Cyberattackers shifting approach, now victims do the leg work – Symantec

14 Apr 2015

In a major report on cyberattacks in 2014, Symantec discovered that five out of six large companies were targeted, with slow patch responses only adding to the problem.

It appears that hackers have also changed their mode of attack, ignoring a direct route to a company and instead hijacking things like internal software upgrades.

By doing this they bide their time, waiting for their malware to eventually be installed deep into a company’s operating system.

There was a record 24 zero-day vulnerabilities reported by Symantec, which is obviously worrying but could be combated by thrifty patch response times.

However, it transpires that it took software companies an average of 59 days to create and roll out patches, almost 15 times the average of 2013.

Indeed, the top five zero-days investigated by Symantec left companies without a patch for an incredible 295 days.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response.

“We’re seeing attackers trick companies into infecting themselves by Trojanising software updates to common programmes and patiently waiting for their targets to download them – giving attackers unfettered access to the corporate network.”

Highly targeted spear-phishing attacks rose 8pc on 2013, however the precision of these attacks seems remarkable. By using 20pc less emails, hackers managed this 8pc increase in success rate and incorporated more drive-by malware downloads and other web-based exploits.

Beware of mobile

Another risk for corporate entities is a rise in the use of stolen email accounts from a staff member to spear-phish further up the employee ladder.

From a consumer side of things, mobile, understandably, is an area to be wary of. With its meteoric growth comes with it sky-rocketing risks.

“Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,” added Haley. “Last year, 70pc of social media scams were shared manually, as attackers took advantage of people’s willingness to trust content shared by their friends.”

Ransomware is perhaps the media darling of modern cyberattacks, whereby hackers often claim they are some form of authority seeking the victim to pay a fine. These rose 113pc in 2014, but it’s “crypto-ransomware” that Symantec is worrying about.

“There were 45 times more victims of crypto-ransomware attacks than in 2013,” reads its report. “Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, the more vicious crypto-ransomware attack holds a victim’s files, photos and other digital content hostage without masking the attacker’s intention.”

Symantec 2014 report

Hacker biding his time image, via Shutterstock

Gordon Hunt was a journalist with Silicon Republic