2017 Internet Security Threat Report

2017 Internet Security Threat Report

The 2017 Internet Security Threat Report (ISTR) details how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.

Read the Report

Innovation, Sophistication, Organization – Producing Ominous Results

International bank heists, disrupted elections, and state-sponsored attacks define the threat landscape

Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups.

New sophistication and innovation marked seismic shifts in the focus of attacks. Zero-day vulnerabilities and sophisticated malware were used less as nation states devolved from espionage to straight sabotage.

Meanwhile, cyber criminals caused unprecedented levels of disruption with relatively simple IT tools and cloud services.

Innovation, Sophistication, Organization – Producing Ominous Results

Targeted Attacks Shaping Governments

Shifting focus from economic espionage to politically motivated sabotage and subversion

Cyber criminals executed politically devastating attacks. Cyber attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend towards highly-publicized, overt campaigns designed to destabilize and disrupt organizations and countries.

In the past, sabotage via cyber attack was rare. But the success of several campaigns – including the U.S. election and Shamoon – indicate a growing trend of agitators influencing politics to sow discord across the globe.

Targeted Attacks Shaping Governments

Email Becomes the Weapon of Choice

PowerShell allows infiltrators to hide in plain sight

Email posed a dangerous and efficient threat to users: one in 131 emails contained malware, the highest rate in five years.  And Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years.

A combination of PowerShell, a common scripting language installed on PCs, and Microsoft Office files was an effective weapon. Cyber criminals used the two to leave a lighter footprint and hide in plain sight. Last year, 95 percent of PowerShell files seen by Symantec in the wild were malicious.

Email Becomes the Weapon of Choice

Nation States Chase the Big Score

Organized criminal gangs now joined by North Korea in targeting banks

In 2016, the most effective bank robbers were armed with computers, not guns; billions of dollars were stolen in virtual attacks. While some of these heists were the work of organized criminal gangs like Odinoff, for the first time, nation states appear to be involved as well. Symantec uncovered evidence of North Korea attacking banks in Bangladesh, Vietnam, Ecuador and Poland, stealing at least US $94 million.

Nation States Chase the Big Score

USA is an Easy Mark for Ransomware Scammers

64 percent of Americans cave in to digital extortion

Ransomware escalated across the globe as a profit center for criminals. Symantec identified 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide.

The United States was the biggest – and softest – target. Symantec found 64 percent of Americans are willing to pay a ransom, compared to 34 percent globally. And the average ransom spiked 266 percent, with criminals demanding an average of $1,077 per victim.

USA is an Easy Mark for Ransomware Scammers

The Cloud is a Dangerous Place

Vulnerabilities in cloud infrastructure provide the next frontier for cyber crime

A growing reliance on cloud services creates vulnerabilities for organizations. Tens of thousands of MongoDB (cloud) databases were hijacked and held for ransom in 2016 after users left outdated versions exposed, without authentication turned on.

CIOs have lost track of how many cloud apps at use in their organizations: their guess was 40, when in reality the number nears 1,000. Ungoverned access and shadow IT present significant risk. Symantec predicts that unless CIOs get a firmer grip on the cloud app usage and access, attackers will exploit these cracks in the cloud.

The Cloud is a Dangerous Place