How Cyber-criminals Infiltrate the Enterprise

Karen A. Frenkel Avatar

Updated on:

How Cyber-criminals Infiltrate the Enterprise

Large Corporations TargetedLarge Corporations Targeted

Five out of six large companies (2,500-plus employees) were hit by spear-phishing attacks in 2014, a 40% rise since 2013, whereas attacks on small and mid-size businesses increased 26 and 30%, respectively.

Non-Targeted AttacksNon-Targeted Attacks

Non-targeted attacks still comprise the majority of malware, increasing by 26% this year. There were 317 million new pieces of malware created and 1 million new threats released daily.

Stalking Security ResearchersStalking Security Researchers

To avoid detection, before executing their code, malware authors spot security researchers by testing for virtual machines. In 2014, 28% of all malware was “virtual-machine aware.”

Digital Extortion RisingDigital Extortion Rising

Digital extortion through ransomware attacks grew 113% last year, driven by a 4,000% increase in crypto-ransomware attacks. In 2013, this accounted for 0.2% of ransomware attacks, whereas this year they were 45 times more frequent.

Cyber-criminals Leveraging Social NetworksCyber-criminals Leveraging Social Networks

70% of social media scams were manually shared and spread rapidly. They are lucrative because people are more likely to click something posted by a friend.

Mobile Ripe for AttackMobile Ripe for Attack

17% of Android apps (1 million) are malware in disguise. 36% of mobile apps are “grayware,” which is not malicious but does annoying and harmful things, such as trick user behavior.

Point-of-Sale AttacksPoint-of-Sale Attacks

Point-of-sale systems, ATMs and home routers continue to be attacked in 2014, demonstrating that more than our PCs are at risk. Cyber-attacks against cars and medical equipment should remain a concern, according to the report.

Smartphones Exacerbate IoT RisksSmartphones Exacerbate IoT Risks

52% of health apps, many of which connect wearable devices, do not have privacy policies. 20% of personal information, logins and passwords online are in clear text.

Zero-Day Vulnerabilities at Record HighZero-Day Vulnerabilities at Record High

There was a record high of 24 zero-day vulnerabilities in 2014. It took vendors an average of 59 days to create and rollout patches, an increase from four days in 2013.

RecommendationsRecommendations

Use advanced threat intelligence solutions to find signs of compromise and respond faster. Implement multilayered endpoint security, network security, encryption, strong authentication and reputation-based technologies

Prepare for the WorstPrepare for the Worst

Incident management optimizes your security and ensures that it is measurable and repeatable. Lessons learned improve your position on security. Retain a third-party expert to help manage crises.

Educate and TrainEducate and Train

Regularly assess internal investigation teams and run practice drills. Establish guidelines, policies and procedures to protect sensitive data.

Karen A. Frenkel Avatar