Symantec Report: 10 Security Threats On The Rise
Symantec Highlights Upcoming Threats
The threat landscape is rapidly evolving, and between mega breaches and high-profile vulnerabilities, security is more top of mind than ever. Pulling data from its Global Intelligence Network, with millions of data points collected every second, Symantec has highlighted the trends it is seeing in security in its annual Internet Security Threat Report, released Tuesday.
Take a look at 10 trends highlighted in the report.
10. Attacks Moving Faster
While attackers are picking up the pace when it comes to exploiting vulnerabilities, defenses and reaction times are not, the report said. For example, the report cited how the number of attacks skyrocketed just hours after the Heartbleed vulnerability was announced. Zero-day vulnerabilities were at an all-time high in 2014 and, in general, showed a slow patch response from vendors, with the top three most exploited vulnerabilities taking between 53 and 204 days to patch. That is a drastic departure from 2013, where the average zero-day patch was issued in four days.
9. Attackers Streamlining
Not only are attacks becoming more frequent, but they are also becoming more streamlined, the report said. Some of those tactics included increased targeted spear-phishing attacks, watering hole attacks and "Trojanized" software updates. In particular, the breaches increased for small to medium businesses, which saw 60 percent of all attacks, the report said.
8. Attackers 'Leapfrogging Defenses'
Just as companies step up their defenses, the report said attackers are "leapfrogging" those efforts to identify malicious behavior to gain access to systems. Symantec said some examples of this in 2014 included deploying legitimate software onto compromised systems, using management tools to move attacks around networks, using stolen emails to spear-phish other employees and "Trojanizing" vendor software. These sort of attacks are happening at companies of all sizes, the report said, with spear-phishing up 40 percent for enterprise companies and up close to 30 percent for SMBs.
7. Malware On The Rise
Malware attacks were up 26 percent with 317 million new pieces of malware created in 2014. In particular, the Symantec report said nontargeted attacks and "virtual machine aware attacks," where hackers test virtual machines before launching an attack, were on the rise. The takeaway message from that rise, the report said, is that virtual sandboxing is no longer enough to prevent malware attacks from halting employee productivity and diverting IT resources.
6. Ransomware On The Rise
Ransomware attacks more than doubled in 2014, rising 113 percent in 2014 over the year before. Leading the charge were crypto-ransomware attacks, the report said, which were up 4,000 percent over the year before, predominantly around Windows devices.
"While most people associate 'extortion' with Hollywood films and mafia bosses, cybercriminals have used ransomware to turn extortion into a profitable enterprise, attacking big and small targets alike," the report said.
5. Web Threats
Web threats were on the rise in 2014, most significantly with the Heartbleed vulnerability discovered in the OpenSSL cryptographic software library. Other vulnerabilities in 2014 included Shellshock and POODLE, as well as Denial-of-Service attacks on targeted organizations.
"Web threats got bigger and much more aggressive in 2014 as holes in commonly used tools and encryption protocols were exposed and criminals made it harder to escape their malicious clutches ...Vulnerabilities and new variants of malware underlined that website security deserves full-time, business-critical attention," the report said.
Symantec predicted this trend would continue through 2015, including a new vulnerability called FREAK that is a man-in-the-middle attack on encrypted communications between a visitor and a website.
4. Targeted Attacks
In a trend the report called "worrying," targeted attacks were on the rise in 2014, coming from all sorts of sources, including state-sponsored attacks, patriot hackers, hacktivists, criminals, data thieves and more. The attacks are not only growing in frequency, but also in sophistication, the report said, citing 2014 examples such as Regin and Turla for cyberespionage attacks, industrial cybersecurity concerns, reconnaissance attacks, watering-hole attacks and more. In order to fight back, Symantec said threat intelligence is rising in importance for organizations to prevent and recognize targeted attacks.
"In view of the growing sophistication of these attacks, good IT security is essential and broad cybersecurity practices should be the norm," the report said.
3. Social Media
As the popularity of social media continues to grow, so do the attacks shared through those platforms. The report attributed part of the growth to its rapid spread as people are more likely to inadvertently trust and share scam content from friends, a phenomenon called "social proof." Adding fuel to the fire was the growth of mobile, the report said, with nearly a million malware-based apps and 2.3 million grayware-based apps. Symantec said it expects the frequency and financial focus of the attacks to grow in the next year.
"Symantec expects the growth in mobile malware to continue in 2015, becoming more aggressive in targeting a user’s money. Already 51 percent of U.S. adults bank online and 35 percent use mobile phones to do so. This creates an incentive for malware writers to target phones to capture bank details," the report stated.
2. Internet Of Things
The rising Internet-of-Things trend drove attacks in 2014 in a variety of areas, including point-of-sale, ATMs, home routers and more, Symantec said in the report. The wide range of connected devices, from cars to thermostats to smart watches, means there is an equally wide variety of probing and real threats targeting the devices, the report said.
"Whether officially part of the IoT or not, attacks on these devices further demonstrate that it’s no longer only our PCs at risk. And the potential for cyberattacks against cars and medical equipment should be a concern to all of us," the report said.
1. High-Profile Vulnerabilities And Data Breaches
It was hard to miss the "mega breaches" in 2014, but they were just a piece of a larger trend of increasing data breaches. In 2014, there were 312 breaches in total, up 23 percent from the year before, the report said. Of those breaches of information, 49 percent were caused by attackers, followed by 22 percent accidently made available, 21 percent from the theft or loss of equipment and 8 percent from insider theft. The most targeted industry was the health-care industry, with 37 percent of breaches for the year, followed by retail, with 11 percent. However, the retail industry did account for 59 percent of the total number of identities exposed for the year, which the study said points to the draw of individuals' financial information and vulnerability of point-of-sale systems.