Supply Chain Cyberattacks Surged 200% in 2017

Symantecs annual Internet Security Threat Report also shows that zero-day exploits fizzled and cryptocurrency mining exploded.

Major software update compromises occurred at least once a month last year as attackers adopted this more stealthy and efficient way to reach their targets – compared to just three such attacks per year previously.
That 200% increase in such supply chain attacks only accounts for breaches in 2017 that were reported publicly, so the actual rate of these attacks could be even higher, according to new cyber threat data from Symantecs annual Internet Security Threat Report, published today.
These are attacks where hackers hijack the software update process and replace it with malicious code; the most high-profile of these incidents last year was
NotPetya
, where Russian hackers compromised a Ukrainian accounting vendors software as a way to spread malware to its targets.
All of a sudden this is a huge issue, says Kevin Haley, director of Symantec Security Response. This is something organizations really need to be concerned about. Its not just some on-offs.
Supply chain attacks were one of the main trends cited by Crowdstrike in
its annual threat report
as well. In additon to NotPetya, there were attacks on Avasts CCleaner and the HandBrake media player software for Apple Mac machines, notes Adam Meyers, vice president of intelligence at Crowdstrike. Attackers can target victims via plugins and other software updates, he says.
It used to be that we talked about the hardware supply chain being at risk, Meyers says. Now you get updates via an app store that will validate as much as possible but still can be corrupted or abuse permissions, he says.
Its tough to defend against supply chain attacks because patching software with the latest releases is a best security practice. You cant stop patching, but organizations should start looking at their supply chain vendors and be sure they are protecting them, Symantecs Haley says.
Behavior monitoring is another way to track any suspicious activity with an application update, but app vendors also need controls to catch any unauthorized changes in their update systems and processes, Symantec advises.
The spike in supply chain attacks coincided last year with a drop in zero-day attacks detected by Symantec. Its getting harder to find - and less appealing to burn – expensive zero-day vulnerabilities in an attack. Just under 30% of the 140 cyber threat groups Symantec tracks that wage targeted attacks have ever used an 0day in an attack. Its all part of the trend of sophisticated attackers employing legitimate tools and applications on their victims networks to stay camouflaged for the long haul.
Targeted cyberattacks increased by 10% last year, with some 90% of the attacks purely for intelligence-gathering, including spying, information-stealing, and surveillance. Most of the attackers here are nation-state sponsored groups. About 10% of targeted attack groups wage disruptive attacks on their victims. Another 9% are doing so for financial gain, and spear phishing is the main initial attack vector (71%) in all targeted attacks.
Symantec has discovered an average of three new targeted attack groups per year, it says, and the most active ones hit an average of 42 organizations in the past three years. Researchers at Symantec identified 29 new such groups this past year. And those are only the ones we know about, Haley says.
The US unsurprisingly is the most attacked, with nearly 30% of all targeted attack incidents.
Destructive targeted attacks that cause disruption or destroy data are on the rise, however. Like 0days, they call often unwanted attention to the attackers, so its a calculated risk for the threat group to wage one. Just 6% of the targeted attack groups Symantec watches deploy destructive malware, but that number could rise.
Success breeds imitation. Those attacks can be looked at as a success. We expect to see more attacks inspired by known destructive attacks, Haley says.
One of the more infamous such attacks was by North Koreas Lazarus Group against Sony Pictures in 2014. The hackers dumped emails, unreleased movies, and wiped hard drives as part of the noisy and destructive hack purportedly in response to a film considered disparaging to Kim Jong-un.
Cryptocurrency Mining Cashes In
One of the most dramatic shifts in security threats Symantec studied in 2017 was the eyepopping 34,000% (yes, thats three zeroes) increase in cryptocurrency mining attack attempts. These so-called cryptojacking attacks infect victim computers in order to use their processing power (and electricity) to mine virtual currency in massive quantities. In December 2017 alone, the security firm blocked more than 8 million of these attacks, and in the fourth quarter of 2017, Symantec endpoint technology saw an 8,500% increase in detections of cryptojacking malware.
Cybercriminals – and nation-states such as North Korea – dropped ransomware for the most part in exchange for the more lucrative and easier to deploy cryptojacking attacks. While the wave now is riding the exchange rate for virtual currency, Haley doesnt expect these attacks to decline any time soon.
The attack rates are holding at highs so far this year, he says. They are not going away.
As the average price for ransomware attacks dropped, attackers jumped ship to cryptojacking. We think there is some movement from ransomware to cryptojacking because its easier money, he says. With ransomware, there were way too many competitors in the market and they were overpricing their product. Only so many victims were willing to pay to get their files back: they were not going to pay $1,000, for instance, he says.
The average ransom demand in 2017 declined by about 50%, to $522, but the number of ransomware variants actually rose by 46%. So ransomware isnt dead.
The challenge with cryptomining versus ransomware is the visibility and pain of the attack: ransomware was an in-your-face, work-stop event, for example. Cryptocoin mining can be less obvious and some organizations dont consider that its a form of hacking. The malware, though, can ultimately can drag down machine performance, overheat batteries, sap electricity, and even break components and cause an enterprise network shutdown. Theres also the risk of being billed for the attackers use of CPUs via your cloud provider, Symantec notes in
its report
.
Haley says enterprises are prime targets for cryptocurrency attacks, even if the currency value declines. Enterprises have more processing power, so if I want to maximize my earnings, thats where I can go to get even more powerful systems, he says. Employees, too, may abuse their corporate networks to mine coins.
Meantime, Symantec saw mobile malware variants increase by 54% last year over 2016. Its products blocked some 24,000 malicious mobile apps per day. Android devices continue to be the biggest security problem for enterprises and consumers, as only 20% of Android users have devices with the most up-to-date software.
Another hotspot to watch out for: Internet of Things (IoT) threats. Symantec said attacks on IoT rose 600% last year.
Related Content:
3 Steps to Reduce Risk in Your Supply Chain
More Security Vendors Putting Skin in the Game
6 Questions to Ask Your Cloud Provider Right Now
10 Security Product Flaw Scares
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the
security track here
. Early Bird Rates Expire Friday March 23. Use Promo Code DR200 to save $200.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Supply Chain Cyberattacks Surged 200% in 2017