Cybercriminals now acting like corporates

...and New Zealand continues to be their top target for ransomware and social media scams.

'They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off.'
'They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off.'

Cybercriminals are seen by their victims as the scourge of the digital economy.

But those tapping their services are witnessing how cybercriminals have morphed into professional businesses and adopting corporate best practices including being customer centric.

Advanced criminal attack groups now mirror the skill sets of nation-state attackers. They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off,” says Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”

This new class of professional cybercriminals spans the ecosystem of attackers, extends the reach of enterprise and consumer threats, and fuels the growth of online crime, says Symantec in its 2016 Internet Security Threat Report.

New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.

Mark Shaw, Symantec

The report notes how advanced professional attack groups are first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market. Once they are available in the open market they are quickly commoditised.

In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 per cent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks.

Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging vast resources in an attempt to overwhelm defenses and enter corporate networks.

Read more: ​Nearly half of organisations using or plan to implement IoT in 2016: Gartner

“The report shows New Zealand is a growing destination for cybercrime," says Mark Shaw, Symantec technology strategist – information security. "In fact, New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.”

“We are an affluent nation, quite trusting, they are going to keep coming back if they are successful [in these attacks],” says Shaw.

Read more: ​More than half of Kiwi firms unprepared for cybercrime incidents

Shaw says cyber sabotage also has greater implications with the rise of connected devices or the Internet of Things.

He raises concern over possible ‘hybrid warfare’ where critical facilities like nuclear plants or power stations can be hacked.

“I don’t need a tank or rocket launcher to take over those things, I just need to hack into these environments.”

Data breaches continue to impact the enterprise, according to the report. Symantec says the report is based on data from its global intelligence network which includes a third of global corporate email traffic and 64 million attack sensors in 157 countries.

Read more: Tech disruption and cybersecurity top boardroom agenda in NZ

Shaw says large businesses that are targeted for attack will on average be targeted three more times within the year.

He says Symantec also saw the largest data breach ever publicly reported last year with 191 million records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches.

While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 per cent. A conservative estimate by Symantec of unreported breaches pushes the number of records lost to more than half a billion.

Shaw says mandatory reporting for information security breaches is important as people increasingly do business online.

Shaw says Symantec is working with industry alliances and with the New Zealand government to push for the passage of the law requiring mandatory reporting of data breaches.

Read more: Fairfax New Zealand works with CloudSense to accelerate digital sales transformation

The report, meanwhile, notes how ransomware continues to evolve, with the more damaging style of crypto-ransomware attacks growing by 35 per cent. This more aggressive crypto-ransomware attack encrypts all of a victim’s digital content and holds it hostage until a ransom is paid. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device to hold hostage for profit, indicating that the enterprise is the next target.

In the past year Symantec likewise saw a resurgence of many tried-and-true scams.

Cybercriminals revisited fake technical support scams, which saw a 200 per cent increase last year. The difference now is that scammers send fake warning messages to devices like smartphones, driving users to attacker-run call centres in order to dupe them into buying useless services. As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage, says Symantec.

Read more: How ‘secure digitisers’ compete to win

Shaw says organisations need to be “on top of their game" when it comes to cybersecurity.

Continuous education and training is critical, he states.

He advises holding simulation-based training for all employees as well as establishing guidelines and procedures for protecting sensitive data on personal and corporate devices. " Run practice drills to ensure you have the skills necessary to effectively combat cyberthreats.“

Send news tips and comments to

Follow Divina Paredes on Twitter: @divinap

Click here to read digital editions of CIO New Zealand

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, CDOs, COOs, CTOs and senior IT managers.

Join the PC World newsletter!

Error: Please check your email address.

Tags digitalcybersecuritysymantecransomwaredisruption

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Divina Paredes

Divina Paredes

CIO New Zealand
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?