Web Attacks Decline, Ransomware Attacks Surge

  /     /     /  
Publicated : 22/11/2024   Category : security


Web Attacks Decline, Ransomware Attacks Surge


Symantecs annual Internet Security Threat Report data shows how attacks last year directly targeted end users, and became more efficient and lucrative.



These new stats shed some light on what happens when cyberattackers inch closer to their intended victims: Web attacks dropped by more than 30% last year, and ransomware attack attempts jumped by 36%.
Thats just one of the findings in Symantecs newly published Internet Security Threat Report for 2016, which also shows a continued dip in the total number of data breaches to 1,209 in 2016, from 1,211 in 2015, and 1,523 in 2014. This trend demonstrates how attackers have become more seasoned in automating their attacks - and more efficient, according to Michael Fey, president and COO of Symantec. That also dovetails with attackers targeting the endpoint directly rather than waiting for users to visit a compromised website, he says.
Its so much easier to make a direct connection with your target. You used to have to be tigers waiting around the watering hole, but now they go find their prey and dont just wait for them, Fey says. Thanks to social media and the way we scream to the world who we are and what we care about that can be mined, the need to sit on a Web platform is reduced. [Website attacks] still work, but there are alternate ways to a more deliberate path.
The dip in total breaches is a combination of organizations doing a better job of reducing the amount of data thats at risk, and the fact that attackers have more automated methods of stealing information, he says. They can wage more focused and deliberate attack campaigns and be relatively confident that users will indeed click on malicious attachments, for example.
Web attacks are not dead, however: Symantec says there was an average of some 229,000 such attack attempts detected each day last year, and 76% of websites had bugs, 9% of which were critical.
But 2016 was ransomwares coming-out party: while its been around for a while, the method of locking victims out of their data until they paid a ransom now has become a popular and lucrative way for criminals to make money. Symantec detected 463,000 cases of ransomware last year, up from 340,000 in 2015; the daily average hit 1,539 detections per day, up from 846. And the average ransom surged from $294 in 2015 to a whopping $1,077 last year.
Cybercriminals are cranking out new variants of ransomware at a rapid clip. Symantec counted 101 ransomware families in 2016, up from 30 in 2015 and 2014. According to Symantec, that means more attackers are employing ransomware and creating new families or modifying existing ones. Consumers still represent about 70% of all ransomware infections, but businesses increasingly are becoming targets.
Weve seen government institutions condone paying [ransom], and weve seen government leaders talk about how thats a bad thing. So there are mixed messages all over the place, which makes it more confusing and difficult for victims to properly respond and defend from ransomware attacks, Fey says.
Ransomware victims paying their attackers isnt helping, either, but the situation is fraught: If you pay $29,000 to unlock your data, are you feeding a bigger problem? Fey says. If an organization sent money directly to terrorists wed all condemn them and shut them down. But when a hospitals patients critical data is held for ransom, Im not sure I have the same opinion anymore against paying the ransom like in a terrorist scenario, he says.
Meantime, 15 breaches in 2016 exposed more than 10 million identities, a slight increase from 13 in 2015, and 11 in 2014. Overall in the past eight years, some 7.1 billion identities have been exposed worldwide, the report shows.
Fey says thats another data point that demonstrates how attackers are becoming more efficient. And they are getting to the outcome faster, he says.
Speaking of efficiency, it now takes attackers just two minutes to attack an Internet of Things device – a feat that was achieved by the Mirai botnet last year, according to the
Symantec ISTR report
. The IoT-borne distributed denial-of-service (DDoS) attack (mainly waged by Mirai) on French hosting firm OVH last year was the largest DDoS attack ever, with a peak of 1 Tbps.
We have misunderstood the IoT problem, Fey says of the industry. What people dont fully appreciate about IoT security is how many of these devices are orphaned devices sitting on the Net and vulnerable, he says.
Related Content:
7 Ways Hackers Target Your Employees
INTERPOL Operation Sweeps Up Thousands of Cybercrime Servers Used for Ransomware, DDoS, Spam
xDedic Marketplace Data Spells Danger for Businesses
Nearly 40% of Ransomware Victims Pay Attackers

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Web Attacks Decline, Ransomware Attacks Surge