A report published this evening by Symantec outlines the rocky year consumers and business owners had online in 2017, covering everything from coin mining attacks and problems in the supply chain to ransomware, BEC attacks, and more.
There was a shift in attack types and patterns as criminals adjusted their tactics to deal with constant exposure via media coverage and responsive security teams.
One of the tactical shifts included targeting supply chains and using these attacks to target organizations. Symantec says that there was a 200-percent increase in these types of attacks, representing one every month in 2017.
“Hijacking software updates provides attackers with an entry point for compromising well-protected targets, or to target a specific region or sector,” the report says.
(Note: Symantec used detections from their own products and other internal data when compiling their report.)
The ransomware market for criminals really didn’t hit its stride until 2016, when the underground economy was flooded with ransomware offerings, some good, others bad. This is when the SaaS model of ransomware really started to take shape, which required that the criminal ransomware market take some self-correcting action.
The number of new ransomware variants climbed by 45-percent in 2017, with the United States and China leading the pack when it came to splitting detections by country. There was a spike in detection last May, followed by a sharp decline until July when detections climbed at a steady rate until the end of the year.
As part of the self-correction in the ransomware market, the number of new ransomware families declined in 2017, down to 28 from 98 the previous year. In addition, the average ransom demand fell to $522.00 USD in 2017, after hitting a peak of $1,071 the year prior.
Symantec says that the Necurs botnet blasted out nearly 15 million malicious emails in 2017, mostly in the second half of the year. However, it was the disappearance of Necurs that led to a decline in email overall, hitting a low of 1 in 412 messages.
The average small to medium business (1-250 employees) were the hardest hit when it came to malware-laced email, no matter how it’s measured. That segment topped the list when it came to emails with malicious links and attachments. Interestingly, the larger enterprises were the ones that had the lowest ratios, with 1:512 messages for malicious attachments and 1:13 for malicious links.
BEC (Business Email Compromise) and Phishing
Each month in 2017, Symantec notes, 7,710 organizations were hit by a BEC attack, an average of 4.9 times per victim. The results of these attacks can be catastrophic, leading to the loss of sensitive employee data (W-2 records) or sensitive internal data (sales, IP, etc.).
Typically, the most common subject line in these BEC attacks were “payment” followed by “urgent”, “request”, “attention”, and “important”. In most cases the emails were framed to get attention and align with the normal business workflow, a fact that is evident by the successes criminals achieved last year.
Overall, the phishing rate increased in 2017 after a brief dip, picking up an average of one phishing email for every thirty-three users by the end of the year. Agriculture, forestry, and fishing was the top targeted industry last year, followed by small businesses (non-classifiable establishments), public administration, mining, and the services sector.
“From the sudden spread of WannaCry and Petya/NotPetya, to the swift growth in coinminers, 2017 provided us with another reminder that digital security threats can come from new and unexpected sources,” the report states.
“With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so.”