Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Attackers Using Legitimate Tools, Symantec Reports

    By
    SEAN MICHAEL KERNER
    -
    April 26, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Symantec ISTR

      Symantec released the latest edition of its Internet Security Threat Report (ISTR) on April 26, providing insight into security trends over the course of the past year. Among the big trends noted by Symantec in the 77-page report is a sharp increase in politically motivated attacks as well as an increase in ransomware payouts.

      “Traditionally, most of the big attacks in any given year are economic espionage, and this past year they all seem to be politically motivated,” Kevin Haley, director of Symantec Security Response, told eWEEK.

      Among the political attacks discussed in the report is the Shamoon disk-wiping malware that attacked organizations in the Middle East, as well as attacks against the Democratic National Committee (DNC). 

      “Cyber-attacks seem to be politics by other means now,” Haley said.

      Email is now a primary method for attack delivery, according to Symantec. Haley said that in 2016, Symantec reported a 30 percent year-over-year drop in the volume of web-based attacks, as email attacks have risen. In 2016, one out of every 131 emails had malware in it, up from one in 220 in 2015.

      “Attackers are taking advantage of social engineering and the ability to fool people,” Haley said. “Email attacks are cheap, easy and they work.”

      Among the many popular attacks that can be delivered via email is ransomware, which is a 2016 security trend that multiple security vendors have made note of. Security firm SentinelOne claimed in a November 2016 report that 50 percent of organizations have responded to a ransomware campaign. Symantec reported 463,841 ransomware detections in 2016, up from 240,665 in 2015.

      Not only has the volume of ransomware detection risen, so too has the average ransomware payout from $294 in 2015 up to $1,077 in 2016.

      “We think the ransomware amount rose because so many people are willing to pay the ransom,” Halley said. 

      Living Off the Land

      A big change for Symantec in 2016 was the acquisition of Blue Coat for $4.65 billion, which also brought in new threat research. Haley said that Blue Coat’s threat teams added new insights to the ISTR—most notable in the 2016 data is the use of Powershell for malicious attacks. Powershell is a commonly used Microsoft tool for configuration management and task automation; 95 percent of Powershell scripts that Blue Coat looked at were malicious.

      “In the report we discuss the notion of living off the land, and it’s the idea that attackers this year are using existing IT tools and commonly used programs to attack users,” Haley said.

      When it comes to Powershell, remediation isn’t a simple process, since Powershell is on every Windows machine and is widely used for legitimate purposes. Haley said the same attributes that make Powershell a useful tool for IT users are ones that make it useful to attackers. 

      On a similar note, Symantec also observed a return in the use of Microsoft Office macros to attack users. In December 2016, Symantec saw a spike in Office macros, with over 350,000 detections in that month. 

      “Macros have come back because the bad guys have figured out how to get end users to turn macros back on,” Haley said. 

      Symantec has seen a lot of email attacks with Word documents that include some unreadable text in it and is, advising users to enable macros to read the text, he said. As soon as users click to enable the macro, they get infected.

      “Better defenses are needed, but the bad guys continue to take advantage of the end users,” Haley said.

      Haley expects that next year’s ISTR will have a greater focus on internet of things (IoT) threats as the risks and attacks continue to rise. “We’ll probably be talking in a year about something that none of us anticipated, where attackers have figured out a new way to make money,” he said.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×