Symantec: Internet Security Threat Report (ISTR) Vol. 22

CERT-LatestNews Malware SymantecNews ThreatsCybercrime ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications

Symantec’s Internet Security Threat Report: Volume 22


Some of the highlights from the Symantec Report include:

  • The use of zero-day exploits and sophisticated malware is decreasing as malevolent actors are now focusing on traditional spear-phishing attacks and leveraging existing tools (e.g. built-in OS commands/utilities)
  • Nation-States and targeted disruptive attacks:
    • Symantec points to the DNC hack and the subsequent leaks, which were arguably attributed to Russia, as well as the use of disk-wiping malware which caused widespread power outages in Ukraine in December 2015 and again in January of 2017 (these also were attributed to Russia)
    • the Shamoon disk-wiping Trojan also reappeared after a four-year hiatus and was used against multiple entities within Saudi Arabia (the original 2012 variant of this was attributed to Iran)
    • However, on a positive note, following the 2015 agreement between the US and China, economic espionage attributed to China appears to have significantly decreased
  • Financial Attackers are upping the ante.  Cyber criminals previously focused on volume to provide financial gain; however, large financial institutions find themselves back in the cross-hairs as a single big score can reap enormous financial rewards.
    • The Banswift group infiltrated the Bangladesh Central Bank and managed to exfiltrate SWIFT credentials which allowed the group to initiate fraudulent transactions that exceeded $80M
    • Another group, Odinaff, used malware to mask user messages related to SWIFT transactions which allowed them to manipulate SWIFT transactions without immediate user detection
    • However, spear-phishing campaigns continue to persist and over the last three years have resulted in the theft of over $3BN
  • Email re-emerges as the favored medium for attacks
    • Symantec reports that from Nation-state activities, to mass-mailing ransomware, the ratio of malicious emails to legitimate emails is the highest it has been in over five years
    • This is a bit troubling as it indicates that user ignorance or indifference continues to enable costly and disruptive attacks both on individuals and entities
  • Ransomware: this has received copious news coverage over the last several months.  Ransomware attacks continue to hit individuals as well as businesses and the average ransom amount has risen over 300% from 2015 to 2016
  • The Internet of Things (IoT): further evidence that market-driven economics is unlikely to ever result in secure products (at least not with the current crop of disinterested users), the Mirai botnet was able conduct the largest distributed denial of service (DDoS) attack ever effectuated


Tags: ,

Symantec: Internet Security Threat Report (ISTR) Vol. 22