The latest Internet Security Threat Report from Symantec (Volume 21, if you’re keeping count) shows the cybercriminals are changing how they organise and target their victims.
It’s no longer a case of a smelly kid living in his mum’s basement, or some other social reject, lurking online, dodging soap and trying to make their name as a script jockey.
Oh no, now they are getting organised, and Kiwis are featuring in ever-growing numbers in ransomware and social media scams. They are, according to Symantec, “establishing professional businesses and adopting corporate best practices in order to increase the efficiency of their attacks against enterprises and consumers”.
Symantec NZ spokesdude and technology strategist Mark Shaw says: “The Symantec Internet Security Threat Report reveals that New Zealand is a growing destination for cybercrime. In fact, New Zealand has increased in global rank across five out of six threat categories tracked; spam, phishing hosts, bots, network attacking and web attacking countries. We also have the eighth highest proportion of global phishing traffic.”
In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks. Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging vast resources in an attempt to overwhelm defenses and enter corporate networks.
Last year, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a whopping 125% increase from the year before; and malware also grew at an alarming rate, with 430 million new malware variants discovered in 2015. The volume of malware proves the professional cybercrims are have plenty of resources available to overwhelm and invade corporate networks.
More than half a billion personal information records were stolen or lost in that time. And the report says large businesses that are targeted for attack will on average be targeted three more times within the year.
“Additionally, we saw the largest data breach ever publicly reported last year with 191 million records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches. While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 percent. A conservative estimate by Symantec of unreported breaches pushes the number of records lost to more than half a billion,” the report says
It’s a bit of a worry that so many companies are choosing to hide breaches. Surely every one of their customers, or clients, has a right to know if their information has been compromised?
The report says that encryption is now quite a common weapon, with the data being held hostage in ransomware attacks: this involves locking victims out of their own databases or threatening to release sensitive information until they pay a ransom.
“The Symantec Internet Security Threat Report indicates New Zealand as an increasingly popular target for cybercriminals. As a ransomware target New Zealand ranked fourth in Asia Pacific and 21st globally with the average of 108 ransomware attacks per day. The country was also ranked 21st globally for social media scams,” Symantec’s Mark Shaw said.
HOW TO STAY SAFE
So what can you do to protect yourself or your business? I’m glad you asked! Tech experts have some advice.
For Businesses:
- Don’t get caught flat-footed: Use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
- Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Provide ongoing education and training: Establish simulation-based training for all employees as well guidelines and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.
For Consumers:
- Use strong passwords: Use strong and unique passwords for your accounts. Change your passwords every three months and never reuse your passwords. Additionally, consider using a password manager to further protect your information.
- Think before you click: Opening the wrong attachment can introduce malware to your system. Never view, open, or copy email attachments unless you are expecting the email and trust the sender.
- Protect yourself: Prevention is better than a cure. Use an internet security solution that includes antivirus, firewalls, browser protection and proven protection from online threats.
- Be wary of scareware tactics: Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.
- Safeguard your personal data: The information you share online puts you at risk for social engineered attacks. Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.