How Cyber-criminals Infiltrate the Enterprise

 
 
By Karen A. Frenkel  |  Posted 04-24-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Large Corporations Targeted
    Next

    Large Corporations Targeted

    Five out of six large companies (2,500-plus employees) were hit by spear-phishing attacks in 2014, a 40% rise since 2013, whereas attacks on small and mid-size businesses increased 26 and 30%, respectively.
  • Previous
    Non-Targeted Attacks
    Next

    Non-Targeted Attacks

    Non-targeted attacks still comprise the majority of malware, increasing by 26% this year. There were 317 million new pieces of malware created and 1 million new threats released daily.
  • Previous
    Stalking Security Researchers
    Next

    Stalking Security Researchers

    To avoid detection, before executing their code, malware authors spot security researchers by testing for virtual machines. In 2014, 28% of all malware was "virtual-machine aware."
  • Previous
    Digital Extortion Rising
    Next

    Digital Extortion Rising

    Digital extortion through ransomware attacks grew 113% last year, driven by a 4,000% increase in crypto-ransomware attacks. In 2013, this accounted for 0.2% of ransomware attacks, whereas this year they were 45 times more frequent.
  • Previous
    Cyber-criminals Leveraging Social Networks
    Next

    Cyber-criminals Leveraging Social Networks

    70% of social media scams were manually shared and spread rapidly. They are lucrative because people are more likely to click something posted by a friend.
  • Previous
    Mobile Ripe for Attack
    Next

    Mobile Ripe for Attack

    17% of Android apps (1 million) are malware in disguise. 36% of mobile apps are "grayware," which is not malicious but does annoying and harmful things, such as trick user behavior.
  • Previous
    Point-of-Sale Attacks
    Next

    Point-of-Sale Attacks

    Point-of-sale systems, ATMs and home routers continue to be attacked in 2014, demonstrating that more than our PCs are at risk. Cyber-attacks against cars and medical equipment should remain a concern, according to the report.
  • Previous
    Smartphones Exacerbate IoT Risks
    Next

    Smartphones Exacerbate IoT Risks

    52% of health apps, many of which connect wearable devices, do not have privacy policies. 20% of personal information, logins and passwords online are in clear text.
  • Previous
    Zero-Day Vulnerabilities at Record High
    Next

    Zero-Day Vulnerabilities at Record High

    There was a record high of 24 zero-day vulnerabilities in 2014. It took vendors an average of 59 days to create and rollout patches, an increase from four days in 2013.
  • Previous
    Recommendations
    Next

    Recommendations

    Use advanced threat intelligence solutions to find signs of compromise and respond faster. Implement multilayered endpoint security, network security, encryption, strong authentication and reputation-based technologies
  • Previous
    Prepare for the Worst
    Next

    Prepare for the Worst

    Incident management optimizes your security and ensures that it is measurable and repeatable. Lessons learned improve your position on security. Retain a third-party expert to help manage crises.
  • Previous
    Educate and Train
    Next

    Educate and Train

    Regularly assess internal investigation teams and run practice drills. Establish guidelines, policies and procedures to protect sensitive data.
 

A new study reveals that cyber-criminals targeted five out of six large companies in 2014, a 40% increase since 2013. Hackers are also using deceptive new tactics to infiltrate corporate networks, hijacking infrastructures and turning them on enterprises to evade detection, according to Symantec's study, Internet Security Threat Report, Volume 20. "Attackers don't need to break down the door to a company's network when the keys are readily available," said Kevin Haley, director of Symantec Security Response. "Attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them –giving attackers unfettered access to the corporate network." The report also finds digital extortion on the rise, with ransomware attacks growing 113 percent in 2014. Cyber-criminals are inherently lazy, said Haley, because they prefer automated tools and rely on "unwitting consumers to do their dirty work." The report is based on data from Symantec's Global Intelligent Network of 57.6 million attack sensors, which records thousands of events per second. It monitors threat activity in 157 countries.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...