the rise, but data theft incidents continue. The past year has seen many espionage attacks resulting in the theft of sensitive data and corporate secrets and financial attacks have increased.
The Internet Security and Threat Report shows there has been a major increase in large-scale financial heists in the past year. Attacks on consumers are occurring with increasingly regularity, although the banks themselves are now being targeted. Those attacks have resulted in the theft of many millions of dollars.
The Carbanak gang has been highly active in this area and has performed multiple attacks on U.S banks, while the Banswift group performed one of the biggest heists of the year, stealing $81 million from the central bank in Bangladesh.
While exploit kits and other web-based attacks were a major threat in 2015, attackers have returned to email as the primary method of gaining access to networks. In 2015, Symantec blocked an average of 340,000 web-based attacks per day. In 2016, the number had fallen to 229,000 – a significant reduction, although the threat of web-based attacks cannot be ignored.
The Biggest Malware Threat Comes from Email
Phishing is still a major risk for businesses, although the phishing rate has fallen over the past three years, according to the Internet Security and Threat Report. In 2014, one in 965 messages were used for phishing. In 2016, the number fell to one in 2,596 emails.
However, email spam levels have remained constant year on year. Email spam accounts for 53% of all sent messages.
Phishing email volume may be down, but email-borne malware attacks have increased. The Symantec Internet Security and Threat Report shows the volume of malicious emails now being sent is higher than any point in the past five years.
Now, one in 131 emails contain either a malicious attachment or hyperlink, up from one in 220 emails in 2015 and one in 244 emails in 2014. The number of new malware variants being released has also soared. In 2014, there were 275 million new malware variants discovered. That figure rose to 357 million last year. The number of bots sending malicious email has also increased year on year, from 91.9 million in 2015 to 98.6 million in 2016.
Ransomware Attacks Soared in 2016
Ransomware attacks also increased significantly in 2016, with the United States the most targeted country. Even though the FBI and other law enforcement agencies strongly advise against paying a ransom, 64% of U.S. companies ignore that advice and pay the attackers for keys to decrypt their data.
In 2015, the average ransom demand was for $294 per infected machine. Over the course of the past 12 months, ransom amounts have increased considerably. The Symantec Internet Security and Threat Report shows ransom demands increased by an astonishing 266% in 2016. The average ransom demand is now $1,077 per infected machine.
Symantec tracked 101 separate ransomware families in 2016 – A substantial rise from the 30 known ransomware families in 2014 and 2015. Last year, there were 463,841 ransomware detections, up from 340,655 from 2015.
One of the biggest threats comes from the cloud, although many organizations are underestimating the risk. When organizations were asked how many cloud apps are in use in their company, few provided an accurate figure. Many estimated they used around 40 cloud-based apps. Symantec reports that for the average company, the figure is closer to 1,000.
As the Internet Security and Threat Report shows, the cyberthreat landscape is constantly changing as cybercriminals develop new methods of attacking businesses. Only by keeping up to date on the latest threat indicators and bolstering cybersecurity defenses can businesses maintain a robust security posture and prevent attacks.