Advanced Professional Attack Groups First to Leverage Zero-day Vulnerabilities: Symantec

NEW DELHI, INDIA: Symantec’s Internet Security Threat Report (ISTR), Volume 21, reveals an organizational shift by cybercriminals: They are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Tarun Kaura, Director –Solution Product Management for Asia Pacific and Japan, Symantec.

“We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”

Advanced professional attack groups are the first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditized. In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 per cent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks. Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging their vast resources in attempt to overwhelm defenses and enter corporate networks.

Data Breaches Reach Mega Highs with Half a Billion Records Lost

Data breaches continue to impact the enterprises and even governments. Additionally, we saw the largest data breach ever publicly reported last year with 191 million records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches. While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 per cent. A conservative estimate by Symantec of those unreported breaches pushes the real number of records lost to more than half a billion.

Key India Highlights

With a young demographic, millions of mobile connections, rapid adoption of cloud and increasing integration of ICT in critical infrastructure; India continues to be a top source as well as destination of cyber attacks. Once considered the spam capital of the world, India has seen a steady decrease in the amount of spam originating from its borders. After ranking 6^th in 2014, India now ranks 18^th as a source of spam. However, it continues to rank as the third top source of overall malicious activity including spam, malware, phishing hosts and bots, etc.

Indian Enterprises Need to Plan For Repeated Attacks

As attacks against businesses hit the headlines with much regularity, it is no more a question of, if or when you will be attacked- but how often. In 2015, Indian organizations were the 6^th most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average. Organizations in the public utilities and financial sector that were targeted once were most likely to be targeted again at least two times more throughout the year. Mining was the highest risk prone sector, where one out of two companies was attacked at least once last year. 40 per cent of BFSI businesses were also attacked at least once. In fact, over the last three years India has gradually moved up the rankings to rank #3 in 2015 (after rank #7 – 2013; #5– 2014) for most financial Trojan infections globally as per a recent research by Symantec on Financial Threats 2015.

That said, while only 30 per cent of targeted attacks were on large enterprises (down from 60 per cent in 2014), they were six times more likely to be targeted at least once a year compared to small businesses.

Sweet November for Targeted Attacks across Businesses in India; Small Businesses Most Targeted In 2015

November was the busiest month for cybercriminals in India and across the globe, with an average of 2.5 targeted attacks per day being aimed at Indian enterprises in the month.

Unlike previous years, it’s not just Fortune 500 companies and nation states, at risk of having IP stolen. The last five years have seen a steady increase in attacks targeting businesses with less than 250 employees. In 2015, over one in two attacks (52 per cent) were aimed at small businesses in India, proving that companies of all sizes are at risk. Attackers motivated purely by profit can be just as technically sophisticated and well-organized as any nation state-sponsored attacker.

Encryption Now Used as a Cybercriminal Weapon to Hold Companies’ and Individuals’ Critical Data Hostage

Ransomware also continued to evolve in 2015. The more aggressive crypto-ransomware attack that encrypts all of a victim’s digital content and holds it hostage until a ransom is paid, grew by 35 percent globally. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit, indicating that the enterprise is the next target.

India is the second most favored destination for Ransomware in Asia with the average number of attacks per day increasing 114 per cent to 15 attacks per hour.

Every Sixth Social Media Scam Globally Impacts an Indian

In 2015, India witnessed a 156 per cent increase in the percentage of social media scams. Every sixth scam impacted an Indian, making it the most targeted country in Asia and second in the world. A whopping 94 percent of these scams were spread through manual sharing, proving India’s burgeoning social media population remains a favored target of scammers, as they seek to leverage the trust people have in their own social circles to spread scams, fake links, and phishing.

Don’t Call Us, We’ll Call You: Cyber Scammers Now Make You Call Them to Hand Over Your Cash

As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage. In 2015, cybercriminals revisited fake technical support scams, which saw a 200 per cent increase globally. With close to 5, 00,000 attacks last year, India ranked 11 amongst countries targeted the most by tech support scams.

The difference now is that scammers send fake warning messages to devices like smartphones to prompt people to call attackers directly in order to dupe them into buying useless services or even install malware.