Symantec's annual cybersecurity report 2018 was launched a few days ago which takes a deep dive into one of the largest global intelligence networks to reveal a lot of things on where we stand in terms of cybersecurity. 2017 was a year of many new digital assets that were attacked and that too in many different ways. With every passing year, not only is the volume of attacks increasing but so is the severity of each attack not mentioning the every increasing threat landscape.
So, what does the latest annual cybersecurity report reveal?
The Year of CryptoJacking
It's clear that cybercriminals also stay on top of the latest trends. It is obvious one of the biggest trends in 2017 was the huge growth (and fall!) of cryptocurrency and crypto mining in particular.
Activity in the crypto space increased by over 8500% largely because of the prices increases and many common people diving into cash in a quick buck.
Cryptojacking was one of the biggest attacks affecting numerous machines without people even realizing it. One of the most common methods was browser-based attacks where cybercriminals insert a few lines of code to a webpage and when a user visits the webpage, they get access to the computer's resources to mine crypto coins.
So, if you did feel that your machine suddenly started slowing down a lot, maybe you did visit one of the webpages that are pulling your resources to mine coins.
Ransomware is back
WannaCry was, without a doubt, the biggest cybersecurity news story of 2017. This ransomware spread through the world at lightning speed and affected millions of devices around the world. Thankfully, a killswitch was discovered early or else this would have led to a catastrophic disaster. What made the whole WannaCry attack more interesting was this was done purely with the intention of making money and with crypto growth contributing to making collections easier and untraceable.
The other interesting thing about WannaCry is that it was self-propagating as it used the EternalBlue exploit to multiply and spread. Petya/NotPetya, a destructive wiper that initially appeared to be ransomware, also used this exploit to spread later in the year.
Your Smartphone is Still Under Attack
If you thought smartphones have gotten smarter over time, well, honestly we still haven't reached the point we should in terms of smartphone security. Threats in the mobile space continue to grow year-over-year. According to the data by Symantec, the number of new mobile malware variants increased by 54 percent in 2017, as compared to 2016.
One of the biggest reasons for this problem is that many devices still run on fairly old operating systems. And this is particularly true for Android.
Here's a fact, less than 20% of Android devices run the latest major version release and about 2% run the latest minor version release (sub-version).
Over the years we've analyzed over 1.5 million apps and over 87% of them have major security issues. We've done similar studies specifically for the security of e-commerce apps and security of banking apps and the results are still very disappointing.
IoT Threats Are Starting to Get More Real
IoT devices are just starting to get on the radar and will continue to be an active target of exploitation. Symantec says that they've seen a 600 percent increase in overall IoT attacks in 2017, which means that cybercriminals could exploit the connected nature of these devices to mine en masse.
Although with things like Peta, WannaCry, Cryptojacking, etc. being the talk of the town, IoT has kind of taken a back seat. But don't think IoT has fallen off the radar of crypto criminals. Things like coin mining can equally be performed taking advantage of IoT devices instead of the current version where computers and mobile phones are under attack.
It's obvious that IoT technology is only going to get more popular in 2018 with more consumers adopting products that are based on the IoT framework. It will be good for both consumers and manufacturers to take IoT security more seriously right away.
Targeted Attacks Are on the Rise
Symantec has found that overall targeted attack activity is up by 10 percent in 2017. The interesting thing here is that a major portion of the targeted attacks still uses old-school methods used years ago. Meaning that companies are still not prepared to handle such scenarios or attacks which have been existing for years.
Spearphishing is the number one infection vector, employed by 71 percent of organized groups in 2017.
Year after year, we see many such reports that only highlight the fact that security attacks are on the rise, in terms of attack as well as in terms of damage. The only way to be secure is to ensure you are proactive towards it. Always use a combination of tools and experts to ensure you have a system in place that can detect and react well.
Source: Symantec Threat Report