Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/26/2017
12:01 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Web Attacks Decline, Ransomware Attacks Surge

Symantec's annual Internet Security Threat Report data shows how attacks last year directly targeted end users, and became more efficient and lucrative.

These new stats shed some light on what happens when cyberattackers inch closer to their intended victims: Web attacks dropped by more than 30% last year, and ransomware attack attempts jumped by 36%.

That's just one of the findings in Symantec's newly published Internet Security Threat Report for 2016, which also shows a continued dip in the total number of data breaches to 1,209 in 2016, from 1,211 in 2015, and 1,523 in 2014. This trend demonstrates how attackers have become more seasoned in automating their attacks - and more efficient, according to Michael Fey, president and COO of Symantec. That also dovetails with attackers targeting the endpoint directly rather than waiting for users to visit a compromised website, he says.

"It's so much easier to make a direct connection with your target. You used to have to be tigers waiting around the watering hole, but now they go find their prey and don't just wait for them," Fey says. "Thanks to social media and the way we scream to the world who we are and what we care about that can be mined, the need to sit on a Web platform is reduced. [Website attacks] still work, but there are alternate ways to a more deliberate path."

The dip in total breaches is a combination of organizations doing a better job of reducing the amount of data that's at risk, and the fact that attackers have more automated methods of stealing information, he says. They can wage more focused and deliberate attack campaigns and be relatively confident that users will indeed click on malicious attachments, for example.

Web attacks are not dead, however: Symantec says there was an average of some 229,000 such attack attempts detected each day last year, and 76% of websites had bugs, 9% of which were critical.

But 2016 was ransomware's coming-out party: while it's been around for a while, the method of locking victims out of their data until they paid a ransom now has become a popular and lucrative way for criminals to make money. Symantec detected 463,000 cases of ransomware last year, up from 340,000 in 2015; the daily average hit 1,539 detections per day, up from 846. And the average ransom surged from $294 in 2015 to a whopping $1,077 last year.

Cybercriminals are cranking out new variants of ransomware at a rapid clip. Symantec counted 101 ransomware families in 2016, up from 30 in 2015 and 2014. According to Symantec, that means more attackers are employing ransomware and creating new families or modifying existing ones. Consumers still represent about 70% of all ransomware infections, but businesses increasingly are becoming targets.

"We've seen government institutions condone paying [ransom], and we've seen government leaders talk about how that's a bad thing. So there are mixed messages all over the place," which makes it more confusing and difficult for victims to properly respond and defend from ransomware attacks, Fey says.

Ransomware victims paying their attackers isn't helping, either, but the situation is fraught: "If you pay $29,000 to unlock your data, are you feeding a bigger problem?" Fey says. "If an organization sent money directly to terrorists we'd all condemn them and shut them down. But when a hospital's patients' critical data is held for ransom, I'm not sure I have the same opinion anymore" against paying the ransom like in a terrorist scenario, he says.

Meantime, 15 breaches in 2016 exposed more than 10 million identities, a slight increase from 13 in 2015, and 11 in 2014. Overall in the past eight years, some 7.1 billion identities have been exposed worldwide, the report shows.

Fey says that's another data point that demonstrates how attackers are becoming more efficient. "And they are getting to the outcome faster," he says.

Speaking of efficiency, it now takes attackers just two minutes to attack an Internet of Things device – a feat that was achieved by the Mirai botnet last year, according to the Symantec ISTR report. The IoT-borne distributed denial-of-service (DDoS) attack (mainly waged by Mirai) on French hosting firm OVH last year was the largest DDoS attack ever, with a peak of 1 Tbps.

"We have misunderstood the IoT problem," Fey says of the industry. "What people don't fully appreciate about IoT security is how many of these devices are orphaned devices" sitting on the Net and vulnerable, he says.

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5605
PUBLISHED: 2020-09-18
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2020-5606
PUBLISHED: 2020-09-18
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5628
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-5629
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-25756
PUBLISHED: 2020-09-18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."