Cybercriminals now acting like corporates

...and New Zealand continues to be their top target for ransomware and social media scams.

'They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off.'
'They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off.'

Cybercriminals are seen by their victims as the scourge of the digital economy.

But those tapping their services are witnessing how cybercriminals have morphed into professional businesses and adopting corporate best practices including being customer centric.

Advanced criminal attack groups now mirror the skill sets of nation-state attackers. They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off,” says Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”

This new class of professional cybercriminals spans the ecosystem of attackers, extends the reach of enterprise and consumer threats, and fuels the growth of online crime, says Symantec in its 2016 Internet Security Threat Report.

New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.

Mark Shaw, Symantec


The report notes how advanced professional attack groups are first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market. Once they are available in the open market they are quickly commoditised.

Read more: ​Nearly half of organisations using or plan to implement IoT in 2016: Gartner

In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 per cent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks.

Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging vast resources in an attempt to overwhelm defenses and enter corporate networks.

“The report shows New Zealand is a growing destination for cybercrime," says Mark Shaw, Symantec technology strategist – information security. "In fact, New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.”

Read more: ​More than half of Kiwi firms unprepared for cybercrime incidents


“We are an affluent nation, quite trusting, they are going to keep coming back if they are successful [in these attacks],” says Shaw.

Shaw says cyber sabotage also has greater implications with the rise of connected devices or the Internet of Things.

Read more: Tech disruption and cybersecurity top boardroom agenda in NZ

He raises concern over possible ‘hybrid warfare’ where critical facilities like nuclear plants or power stations can be hacked.

“I don’t need a tank or rocket launcher to take over those things, I just need to hack into these environments.”

Data breaches continue to impact the enterprise, according to the report. Symantec says the report is based on data from its global intelligence network which includes a third of global corporate email traffic and 64 million attack sensors in 157 countries.

Read more: Fairfax New Zealand works with CloudSense to accelerate digital sales transformation

Shaw says large businesses that are targeted for attack will on average be targeted three more times within the year.

He says Symantec also saw the largest data breach ever publicly reported last year with 191 million records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches.

While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 per cent. A conservative estimate by Symantec of unreported breaches pushes the number of records lost to more than half a billion.

Shaw says mandatory reporting for information security breaches is important as people increasingly do business online.

Read more: How ‘secure digitisers’ compete to win

Shaw says Symantec is working with industry alliances and with the New Zealand government to push for the passage of the law requiring mandatory reporting of data breaches.


The report, meanwhile, notes how ransomware continues to evolve, with the more damaging style of crypto-ransomware attacks growing by 35 per cent. This more aggressive crypto-ransomware attack encrypts all of a victim’s digital content and holds it hostage until a ransom is paid. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device to hold hostage for profit, indicating that the enterprise is the next target.

In the past year Symantec likewise saw a resurgence of many tried-and-true scams.

Cybercriminals revisited fake technical support scams, which saw a 200 per cent increase last year. The difference now is that scammers send fake warning messages to devices like smartphones, driving users to attacker-run call centres in order to dupe them into buying useless services. As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage, says Symantec.



Shaw says organisations need to be “on top of their game" when it comes to cybersecurity.

Continuous education and training is critical, he states.

He advises holding simulation-based training for all employees as well as establishing guidelines and procedures for protecting sensitive data on personal and corporate devices. " Run practice drills to ensure you have the skills necessary to effectively combat cyberthreats.“

Send news tips and comments to divina_paredes@idg.co.nz

Follow Divina Paredes on Twitter: @divinap

Click here to read digital editions of CIO New Zealand

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, CDOs, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags digitalsymantecransomwarecybersecuritydisruption

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Divina Paredes

Divina Paredes

CIO New Zealand
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?