2018 Internet Security Threat Report

The 2018 Internet Security Threat Report (ISTR) takes a deep dive into the world’s largest civilian global intelligence network, revealing the latest trends and cyber security attacks statistics.


Infrastructure Attacks and Stealthy Mining—Threats Go Big and Small

Cryptojacking, supply chain attacks, and mobile malware raise the innovation bar in the threat landscape

From the devastating impact of WannaCry and Petya/NotPetya, to the explosion in cryptojacking (stealth crypto currency miners), 2017 was yet another year of extraordinary cyber crime and mounting damage.

Innovation, organization, and sophistication—these are the tools cyber attackers employed, working harder and more efficiently to uncover new vulnerabilities and escape detection.

Read The Executive Summary

Cryptojacking Attacks Explode by 8,500 Percent

Stealthy miners steal resources and increase vulnerability

A meteoric crypto currency market triggered a gold rush for cyber criminals. Detections of coin miners on endpoint computers increased by 8,500 percent in 2017, with Symantec logging 1.7 million in December alone.

With only a couple lines of code, or delivered via browser, cyber criminals harness stolen processing power and cloud CPU usage to mine crypto currency. Coin mining slows devices and overheats batteries. For enterprises, coin miners put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.


The 2018 Internet Security Threat Report Interactive Infographic provides an overview of the year in global threat activity

View the Infographic

Implanted Malware Attacks the Software Supply Chain

Hijacking software updates to infiltrate even the most well-guarded networks

Software update supply chain attacks—implanting malware into an otherwise-legitimate software package—were up 200 percent in 2017.

Hijacking software updates provides attackers with an entry point for compromising well-guarded networks, with the Petya outbreak as the most notable example. By targeting legitimate Ukrainian accounting software as the point of entry, Petya spread laterally across corporate networks to deploy their malicious payload, with crippling results across the globe.

Mobile Malware Continues its Surge: Variants up 54%

Unpatched devices and grayware make life easier for attackers

Mobile threats continue to grow, including the new mobile malware variants (54 percent increase). Symantec blocked an average of 24,000 malicious mobile applications each day last year.

Updating to the latest operating system is good cyber security hygiene. But in reality, with Android operating system devices, only 20 percent are running the newest version, and only 2.3 percent are on the latest minor release.

Mobile users also face privacy risks from grayware apps that aren’t completely malicious but can be troublesome: 63 percent of grayware apps leak the device’s phone number.

Read the Report

Ransomware Prices Down, Disruption Up

Ransomware shifts from big score to commodity, and used as a decoy

In 2016, the profitability of ransomware led to a crowded market. In 2017, the market made a correction, lowering the average ransom to $522 and signaling the commoditization of ransomware.

But ransomware became a favored tool of targeted attack groups: Petya/Not Petya was purposed as a disk wiper and WannaCry employed ransomware as a decoy and tool of disruption.

Ransomware is a cheap and easy form of decoy or disruption, a perfect cover for other forms of attack.

Read the Report