Over a million new malware threats are being created every day, Symantec report reveals
British companies are facing a wide number of hacking techniques as they increasingly become popular target for cyber-criminals, a new study has shown.
The latest Internet Security Report from security firm Symantec has revealed that the UK is now the second most popular target for cybercrime in the world, and the most popular in Europe.
Overall, 5 out of 6 large companies were targeted by cybercriminals in 2014, a 40 percent increase over the year before, as nearly one million new malware threats were released every day last year.
This huge rise in attacks has been facilitated by cybercriminals increasingly being able to hijack company networks and using them for their own purposes, allowing hackers to evade detection and access the riches within.
“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response.
“We’re seeing attackers trick companies into infecting themselves by Trojanising software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”
Alongside malicious updates, it appears that users keep falling victim to the same old types of attacks, with Symantec reporting that spear-phishing scams, used by criminals to gain access to email passwords and accounts, rose eight percent during 2014.
However, such attacks do appear to be getting more focused, using on average 20 percent fewer emails to successfully reach their targets, whilst also incorporating more ‘drive-by’ malware downloads and other web-based exploits.
And in the year of Heartbleed and Zeus, this increasingly includes zero-day vulnerabilities, which proved a popular tool for hackers in 2014, particularly given the apparent sloth of software companies in patching their services. Symantec found than it took these companies an average of 59 days to create and roll out patches last year—up from only four days in 2013, giving criminals more opportunity than ever before to pounce on compromised systems.
Asides from software-based hacks, social media also proved a popular attack vector, as criminals looked to gain an easy way in to personal accounts.
“Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,” Haley added. “Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people’s willingness to trust content shared by their friends.”
Also seeing an increase were ransomware scams, which rose 113 percent last year, including a 45 times growth in crypto-ransomware attacks, which hold a victim’s files, photos and other digital content hostage without masking the attacker’s intention.
The data for the report comes from Symantec’s Global Intelligence Network, which is made up of more than 57.6 million attack sensors and records thousands of events per second across 157 countries.
In order to stay safe, the firm is recommending companies use advanced threat intelligence systems and implement multi-layered endpoint security, including network security, encryption, strong authentication and reputation-based technologies, as well as establishing guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices
Symantec also recommends providing ongoing education and training for employees, who should be schooled to use strong and unique passwords, as well as exercising caution whilst using social media and downloading new apps or updates on corporate devices.
What do you know about the biggest and baddest threats and hackers? Try our quiz!