Case Studies

Cloud frontier

by Mark Rowe

The Cloud is the next frontier for cyber crime, according to an IT security product company. Symantec has released its Internet Security Threat Report (ISTR), Volume 22.

Kevin Haley, director, Symantec Security Response, said: “New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus. The world has seen specific nation states doubling down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

The IT firm says that its ISTR provides a view of the threat landscape, including global threat activity, cyber criminal trends and motivations for attackers:

Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. Cyber attacks against the US Democratic Party and then the leak of stolen information reflect a trend toward criminals employing highly-publicised, overt campaigns designed to destabilise and disrupt targeted organisations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns – including the US presidential election and Shamoon – point to a growing trend to criminals attempting to influence politics and sow discord in other countries.

A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. The largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.

Kevin Haley said: “This was an incredibly audacious hack as well as the first time we observed strong indications of nation state involvement in financial cyber crime. While their sights were set even higher, the attackers stole at least US$94 million.”

In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 percent of PowerShell files seen by Symantec in the wild were malicious. Use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users. Symantec found one in 98 emails contained a malicious link or attachment – the highest rate in five years. Further, Business Email Compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails – scammed more than three billion dollars from businesses over the last three years, targeting over 400 businesses every day.

Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide. The IT product company found 41 percent of UK ransomware victims are willing to pay a ransom, compared to 34 percent globally. As the firm added, this has consequences. In 2016, the average ransom spiked 266 percent with criminals demanding an average of £840 per victim up from £229 as reported for the previous year.

A growing reliance on cloud services has left organisations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.

Cloud security continues to challenge CIOs. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organisations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier. These cracks found in the cloud are taking shape. The IT firm predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their IT.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing