6 Security Trends To Watch From The Symantec Internet Security Threat Report

On The Lookout

From ransomware to DDoS attacks using IoT devices to cloud application security, the number of security threats continued to rise in 2016, according to Symantec's annual Internet Security Threat Report. The report looks at a comprehensive view of the threat landscape, based on data from Symantec's Global Intelligence Network. Kevin Haley, director of Symantec Security Response, said the year saw traditional threats on the rise, as well as new and evolved threats as hackers, shift motivations and leverage new vectors of attack. Take a look at six trends that Haley highlighted as the ones to watch from the report this year.

Shift To Cyber Subversion

There's been a change in attacks from cyber espionage to cyber sabotage and cyber subversion, Haley said. What that means is that attackers aren't just going after they money, now they are also looking to harm organizations and individuals in other ways. Haley said recent examples of this shift include the documents released by hackers against the Democratic National Committee, which arguably had a significant impact on the US election and attacks on Ukrainian power grids and banks that affected their ability to function. Haley said Symantec also saw a rise in bank heists, where hackers stole money from banks without actually entering the premise. A key example of that in 2016 was the bank heist at the Bank of Bangladesh, where hackers stole $81 million from the bank's accounts.

"It's a whole new world out there as the real world, and the virtual world, come together," Haley said.

Hackers Leveraging Your Own Software Against You

While some hackers are writing their own malware, Haley said Symantec found that more and more of them are looking to leverage tools already inside the environment, something he called "living off the land." In particular, Haley said Symantec found that hackers are looking to leverage the PowerShell scripting language to weaponize emails and Microsoft Word documents. Symantec said upwards of 95 percent of PowerShell files it analyzed were malicious. He said this method has been "highly effective" for attackers, as it doesn't flag the usual indicators of an attack, such as executables and common malware traits.

IoT Security Challenges

The Internet Of Things continues to be a security challenge, Haley said. He said Symantec found that the threats against IoT devices are real, with 18 active families of malware targeting IoT devices specifically. Haley also highlighted the Mirai botnet malware, which was leveraged for the DDoS attack against Dyn last fall and later released into the wild. Symantec tested the proliferation of IoT device attacks itself, as well, Haley said, putting a honeypot out that was attacked in less than two minutes. What is also clear, Haley said, is that IoT devices are not as protected as they should be from this rising tide of threats. He said the vast majority of devices are using weak or default passwords, meaning there is no brute force needed to break into devices.

"When I think about the future and what we're going to be dealing with, this is probably one of the more frightening areas for us," Haley said.

Email Malware On The Rise

While the amount of email spam has gone drastically down, Haley said the amount of email malware is on the rise. He said Symantec found that around one in 131 emails was malicious. While security solutions are getting better at preventing malicious emails, he said attacker techniques such as social engineering help malicious emails get through. Ultimately, Haley said email attacks are a "numbers game" for attackers.

Ransomware Demands Going Up

One trend that every security professional can agree on is that ransomware is on the rise. Symantec found that attacks were up 36 percent year-over-year in 2016, and also found 101 new families of ransomware malware (up from 30 in 2015). However, Haley said an even bigger shift is that the average amount of ransom demanded has grown, from $294 in 2015 to $1,077 in 2016. He said the highest single ransom Symantec recorded was $28,730. Haley said he believes the reason the amount jumped so drastically is that victims are often willing to pay to get their files back, leading attackers to raise the prices.

"I think that trend will continue to go up as long as people continue to be willing to pay in such great numbers," Haley said. "There's clearly consequences for doing that … We advise people not to pay. The best thing is to keep yourself protected and make sure you have your files backed up."

Cloud Application Security Gap

Companies are moving more of their applications to the cloud, but they might be using more cloud applications than they realize, Haley said. Symantec found that most CIOs assume they use around 40 cloud applications, but they can be using up to 1,000. From a security perspective, that creates a lot of challenges, Haley said, as there is no oversight over if the applications are secure, if data is protected correctly, or if appropriate policies are set. Haley said organizations need to start taking inventory of their cloud application usage and enabling tools such as two-factor authentication.