Infrastructure Attacks and Stealthy Mining—Threats Go Big and Small
A meteoric crypto currency market triggered a gold rush for cyber criminals. Detections of coin miners on endpoint computers increased by 8,500 percent in 2017, with Symantec logging 1.7 million in December alone.
With only a couple lines of code, or delivered via browser, cyber criminals harness stolen processing power and cloud CPU usage to mine crypto currency. Coin mining slows devices and overheats batteries. For enterprises, coin miners put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
Targeted attack groups are on the rise, and the US presents their biggest target. Their methods are low tech and highly effective: Last year, 71 percent of attacks began with spear phishing.
Although the number of organizations subject to targeted attacks is low, the risks posed are quite high. These attackers are skilled, well-resourced, and capable of stealing valuable information or causing serious disruption.
Groups like Dragonfly target critical infrastructure, dwelling inside of organizations for years. The motive for most is intelligence and information gathering, as they patiently scour networks while avoiding detection.
Mobile threats continue to grow, including the new mobile malware variants (54 percent increase). Symantec blocked an average of 24,000 malicious mobile applications each day last year.
Updating to the latest operating system is good cyber security hygiene. But in reality, with Android operating system devices, only 20 percent are running the newest version, and only 2.3 percent are on the latest minor release.
Mobile users also face privacy risks from grayware apps that aren’t completely malicious but can be troublesome: 63 percent of grayware apps leak the device’s phone number.
Software update supply chain attacks—implanting malware into an otherwise-legitimate software package—were up 200 percent in 2017.
Hijacking software updates provides attackers with an entry point for compromising well-guarded networks, with the Petya outbreak as the most notable example. By targeting legitimate Ukrainian accounting software as the point of entry, Petya spread laterally across corporate networks to deploy their malicious payload, with crippling results across the globe