In 2017 Cyber Criminals Become More Ambitious Than Ever

by Moumita Deb Choudhury    Apr 26, 2017

 cyber crime

The constant rise in cyber-crime speaks volumes about how they are no less gruesome than physical crime. Cyber-attacks are growing on a global scale - with the threat scenario becoming more sophisticated and complex. In the last one year, cyber crime reached a new high. In fact Symantec’s recently released Internet Security Threat Report, highlights 2016 as the year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Kevin Haley, director, Symantec Security Response. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.” [Read the report here]

Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. For example, cyber-attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly-publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries, noted the study.

Cloud security continues to challenge CIOs - both in the government and non government sectors. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier. These cracks found in the cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their environment.

Moreover, with phishing now widely used as a mechanism for distributing ransomware – a form of malware designed to hold data or devices hostage – 77 percent of all detected ransomware globally is now found in four main sectors – business and professional services (28 percent), government (19 percent), health care (15 percent) and retail (15 percent), reveals an NTT Group study that also reveals just 25 passwords accounted for nearly one third of all authentication attempts; and phishing attacks responsible for three-quarters of all malware.

While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means. According to the GTIR, phishing attacks were responsible for nearly three-quarters of all malware delivered to organizations, with government (65 percent) and business and professional services (25 percent) as the industry sectors most likely to be attacked at a global level.

Over 76 percent of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of IoT devices, which was used to conduct, what were at the time, the largest ever distributed denial of service (DDoS) attacks. DDoS attacks represented less than 6 percent of attacks globally, but accounted for over 16% of all attacks from Asia and 23 percent of all attacks from Australia.

Another sector which is thoroughly hampered by cyber-attack is BFSI. Banks and other financial institutions spends thrice the amount than non-financial sectors do on cyber-security. Financial institutions are under pressure to fortify security given the trends such as the increased take-up of mobile banking putting banks’ IT infrastructure defenses at growing risk of cyber-attack reveals a Kaspersky study.

Combating these constant threats have become the urgent need of the hour. CIOs from all the domains are gearing to tackle these impostors who are hawking every moment upon points of vulnerability to exploit at the earliest instance.