Threats became more sophisticated in 2015: Symantec Internet Threat Report

Like physical security threats, Internet security threats are getting more serious, even as the mechanisms to fight them are getting better. But as older types of threats are beginning to be tackled effectively, newer threats—more sophisticated and targeted at newer frontiers in digital space, such as mobile—are emerging and growing rapidly, according to the findings of the latest Internet Security Threat Report (ISTR), released recently by Symantec. The report is based on Symantec’s active tracking of vulnerabilities. It maintains one of the world’s most comprehensive vulnerability databases.

Zero-day vulnerabilities

In a proof that hackers are getting smarter and more agile, the report says zero-day vulnerabilities—or malware targeted to exploit the vulnerabilities in a new software before the vendor discovers and fixes it—more than doubled in 2015, as compared to previous year. In 2015, 54 such cases—or, on an average once a week—were reported, which was up from 24 last year. In 2013, a similar hike was observed, though almost no growth in 2014 had made software makers hopeful about the threat getting plateaued. Now, it seems to be a cyclic one-upmanship between the hackers and security vendors.  Internet Explorer and Adobe Flash were the most vulnerable to such attacks. “Four of the five most exploited zero-day vulnerabilities in 2015 were Adobe Flash,” says the report.

Breaches

In breaches too, the trends indicated some success for security experts as the total number of breaches actually came down, albeit marginally from 312 in 2014 to 305 in 2015. But do not rush to conclusions—the bigger attacks more than doubled. Breaches where more than 10 million identities were exposed went up from 4 in 2014 to 9 in 2015. Similarly, the number of identities exposed too saw a rapid spike of 23%. Some 429 million identities were exposed. However, it is still far lower than the high of 2013, when the massive Adobe breach where 150 million identities were exposed spiked the total base to 552 million. At the close of 2015, the world experienced the largest data breach ever publicly reported. An astounding 191 million US voter records were exposed. 

But the report makes another startling observation.  “In 2015, more and more companies chose not to reveal the full extent of the breaches they experienced,” claims the report, even quantifying the number of such companies.  “Companies choosing not to report the number of records lost increased by 85%,” it said.

Web Attacks

The websites continue to struggle against the attackers.  There were over one million web attacks against people each and every day in 2015, says the report.

“Many people believe that keeping to well-known, legitimate websites will keep them safe from online crime. This is not true. Cybercriminal continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites,” the report  observes, quite unequivocally. More than 75% of all legitimate websites have unpatched vulnerabilities, it says.

Spear-fishing

Noting that spear-fishing campaigns in 2015 increased by one and half times over 2014, the report observes that cyber attackers are playing the long game against large companies. “In 2015, a government organization or a financial company targeted for attack once was most likely to be targeted again at least three more times throughout the year. Overall, large businesses that experienced a cyber attack saw an average of 3.6 successful attacks each,” the report concludes.

Unscrupulous businesses are using cyber attacks to steal competitor information too, the report says. “Attackers motivated purely by profit can be just as technically sophisticated and well-organized as any nation state-sponsored attackers,” notes the report. However, with real business at stake, it seems companies are putting their effort in containing it and those efforts seem to be succeeding to some extent. Spear-fishing emails have steadily come down—from a high of 83 per day in 2013 to 73 per day in 2014 to 46 per day in 2015.

Mobile Vulnerabilities

As a lot of digital activity shifts to the small screen, the attackers’ attention too has also extended to mobile. New mobile vulnerabilities saw a sharp rise over 214, growing three fold to 528. As many as 3944 new Android mobile malware variants were observed in 2015, up from 2227 in 2014.  The cumulative Android malware variants stood at close to 14,000 in 2015. Vulnerabilities on iOS far outnumber those on Android. In 2015, every five out of six mobile vulnerabilities were reported on iOS platform.

Ransomware

The creative use of encryption by cyber criminals who are holding the digital assets hostage and asking for a ransom has now emerged as the latest top-of-mind security challenge. Crypto-style ransomware grew 35% in 2015 to reach 362,000 incidents in total, or close to 1000 per day. 

In 2015, ransomware found new targets and moved beyond its focus on PCs to smart phones, Mac, and Linux systems. 

Highsnobiety Sneakers