The latest release of the Symantec Internet Security Threat Report summarizes the state of cyber threats across the world. “Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 88,900 recorded vulnerabilities (spanning more than two decades) from 24,560 vendors representing over 78,900 products.”
The report raises several key incidents and events from 2016 noting the multi-billion-dollar bank heists with Bank of Bangladesh, the attacks against the US Presidential Election, and biggest Distributed Denial of Service (DDoS) attacks using a botnet of Internet of Things (IoT). It indicates while advanced attacks and zero-day vulnerabilities continue to be a major threat, cyber criminals continue to use spear phishing and common tools to blend in with normal traffic.
The report mentions the trend in cyber espionage shift which being used to cause chaos, disruption, disinformation and influence the outcomes in the election processes, decision making and major government decisions on the future. The political use of cyber-attacks is growing and nation states are preparing to be on the offensive when targeted.
It highlighted that financial theft is getting bigger and bolder moving away from the traditional small time credit card theft to the inner workings of the financial industry with the rewards shifting from $2000 to targeting billion-dollar heist’s taking the stakes to the next level.
The report highlights that many cyber criminals are utilizing the ever-growing use of online tools and services available with hacking as a service, DDoS as a service, and the latest ransomware as a service. This means attackers no longer require any deep technical knowledge to carry out the cyber-crime, they simply need a laptop and an internet connection.
Email has again been a popular weapon of choice whether it is to infect targets with ransomware, deliver malware payloads, steal credentials, or gain initial access to perform larger or lateral attacks. They often move undetected for months and even years. Email has proven success and does not rely on vulnerabilities. It only depends on the victim to click a link only once.
IoT is discussed as the new frontier to disruption and the report continuously refers to the Mirai botnet that almost brought the internet to its knees. It shows how simple devices connected to the internet (usually low powered and weak with no security) can easily be turned into devastation and disruption. Symantec indicated in the report that IoT device are targeted every two minutes.
The report covered the use of tools like Mimikatz, capable of changing and exploiting privileged credentials. This is a common tool used by cyber criminals as well as other tools like PsExec, Netscan, Samdump, and WCE. The use of PowerShell was also mentioned as a powerful to exploit networks and perform reconnaissance and it was determined that 95.4% analyzed where malicious.
The report highlights that attackers frequently used stolen credentials or default credentials to gain access and move around the network. It recommended IT professionals to, “Ensure passwords are strong. Important passwords, such as those with high privileges, should be at least 8-10 characters long (and preferably longer) and include a mixture of letters and numbers. Encourage users to avoid reusing the same passwords on multiple websites and sharing passwords with others should be forbidden. Delete unused credentials and profiles and limit the number of administrative-level profiles created.”
Want to read the full report? Download here. And if you want to learn how to protect and secure privileged accounts download our Privileged Account Management for Dummies free eBook.