lolloj - Fotolia

UK cyber crime growing exponentially

UK ranks highly in phishing, social media and ransomware attacks as cyber criminals professionalise and take advantage of unpatched websites, Symantec’s latest threat report reveals

Highly skilled cyber criminals are fuelling an exponential growth in online crime in the UK, according to Symantec’s latest Internet Security Threat Report.

The report reveals that the UK ranks as the most targeted nation in the world for spear phishing attacks. The UK is also the most targeted country in Europe for social media scams, and ranks second only to Germany in Europe for ransomware attacks.

UK industries most targeted by spear phishing attacks are finance and insurance, transport and public utilities, services and manufacturing.

Globally, the report reveals an organisational shift by cyber criminals to corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers.

This new class of professional cyber criminal spans the entire ecosystem of attackers, the report said, extending the reach of enterprise and consumer threats and fueling the growth of online crime.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director at Symantec Security Response.

“We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”

Zero-day attacks

Advanced professional attack groups are the first to take advantage of zero-day (unpatched) vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised, Symantec researchers found.

In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125% increase from 2014, reaffirming the critical role they play in lucrative targeted attacks.

Targeted attack groups exploit the zero-day vulnerabilities until they are publicly exposed, then toss them aside for newly discovered vulnerabilities, researchers found.

When The Hacking Team was exposed in 2015 as having at least six zero-days in its portfolio, it confirmed the characterisation of the hunt for zero-days as being professionalised, the report said.

Malware increased at a staggering rate, with 430 million malware variants discovered in 2015, up 36% on 2014. The volume of malware proves that professional cyber criminals are using their vast resources in attempt to overwhelm defences and enter corporate networks, the report said.

A year of mega data breaches

Data breaches continue to affect the enterprise, the report said, with large businesses targeted successfully 3.6 times on average.

2015 saw a record data breach of 191 million records, a record-setting total of nine reported mega-breaches, each involving more than 10 million records.

While 429 million identities were known to be exposed in 2015, the report said the number of companies that chose not to report the number of records lost jumped by 85%. A conservative estimate by Symantec of those unreported breaches pushes the real number of records lost to more than half a billion.

“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Haley.

“Transparency is critical to security. By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”

Tried and tested attacks

As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage, the report said.

In 2015, Symantec saw a resurgence of many tried-and-tested scams. Cyber criminals revisited fake technical support scams, which saw a 200% increase. The difference being that scammers now send fake warning messages to devices such as smartphones, driving users to attacker-run call centers where they are duped into buying useless services.

Symantec researchers found three out of four websites globally have unpatched vulnerabilities, making it easier for cyber criminals to target users. Once legitimate sites have been compromised, they can be used to target users with scams or steal money and personal information that can be sold on the black market.

There were more than one million web attacks against people every day in 2015, the report said, dispelling the myth that it is safe to keep to well-known, legitimate websites.

Read more about phishing

  • Whaling attacks take phishing to the next level, with much bigger targets.
  • Phishing is no longer just a consumer problem, say experts. The scams are hurting companies’ reputations and bottom lines.
  • Targeted malware attacks and social engineering schemes, such as phishing and whaling, pose a growing security threat because cyber criminals are getting help from unwitting users.

Cyber criminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators continue to fail to secure their websites, the report said.

According to Symantec’s researchers, 16% of legitimate websites have vulnerabilities deemed “critical”, which makes it easy for cyber criminals to gain access and manipulate these sites for their own purposes.

Ransomware continued to evolve in 2015, with the more damaging style of crypto-ransomware attacks growing by 35%. This more aggressive crypto-ransomware attack encrypts all of a victim’s digital content and holds it hostage until a ransom is paid.

In 2016, ransomware has spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit, indicating that the enterprise is the next target, according to Symantec.

How businesses can respond 

As attackers evolve, Symantec said there are steps businesses can take to protect themselves, such as partnering with a managed security service provider (MSSP) to extend in-house security capabilities. Businesses can also use advanced threat and adversary intelligence systems to help find indicators of compromise and speed up responses to incidents.

Symantec recommends that businesses implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. It also suggests preparing for the worst by implementing incident management systems and processes to ensure continual improvement in security capability.

Businesses should provide on-going education and training with simulation-based training for all employees, as well guidelines and procedures for protecting sensitive data on personal and corporate devices. Finally, Symantec said businessnes must regularly assess and drill internal investigation teams.

Read more about ransomware

  • Businesses are still getting caught by ransomware even though there are fairly straightforward methods to avoid it.
  • Criminals use devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, warns security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works against it.

Read more on Hackers and cybercrime prevention