Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec’s Internet Security Threat Report (ISTR), Volume 22.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, Symantec Senior Director, Cyber Security Services for Asia Pacific and Japan. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
Subversion and Sabotage Attacks Emerge at the Forefront
Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. Cyber attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly-publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns – including the U.S. election and Shamoon – point to a growing trend to criminals attempting to influence politics and sow discord in other countries.
Nation States Chase the Big Scores
A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
“This was an incredibly audacious hack as well as the first time we observed strong indications of nation state involvement in financial cyber crime,” said Peter Sparkes, Symantec Senior Director, Cyber Security Services for Asia Pacific and Japan. “While their sights were set even higher, the attackers stole at least US$94 million.”
Attackers Weaponize Commonly Used Software; Email Becomes the Weapon of Choice
In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 percent of PowerShell files seen by Symantec in the wild were malicious.
The use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users. Symantec found one in 131 emails contained a malicious link or attachment – the highest rate in five years. Further, Business Email Compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails – scammed more than three billion dollars from businesses over the last three years, targeting over 400 businesses every day.