Symantec report: ransomware squeezing victims with escalating demands

Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.

Big numbers

Ransomware continues to plague businesses and consumers, with indiscriminate campaigns pushing out massive volumes of malicious emails. In some cases, organizations can be overwhelmed by the sheer volume of ransomware-laden emails they receive.

Attackers are demanding more and more from victims with the average ransom demand in 2016 rising to $1,077, up from $294 a year earlier.

„Attackers have honed a business model that usually involves malware hidden in innocuous emails, unbreakable encryption, and anonymous ransom payment involving cryptocurrencies. The success of this business model has seen a growing number of attackers jump on the bandwagon.”, according to the latest Symantec report.

The number of new ransomware families uncovered during 2016 more than tripled to 101 and Symantec logged a 36 percent increase in ransomware infections.

Web attacks

Overall, web attacks dropped more than 30 percent year-onyear between 2015 and 2016. This drop can be explained by attackers moving to email as the primary infection vector.

Despite this general drop in web threat activity, it is still a major threat, with Symantec blocking an average of more than 229,000 unique web attacks on endpoint computers every day in 2016.

Technology- and business-related websites were the most frequently exploited website categories in 2016.

Cybercrime

Two distinct sides to cyber crime emerged in 2016. Traditional mass-market cyber crime groups carried out large-scale email campaigns to distribute “commodity” malware such as ransomware and online banking threats.

While their motivations and payloads remained largely the same, their distribution methods have shifted away from webbased exploit kits to more traditional methods, in particular the use of email attachments.

The other side of cyber crime is made up of organized criminal groups, responsible for a number of sophisticated financial heists. However, it wasn’t just professional criminals conducting these campaigns—there has been evidence of nation-state involvement as well.

Key findings

. Cyber crime hit the big time in 2016, with high-profile victims and bigger-than-ever financial rewards. The Banswift (Trojan.Banswift) attacks that took place in 2016 were also the first time there were strong indications of state involvement in financial cyber crime.

. Mass-market cyber crime remains strong despite disruption efforts. Attackers adapted their methods for distributing traditional cyber crime malware. In particular the use of JavaScript downloaders and malicious macro downloaders in Office files was widespread and accounted for just over 7 million attempted infections in 2016.

. While the number of data breaches in 2016 remained steady compared to 2015, the number of identities stolen increased significantly. Almost 1.1 billion identities were stolen in 2016, a big jump from the 563.8 million stolen in 2015.

.Nearly 100 million bots were observed in 2016, an increase of seven percent from 2015.

Symantec say that has established the largest civilian threat collection network in the world, and one of the most comprehensive collections of cyber security threat intelligence through the Symantec Global Intelligence Network™. The Symantec Global Intelligence Network tracks over 700,000 global adversaries and records events from 98 million attack sensors worldwide. This network monitors threat activities in over 157 countries and territories through a combination of Symantec products, technologies, and services, including Symantec Endpoint Protection™, Symantec DeepSight™ Intelligence, Symantec Managed Security Services™, Norton™ consumer products, and other third-party data sources, generating more than nine trillion rows of security data.

In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 88,900 recorded vulnerabilities (spanning more than two decades) from 24,560 vendors representing over 78,900 products.