Cybercriminals Had Banner Yr in 2014, Symantec Report Says
Cybercrime is on the rise and the criminals are discovering new methods to assault us.
The 2015 Web Safety Menace Report from Symantec (makers of Norton safety software program) launched on Tuesday characterizes 2014 as a yr with "far-reaching vulnerabilities, quicker assaults, information held for ransom and much more malicious code than in earlier years."
A number of of the important thing findings:
- Greater than 317 million new items of malware have been created final yr, almost one million a day
- Ransomware assaults grew 113 %
- Crypto-ransom assaults, the place the sufferer’s information are encrypted and held hostage with out warning, skyrocketed four,000 % to grow to be a critical menace
- 70 % of social media assaults depend on the preliminary sufferer to unfold the menace to others
"The criminals are getting higher," stated Kevin Haley, director of safety response at Symantec. "Success breeds success and different criminals need to get into the sport, so we have to step up our recreation when it comes to defending our info and retaining it protected."
Knowledge breaches continued to be a big situation with a 23 % improve reported final yr. And keep in mind, 2013 was an enormous yr for breaches.
Many of those breaches end result from focused assaults. Whereas giant corporations are nonetheless a chief goal, 60 % of all focused assaults struck small and medium-sized corporations final yr.
These smaller companies have much less cash to spend on safety and Symantec discovered that many nonetheless have not adopted primary "greatest practices" corresponding to blocking executable information and screensaver e-mail attachments. This places each the focused companies and their enterprise companions at greater danger.
Spear-phishing continues to be a extremely-profitable solution to infiltrate company computer systems. These focused emails are designed to appear to be they got here from somebody inside the corporate or from a trusted enterprise affiliate.
It appears the hackers are getting higher at crafting this key malicious e mail. They despatched fewer messages (down 14 %) to fewer targets (down 20 %) and but breaches ensuing from these spear-phishing assaults grew eight % final yr.
5 out of six giant corporations within the U.S. (with 2,500 or extra staff) have been focused with spear-phishing assaults in 2014, a forty % leap. These assaults additionally elevated dramatically at small and medium-sized corporations.
And there is a new menace: what Symantec calls "trojanized" software program updates. With these assaults, the hackers disguise their malicious code inside software program updates for packages generally utilized by the corporate they’ve focused. When the victims obtain and set up the software program replace, they infect themselves.
Attackers are shifting quicker
One solution to measure this conflict between hackers and their targets is thru so-referred to as "zero-day vulnerabilities." These are software program safety flaws not but detected by the producer, customers or cybersecurity companies.
When hackers uncover a zero-day vulnerability, they race to take advantage of it earlier than there is a patch. However the response time from software program distributors to roll out that patch isn’t preserving tempo with the assaults themselves.
Final yr, it took 204 days, 22 days and fifty three days to create patches for the three most-exploited zero-day vulnerabilities.
"That is approach too lengthy," Symantec’s Kevin Haley informed NBC Information. "Hopefully that is simply an aberration and we take the teachings from final yr and apply them to this yr and see these numbers go down."
One other chilling discovering: The attackers have numerous methods to cover inside company networks with out being found. They know find out how to trick anti-malware instruments and disguise their true intentions if found.
Symantec stories that whereas investigating a recognized breach, its incident response groups typically discover further breaches which have gone undetected, and are nonetheless in progress.
Assaults are shifting to new platforms
Cybercriminals nonetheless favor e-mail for the majority of their soiled work, however the shift is on to social media as a result of it is so efficient. Most individuals are extra prepared to click on one thing posted by a good friend, so this can be a very straightforward solution to shortly launch an assault.
"We do the work for them," Haley stated. "They solely should infect certainly one of us and it shortly cascades to our buddies and their buddies, and so forth."
Malware is already a part of the cellular panorama and it’s more likely to develop, since many individuals nonetheless consider cyber threats are restricted to PCs and ignore primary safety precautions on their smartphones.
Symantec discovered that 17 % of all Android apps obtainable final yr — that is almost one million totally different cellular apps — have been truly malware in disguise. The primary piece of cellular crypto-ransomware was found on the Android working system in 2014.
There are a selection of free safety apps for Android telephones. Many include anti-virus safety.
Wanting forward, we will anticipate criminals to take advantage of the Web of Issues. Using smartphones to regulate all types of community-related units, from door locks to scorching water heaters, will present hackers with extra entry factors for his or her assaults.
The report warns that "the potential for cyberattacks towards automobiles and medical gear ought to be a priority to all of us."
Herb Weisbaum, one among Americaâ€™s prime shopper specialists, is a daily contributor to NBC Information Digital. Heâ€™s been searching for shoppers for greater than 30 years. Weisbaumâ€™s Emmy award-profitable tv studies have uncovered every little thing from quack drugs to bogus investments. Comply with him on The ConsumerMan web site.