Cyber criminals continue to use new tactics in carrying out attacks. This is according to the 2017 Symantec’s Internet Security Threat Report (ISTR), which provides a view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, senior director, Cyber Security Services, Asia-Pacific and Japan at Symantec.
Various cyber crimes were already widely covered by the media, including multi-million dollar virtual bank heists, attempts to disrupt the US electoral process by State-sponsored groups and the Distributed Denial of Service (DDoS) attacks using a botnet of Internet of Things (IoT). All these, according to the report, show “how skilled cyber criminals are in executing these crimes”.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, senior director, Cyber Security Services, Asia-Pacific and Japan at Symantec.
According to Sparkes, there is a new trend in cyber espionage that is causing an alarming increase in targeted attacks aimed at political manipulation and sabotage, with cyber criminals exploiting simple IT tools and cloud services. Cyber attacks against the US Democratic Party and the subsequent leak of stolen information are examples of these tactics that are being used to disrupt and influence election processes, and destabilized targeted organizations and countries.
Financial theft carried out virtually on the financial sector with billions of dollars stolen by cyber criminals is also becoming a major issue. Aside from the work of criminals, Sparkes said that for the first time, Symantec also observed indications of the involvement of nation states in this cyber crime.
Another target for disruption is the IoT, which is attacked using the Mirai botnet within two minutes of connecting to the Internet, showing that devices connected to the Internet can easily be attacked.
The use of e-mail, meanwhile, has similarly become the weapon of choice for cyber criminals. Symantec found one in 131 emails contained a malicious link or attachment, the highest rate in five years.
Cyber criminals also use PowerShell, a scripting language installed in PCs, and Microsoft Office files as weapons. They used this as it leaves a lighter footprint and offers the ability to hide in plain sight.
