Techniques of Cyber-Criminals Continue to Evolve

Written by

A new report by Symantec has revealed that cyber-criminals have adopted an organizational shift in how they carry out their work, implementing corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”

The security firm’s study the Internet Security Threat Report found the number of zero-day vulnerabilities, which advanced professional attack groups commonly target in their own scams or sell to lower-level criminals, discovered in 2015 more than doubled to a record-breaking 54, a 125% increase from the previous year.

“Zero-day flaws allow hackers to take advantage of weaknesses in software that its developers and the organizations using it are unaware of,” Piers Wilson, head of product management at Huntsman Security, told Infosecurity. “Until one of the good guys realizes these weaknesses exist, they remain unpatched and can therefore be exploited by those that know where to look.”

“Unfortunately, the rise of zero-day threats will likely continue. Organized hacking teams are turning these exploits into big business, creating a whole new market around finding and then selling them on to lower-level cyber-criminals to take advantage of,” he added.

Similarly, malware spiked at an alarming rate in 2015 with 430 million new malware variants unearthed, highlighting the fact that cyber-criminals are leveraging vast resources to overpower defenses and access corporate networks.

“Malware has always been a huge security threat,” Wilson explained. “However, what is becoming apparent is that we are seeing a whole new generation of malware that is a lot nastier and even more sophisticated than what came before it.”

Furthermore, ransomware also continued to evolve in 2015, with the more damaging style of crypto-ransomware attacks growing by 35%. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit, indicating that the enterprise is the next target.

Symantec says that more than half a billion information records were stolen or lost last year, suggesting large businesses who suffer an attack will on average be targeted three more times within the next 12 months.

The firm also noted that whilst a record-setting total of nine mega-breaches were reported with 429 million identities exposed, there was a concerning 85% jump in the number of companies that chose not to disclose how many records they lost.

“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Haley. “Transparency is critical to security. By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”

Ben Johnson, chief security strategist and co-founder of Carbon Black, told Infosecurity that to combat more sophisticated cyber-criminals, companies have to gain a better understanding of how they operate.

“Defending against the new wave of sophisticated hacker requires security teams to go beyond simply ‘block-and-tackle’ techniques toward understanding the root causes behind cyber-attacks,” he said.

“Security is more than just identifying a piece of malware and deleting or quarantining it. Understanding how cyber-attacks work enables you to focus on addressing attack delivery mechanisms (e.g., with URL and email filtering), preventing exploitation (e.g., with patch management), and using network analysis to look for signs of command-and-control.”

“If your processes and technology do not provide the larger picture, you might as well be emptying the ashtrays on the deck of the Titanic,” he added.

What’s hot on Infosecurity Magazine?