Symantec has just presented the main conclusions of its annual report on Internet security threats, which analyses all the threats identified in 2014. What can we learn from this twentieth edition, both on a global and French level?
In general, we see that cyber attackers have made a change in tactics: They infiltrate networks and escape detection by diverting the infrastructure of large enterprises and using it against the companies themselves. In particular, they catch companies out by making them self-infect through Trojans during standard software updates. They then wait patiently for their targets to download these infected updates, giving them free access to the company’s network.
2014 was also a record year for zero-day vulnerabilities, with software companies taking an average of 59 days to create and deploy patches. The attackers took advantage of this delay and, in the case of Heartbleed for example, were very responsive in exploiting the vulnerability in the four hours that followed. A total of 24 zero-day vulnerabilities were discovered in 2014, leaving the field open for attackers to exploit known security flaws before they were corrected.
Attacks affecting business are also increasingly targeted. What makes 2014 particularly interesting is the precision of these attacks, with a 20% decrease in the use of e-mails to achieve their ends and the incorporation of more malware into downloads and other online exploits. It has also been observed that the
attackers use e-mail accounts stolen from a company victim in order to harpoon others at the end of the food chain, taking advantage of the company management tools and procedures to move the stolen IPs within the company network before extracting them, or even develop customised attack software.
Although attacks are increasingly well targeted, general cybercrime is not on the wane, quite the contrary: 317 million new malware programmes were created in 2014, nearly 1 million per day. E-mail remains an important vector of attack for cybercriminals, but they continue to experiment with new methods of attack on mobile devices and social networks to reach more people with less effort. While these ‘easy’ techniques continue to be remunerative, some cybercriminals are turning to more lucrative and aggressive attack methods such as ransomware, which literally holds the computer hostage until a ransom is paid. Last year, this type of malware increased by 113%, and its ‘CryptoLocker’ variant, which encrypts data, had 45 times more victims than in 2013. Rather than use the traditional ransomware technique of pretending to be an authority and demanding payment of a fine for stolen content, a crypto-ransomware attack is more vicious, in that it holds victims hostage using techniques that encrypt their files, photos and other digital content, without hiding its intentions. Note that crypto-ransomware is not only used to extort individuals, since more and more companies have also been victims.
The final point to highlight is that France increased by one rank again this year taking it to 14th place in the world and 6th place in Europe on the list of countries where cybercrime is most active, the United States, China and India staying at the top of the rankings. Although we noted a decline in spam and web attachments, we also saw that mainland France suffered even more network and phishing attacks in 2014 and 2013, occupying 6th and 4th world ranking, respectively. Another distinction for France was the fact that, although large companies were particularly concerned (59%) by targeted attacks, the same was true for SMEs (35.6%). This differed from the global statistics. The French cultural exception in the field of cybercrime concerns social network scams on the one hand, with France ranked 5th in the world and 2nd in Europe (behind the UK and ahead of Germany), and digital extortion through ransomware on the other (4th in Europe and 6th in the world), with CryptoLocker viruses now representing 9% in this country.
Faced with these bleak findings, what can companies and individuals do? Keep calm and adopt the right approach to security! For the former, it is a question of being prepared by using advanced threat intelligence solutions, adopting a proactive attitude to security and… preparing for the worst so as to be sure of coping in the best possible way. Individuals must be careful and worldly-wise, understanding that it is not a good idea to share anything and everything on social networks, and use strong passwords and up-to-date information protection solutions.
Our level of connectivity and cyber-dependence has never been greater, and the question is no longer whether, but when a company will be attacked. It is up to each one of us to prepare for this and assume our responsibilities.