Cyber Attack Sophistication Growing at an Alarming Rate: Symantec
FREMONT, CA: An unprecedented 24 number of zero-day vulnerabilities were discovered just in 2014 having a new level of sophistication that pushed software companies to consume around 59 days on an average to roll out patches compared to 4 days in 2013, says the latest Symantec report.
Symantec’s Internet Security Threat Report (ISTR), Volume 20, says cyber criminals have changed their strategy in committing cyber crimes: they are now hijacking the infrastructure of major enterprises and exploiting it to make maximum damage.
The new Dubious Modus Operandi
Cyber attackers are employing highly-targeted spear-phishing attacks that use 20 percent fewer emails to target the end-users. Software updates to common programs are infested with malicious code and then a waiting game is played until the end-user downloads them whereby access to corporate networks is easy and unnoticed, says Kevin Haley, Director, Symantec Security Response.
The other trends in cyber attacks as discovered by Symantec include:
Exploiting stolen email accounts from one corporate victim to break into other corporate computing systems; leveraging organizations’ management tools and procedures to move stolen IP before exfiltration; developing customized malicious software within the victims’ network to further their intentions; increase in digital extortion through email and increasingly through social media that gives them an easy catch with less effort.
“Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,” added Haley. “Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people’s willingness to trust content shared by their friends.”
There has been an alarming rise in the digital extortion through attack methods like ransomware that has risen sharply by 113 percent in 2014.
The security company, Symantec, has listed key best practices for businesses to steer clear from potential pitfalls:
Implement advanced threat intelligence solutions; use multi-layered endpoint security, network security, encryption, strong authentication; incident management; ensure guidelines and company policy that support data protection on personal and corporate devices.