[Report] The New Cyber Threat Landscape: Tactics are Getting Simpler, Outcomes are Becoming Unprecedented

It will come as no surprise to anyone that 2016 saw an alarming increase in targeted attacks aimed at politically motivated sabotage and subversion. This new level of ambition by cyber criminals is corroborated by the annual Internet Security Threat Report from DLT partner, Symantec. The perceived success of several campaigns – particularly the U.S. election – point to a growing trend among criminals to influence politics and sow discord in other countries, reports Symantec.

The report is always a fascinating read and below are some key takeaways that can inform your agency’s cybersecurity priorities (if you read the report in full you’ll also benefit from best practices for tackling these threats):

Email Remains the Weapon of Choice

Criminals are always seeking to leave a lighter footprint and hide in plain sight. Last year, saw several tactics aid them with this effort. For example, cyber criminals are increasingly turning to commonly used software, such as PowerShell scripts (95% of PowerShell files seen by Symantec in the wild are malicious). In addition, the use of email as an infecting point rose. One in 131 emails in 2016 contained a malicious link or attachment – the highest rate in five years.

Cloud Security Continues to Challenge Unwitting CIOs

Despite all the hoopla and concern about cloud security, cloud attacks have remained in their infancy – until now. 2016 saw the first widespread outage of cloud services thanks to a widespread DDoS campaign – a stark early warning of how susceptible cloud services are to attack.

Below are just some insights on cloud security from the report:

As the IT Footprint Extends Off-Premise, Risks Increase: With the increase in cloud-based data apps and data stored on them (think Office 365, Google, Dropbox, AWS, GitHub, Salesforce, etc.), data governance is being eroded and organizations are more susceptible to weaknesses that exist outside their IT footprint. This becomes even more risky when you consider that even though attackers may target just one cloud service provider (e.g. AWS and GitHub), that provider supports numerous enterprises and other cloud services downstream.

CIOs Have Lost Track of the Amount of Cloud Apps They Have – Another interesting data point emerged from the report. According to Symantec, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when, in reality, the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier.

Attackers are Bypassing Local Security: Increased use of cloud services also helps facilitate a trend of attackers opting to “live off the land” instead of developing their own attack infrastructure. For example, the hack against Hillary Clinton’s campaign chief, John Podesta, was facilitated using cloud services (social engineering was used to acquire Podesta’s email password). In essence, the cloud lets attackers bypass local security and cause maximum disruption with relatively little effort, as in the case of DDoS attacks.

Americans Likely to Give Into Extortion

Ransomware attacks, like the recent WannaCry attacks, continue to escalate and make for a lucrative business for criminals. 100 new malware families were identified by Symantec in 2016, more than triple those seen previously. The number one target? The United States. 64% of U.S. victims are willing to pay the ransom, compared to 34% globally. The public sector isn’t immune, several attacks have shut down government services and even targeted police departments -- all the more reason getting to know the “Enemy with No Face” is critical to winning the cyber war.

Read the full report and best practices for mitigating the rising threat here.