Symantec’s 2017 Internet Security Threat Report reads more like a catalog of horrors for CIS and their staffs, with cyber spies and criminals running amuck everywhere.
In 2016 as internet security threats mushroomed, cyber criminals and state-sponsored saboteurs pursued aggressive capers that included multi-million dollar virtual bank heists, some of the biggest distributed denial of service (DDoS) attacks on record. and an overt attempt to disrupt the U.S. electoral process. Those are the findings of the latest edition of Symantec’s annual Internet Security Threat Report (ISTR) released late April, 2017.
Symantec study found that cyber attackers are moving away from customized malware and relying more on legitimate software tools—like email–to compromise targeted networks. Symantec reports that one in 131 emails contained malware, the highest rate in five years. And Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years.
Diginomica readers will recall that it was a simple spear-fishing email—a spoofed email instructing Hillary Clinton’s campaign manager John Podesta to reset his Gmail password–that got Russian hackers into the Democratic National Committee’s database, allowing them to release reams of information damaging to the Clinton campaign. Said Symantec:
Attackers are increasingly attempting to hide in plain sight. They rely on straightforward approaches, such as spear-phishing emails and “living off the land” by using whatever tools are on hand, such as legitimate network administration software and operating system features.