Cyberattackers Continue to Innovate: Symantec

symantec_logo_emailThe struggle between those who are trying to protect the digital world and those who are trying to exploit it grew in intensity last year,according to a new report by Symantec.

The company’s Internet Security Threat Report (ISTR) reveals that cyberattackers are infiltrating networks and evading detection by hijacking the infrastructure of companies and turning it against them, while extorting end-users via their smartphones and social media to make some quick cash.

With high-profile breaches constantly making headlines, people are more aware of their cyber “risk factor” than ever before—but many still aren’t taking action or are stuck fighting against old tactics rather than facing attackers head-on.

In 2014, attackers tricked companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them. Once a victim had downloaded the software update, attackers were given unfettered access to the corporate network. Highly-targeted spear-phishing attacks remained a favorite tactic for infiltrating networks, as the total number of attacks rose eight percent. What makes last year particularly interesting is the precision of these attacks. Spear-phishing attacks used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Other findings:

  • Attackers Are Moving Faster, Defenses Are Not
  • Attackers Are Streamlining and Upgrading Their Techniques, While Companies Struggle to Fight Old Tactics
  • Cyberattackers Are Leapfrogging Defenses in Ways Companies Lack Insight to Anticipate
  • Malware Used In Mass Attacks Increases and Adapts
  • Digital Extortion on the Rise: 45 Times More People Had Their Devices Held Hostage in 2014
  • Cybercriminals Are Leveraging Social Networks and Apps to Do Their Dirty Work
  • Internet of Things Is Not a New Problem, But an Ongoing One

Executive Summary