Cybercriminals now acting like corporates
- 12 April, 2016 14:00
Cybercriminals are seen by their victims as the scourge of the digital economy.
But those tapping their services are witnessing how cybercriminals have morphed into professional businesses and adopting corporate best practices including being customer centric.
“Advanced criminal attack groups now mirror the skill sets of nation-state attackers. They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off,” says Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”
This new class of professional cybercriminals spans the ecosystem of attackers, extends the reach of enterprise and consumer threats, and fuels the growth of online crime, says Symantec in its 2016 Internet Security Threat Report.
New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.
The report notes how advanced professional attack groups are first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market. Once they are available in the open market they are quickly commoditised.
In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 per cent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks.
Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging vast resources in an attempt to overwhelm defenses and enter corporate networks.
“The report shows New Zealand is a growing destination for cybercrime," says Mark Shaw, Symantec technology strategist – information security. "In fact, New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.”
“We are an affluent nation, quite trusting, they are going to keep coming back if they are successful [in these attacks],” says Shaw.
Shaw says cyber sabotage also has greater implications with the rise of connected devices or the Internet of Things.
He raises concern over possible ‘hybrid warfare’ where critical facilities like nuclear plants or power stations can be hacked.
“I don’t need a tank or rocket launcher to take over those things, I just need to hack into these environments.”
Data breaches continue to impact the enterprise, according to the report. Symantec says the report is based on data from its global intelligence network which includes a third of global corporate email traffic and 64 million attack sensors in 157 countries.
Shaw says large businesses that are targeted for attack will on average be targeted three more times within the year.
He says Symantec also saw the largest data breach ever publicly reported last year with 191 million records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches.
While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 per cent. A conservative estimate by Symantec of unreported breaches pushes the number of records lost to more than half a billion.
Shaw says mandatory reporting for information security breaches is important as people increasingly do business online.
Shaw says Symantec is working with industry alliances and with the New Zealand government to push for the passage of the law requiring mandatory reporting of data breaches.
The report, meanwhile, notes how ransomware continues to evolve, with the more damaging style of crypto-ransomware attacks growing by 35 per cent. This more aggressive crypto-ransomware attack encrypts all of a victim’s digital content and holds it hostage until a ransom is paid. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device to hold hostage for profit, indicating that the enterprise is the next target.
In the past year Symantec likewise saw a resurgence of many tried-and-true scams.
Cybercriminals revisited fake technical support scams, which saw a 200 per cent increase last year. The difference now is that scammers send fake warning messages to devices like smartphones, driving users to attacker-run call centres in order to dupe them into buying useless services. As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage, says Symantec.
Shaw says organisations need to be “on top of their game" when it comes to cybersecurity.
Continuous education and training is critical, he states.
He advises holding simulation-based training for all employees as well as establishing guidelines and procedures for protecting sensitive data on personal and corporate devices. " Run practice drills to ensure you have the skills necessary to effectively combat cyberthreats.“
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Click here to read digital editions of CIO New Zealand
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, CDOs, COOs, CTOs and senior IT managers.