Cyberattacks Increasingly Rapid and Deceptive: Symantec


In 2014, cybercriminals, using increasingly rapid and deceptive attacks, targeted the financial sector to stole massive amounts of data from major institutions, according to Mountain View, Calif.-based Symantec’s Internet Security Threat Report.

Other highlights: Twenty percent of financial, insurance and real estate companies were at risk of spear-phishing attacks in 2014, similar to the 2013 rate; 30% of finance workers were targeted with spear-phishing attacks, where emails were frequently sent requesting payment by credit card or the completion of a wire transfer; and, financial information was the fourth most common type of information exposed in 2014.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” Kevin Haley, director, Symantec Security Response said in a release. “We’re seeing attackers trick companies into infecting themselves by ‘Trojanizing’ software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”

In a record-setting year for zero-day vulnerabilities, Symantec research revealed that it took software companies an average of 59 days to create and roll out patches. That was up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, exploited the vulnerability within four hours.

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks. What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Email remains a significant attack vector for cybercriminals, but they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.

In a separate announcement the Department of Homeland Security, in collaboration with Interpol and the FBI, released a Technical Alert to provide further information about the Simda botnet that has compromised more than 770,000 computers worldwide with a self-propagating malware since 2009. A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Recommended actions to remediate Simda infections include use and maintain anti-virus software, change, keep operating system and application software up-to-date, and use anti-malware tools.


Henry Sapiecha

Leave a Reply

Your email address will not be published. Required fields are marked *