SlideShare a Scribd company logo

Internet Security Threat Report Volume 23 Highlights

Download as PPTX, PDF
Symantec Security Response
Symantec Security Response

ISTR 23 is Symantec's annual threat report about the cyber security threat landscape. Find out about the new trend of cryptojacking, what ransomware criminals are up to now, and why you still need to be mobile security aware. Read the full report here: http://go.symantec.com/istr

Technology
1 of 27
Internet Security Threat Report Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Agenda Coin Mining2 Shift in Cyber Crime3 Targeted Attacks4 Supply Chain Attacks5 Mobile Threats6 Questions & Answers7 Introduction1 2
Internet Security Threat Report Coin Mining Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Cryptocurrency malware Coin mining malware: • Misuses local resources to mine cryptocurrencies with CPUs and GPUs • Number of blocked samples increased by 8,500% in 2017 • Focus is not on Bitcoin • Preference for coins that can still be mined with a CPU e.g. Monero • Monero is also more anonymous than Bitcoin Criminals adapt known scam schemes for the age of cryptocurrencies • Attacks against crypto exchanges • Wallet theft • Phishing • Tech support scams • Fake mobile apps 4
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only As the price of cryptocurrencies increased, attackers’ interest in them grew as well Monero price (average) Detection count for coinminers on the endpoint Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 5
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Three main impacts of cryptocurrency mining 2 out of 3 victims are consumers, but targeting of organizations is increasing • Slower device • CPU usage at 100% DEVICE PERFORMANCE • High energy consumption • Fast battery drain • Hard on mobile devices ENERGY CONSUMPTION • Reflects badly on security posture SECURITY POSTURE 6
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only In-browser coin mining a.k.a. Cryptojacking Scripts that mine cryptocurrencies in your browser while you browse a site o Very simple for the attacker, add one script line to website o No exploits needed, client is not “hacked” o Seen in 2011, but boosted by Coinhive script in Sept 2017 o Some instances are non-malicious e.g. ad replacements o Try to hide as long as possible, e.g. with pop-under windows <script src="https://some-website.tld/mining-script.js"></script> Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 7
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only In-browser coin mining a.k.a. Cryptojacking o In-browser mining increased by 34,000% in 2017 (24% of all web attacks in December 2017) o 8 Million blocked in December 2017 o Not just Windows — threats exist on OS X, Linux, mobile, and IoT - Mobile apps incorporating cryptocurrency mining code increased by 34 percent in 2017 - Mirai IoT bot variant with cryptocurrency mining capabilities (April 2017) - Works in Office documents, other script languages, browser extensions and widgets Coin mining activity increased dramatically in 2017 8
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Predictions for Cryptojacking TARGETING ORGANIZATIONS Targeting of corporate or organizational networks in order to harness the power of servers or supercomputers. CLOUD HIJACKING Cloud services offer the possibility of high-powered mining. This has a possible financial impact on cloud customers where they pay based on CPU usage. BOTNETS Distributed mining, either through conventional botnets of malware- infected computers and IoT devices or browser- based coinminers, hosted on websites. 9
Internet Security Threat Report Cyber crime is changing … Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Cybercriminals try to find new ways to generate revenue Ransomware market correction • Detections stable at 1,242 per day in 2017 (-2%) • Downloader detections increased by 92% • 46% increase in new ransomware variants • Average ransom down to $522 from $1,070 Shift to other attacks • To coin mining e.g. VenusLocker shifted from ransomware to crypto mining • To financial Trojans e.g. Emotet activity increased by 2,000% in Q4 Trends in cyber crime Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 11
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Necurs botnet reappeared o Very active spam botnet: - 67,000 malicious emails per day - Maximum of 392,000 spam emails per day in October o Pivoted from ransomware (Locky) to financial Trojans o Tried crypto coin pump & dump spams in 2017 o Currently expermenting with coin mining 0 100 200 300 400 500 600 700 800 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Email malware rate 2016-2017 (1 in) Necurs’ absence at the start of 2017 is clearly visible 12
Internet Security Threat Report Targeted attacks Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Targeted Attack Trends • Analysis of TTPs of 140 groups tracked by Symantec • 10% increase in targeted attacks in 2017 • Primary motive is espionage, followed by financial and disruption • Continuing to opt for “Living off the Land” techniques “Attacks carried out by organized groups, directed at a specific target or targets” 14
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Targeted Attacks by the Numbers 24% of all targeted attacks started with Watering hole attacks 71% of all targeted attacks started with spear phishing – the oldest trick in the book 27% of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past 42organizations compromised on average per group 4malicious tools used on average per group 11% of all attacks designed to destroy and disrupt 15
Internet Security Threat Report Supply Chain Attacks Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Attacking the software supply chain ... Fewer exploitable zero day vulnerabilities available Only 27% of targeted attack groups ever used zero days Definition: Implanting a piece of malware into an otherwise legitimate software package at its usual distribution location; This can occur during production at the software vendor, at a third-party storage location, or through redirection. ... an extension of the “Living off the Land” attack trend Trojanized updates are difficult to identify Trusted domain, digitally signed, and trusted update process 17
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only One attack per month in... NotPetya M.E.Docs, 96% of initial infections in Ukraine CCleaner Multi staged, selecting interesting targets for follow-up Internet Security Threat Report Volume 23 Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 18
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Hidden Difficult for victims to identify attacks as trusted processes are hijacked Privileges May provide attacker with elevated privileges during installation Why? Fast number of infections can grow quickly as users update automatically Focus Targeting of specific regions or sectors Reach Infiltration of isolated targets, such as those in industrial environments Trust Infiltration of well- protected organizations by leveraging a trusted channel 19
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Three different methods to achieve their goal Internet Security Threat Report Volume 23 Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 20
Internet Security Threat Report Mobile Threats Volume 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Mobile Malware Continues to Surge 24,000 malicious mobile applications blocked each day 99.9% of malware discovered on third-party app stores 22
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 79% 24% 15% 12% 77% 27% 20% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2016 2017 Mobile Malware Continues to Surge Unfortunately mobile devices are rarely kept up-to-date iOS devices on newest Major Version iOS devices on newest Minor Version Android devices on newest Major Version Android devices on newest Minor Version 23
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Privacy on mobile phones App categories that have the most malicious mobile apps are: 20% Music & Audio 27% Lifestyle Leaky Apps – what sensitive information do they most often leak? 37% Device Location 63% Phone Number 20% Percent increase in grayware in 2017 24
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Internet of Things (IoT) Main attack vector: • Weak default passwords • Misconfiguration 2017 50K 2016 6K 600% Increase in Attacks 25
Internet Security Threat Report Questions? Volume 23
Internet Security Threat Report Thank You! go.symantec.com/ISTR Volume 23

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
FireEye
FireEyeFireEye
FireEyegigamon
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
FireEye
FireEyeFireEye
FireEyegigamon
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...Internetwork Engineering (IE)
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye PortfolioPrime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeSplunk
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseNETSCOUT
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 ReportFortis
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
A New Era of Cybersecurity
A New Era of CybersecurityA New Era of Cybersecurity
A New Era of CybersecurityDigital Transformation EXPO Event Series
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 

More Related Content

What's hot

Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...Internetwork Engineering (IE)
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeSplunk
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseNETSCOUT
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 ReportFortis
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

What's hot (20)

Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 Report
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
A New Era of Cybersecurity
A New Era of CybersecurityA New Era of Cybersecurity
A New Era of Cybersecurity
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 

Similar to Internet Security Threat Report Volume 23 Highlights

Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Symantec Website Security Threat Report - Insights
Symantec Website Security Threat Report - InsightsSymantec Website Security Threat Report - Insights
Symantec Website Security Threat Report - InsightsSymantec Website Security
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemMarketingArrowECS_CZ
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
PIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTPIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTTechnofutur TIC
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 

Similar to Internet Security Threat Report Volume 23 Highlights (20)

Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Cyber security
Cyber securityCyber security
Cyber security
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Check Point Infinity
Check Point Infinity Check Point Infinity
Check Point Infinity
 
Symantec Website Security Threat Report - Insights
Symantec Website Security Threat Report - InsightsSymantec Website Security Threat Report - Insights
Symantec Website Security Threat Report - Insights
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Infosecurity - CDMX 2018
Infosecurity - CDMX 2018Infosecurity - CDMX 2018
Infosecurity - CDMX 2018
 
PIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTPIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINT
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 

More from Symantec Security Response

Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Symantec Security Response
 
Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Symantec Security Response
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Symantec Security Response
 
Dragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack groupDragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack groupSymantec Security Response
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksSymantec Security Response
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsSymantec Security Response
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 

More from Symantec Security Response (10)

Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
 
Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
 
Dragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack groupDragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack group
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
 
Financial threats review 2017
Financial threats review 2017Financial threats review 2017
Financial threats review 2017
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizations
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Internet Security Threat Report Volume 23 Highlights

  • 2. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Agenda Coin Mining2 Shift in Cyber Crime3 Targeted Attacks4 Supply Chain Attacks5 Mobile Threats6 Questions & Answers7 Introduction1 2
  • 4. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Cryptocurrency malware Coin mining malware: • Misuses local resources to mine cryptocurrencies with CPUs and GPUs • Number of blocked samples increased by 8,500% in 2017 • Focus is not on Bitcoin • Preference for coins that can still be mined with a CPU e.g. Monero • Monero is also more anonymous than Bitcoin Criminals adapt known scam schemes for the age of cryptocurrencies • Attacks against crypto exchanges • Wallet theft • Phishing • Tech support scams • Fake mobile apps 4
  • 5. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only As the price of cryptocurrencies increased, attackers’ interest in them grew as well Monero price (average) Detection count for coinminers on the endpoint Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 5
  • 6. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Three main impacts of cryptocurrency mining 2 out of 3 victims are consumers, but targeting of organizations is increasing • Slower device • CPU usage at 100% DEVICE PERFORMANCE • High energy consumption • Fast battery drain • Hard on mobile devices ENERGY CONSUMPTION • Reflects badly on security posture SECURITY POSTURE 6
  • 7. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only In-browser coin mining a.k.a. Cryptojacking Scripts that mine cryptocurrencies in your browser while you browse a site o Very simple for the attacker, add one script line to website o No exploits needed, client is not “hacked” o Seen in 2011, but boosted by Coinhive script in Sept 2017 o Some instances are non-malicious e.g. ad replacements o Try to hide as long as possible, e.g. with pop-under windows <script src="https://some-website.tld/mining-script.js"></script> Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 7
  • 8. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only In-browser coin mining a.k.a. Cryptojacking o In-browser mining increased by 34,000% in 2017 (24% of all web attacks in December 2017) o 8 Million blocked in December 2017 o Not just Windows — threats exist on OS X, Linux, mobile, and IoT - Mobile apps incorporating cryptocurrency mining code increased by 34 percent in 2017 - Mirai IoT bot variant with cryptocurrency mining capabilities (April 2017) - Works in Office documents, other script languages, browser extensions and widgets Coin mining activity increased dramatically in 2017 8
  • 9. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Predictions for Cryptojacking TARGETING ORGANIZATIONS Targeting of corporate or organizational networks in order to harness the power of servers or supercomputers. CLOUD HIJACKING Cloud services offer the possibility of high-powered mining. This has a possible financial impact on cloud customers where they pay based on CPU usage. BOTNETS Distributed mining, either through conventional botnets of malware- infected computers and IoT devices or browser- based coinminers, hosted on websites. 9
  • 10. Internet Security Threat Report Cyber crime is changing … Volume 23
  • 11. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Cybercriminals try to find new ways to generate revenue Ransomware market correction • Detections stable at 1,242 per day in 2017 (-2%) • Downloader detections increased by 92% • 46% increase in new ransomware variants • Average ransom down to $522 from $1,070 Shift to other attacks • To coin mining e.g. VenusLocker shifted from ransomware to crypto mining • To financial Trojans e.g. Emotet activity increased by 2,000% in Q4 Trends in cyber crime Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 11
  • 12. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Necurs botnet reappeared o Very active spam botnet: - 67,000 malicious emails per day - Maximum of 392,000 spam emails per day in October o Pivoted from ransomware (Locky) to financial Trojans o Tried crypto coin pump & dump spams in 2017 o Currently expermenting with coin mining 0 100 200 300 400 500 600 700 800 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Email malware rate 2016-2017 (1 in) Necurs’ absence at the start of 2017 is clearly visible 12
  • 14. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Targeted Attack Trends • Analysis of TTPs of 140 groups tracked by Symantec • 10% increase in targeted attacks in 2017 • Primary motive is espionage, followed by financial and disruption • Continuing to opt for “Living off the Land” techniques “Attacks carried out by organized groups, directed at a specific target or targets” 14
  • 15. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Targeted Attacks by the Numbers 24% of all targeted attacks started with Watering hole attacks 71% of all targeted attacks started with spear phishing – the oldest trick in the book 27% of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past 42organizations compromised on average per group 4malicious tools used on average per group 11% of all attacks designed to destroy and disrupt 15
  • 16. Internet Security Threat Report Supply Chain Attacks Volume 23
  • 17. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Attacking the software supply chain ... Fewer exploitable zero day vulnerabilities available Only 27% of targeted attack groups ever used zero days Definition: Implanting a piece of malware into an otherwise legitimate software package at its usual distribution location; This can occur during production at the software vendor, at a third-party storage location, or through redirection. ... an extension of the “Living off the Land” attack trend Trojanized updates are difficult to identify Trusted domain, digitally signed, and trusted update process 17
  • 18. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only One attack per month in... NotPetya M.E.Docs, 96% of initial infections in Ukraine CCleaner Multi staged, selecting interesting targets for follow-up Internet Security Threat Report Volume 23 Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 18
  • 19. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Hidden Difficult for victims to identify attacks as trusted processes are hijacked Privileges May provide attacker with elevated privileges during installation Why? Fast number of infections can grow quickly as users update automatically Focus Targeting of specific regions or sectors Reach Infiltration of isolated targets, such as those in industrial environments Trust Infiltration of well- protected organizations by leveraging a trusted channel 19
  • 20. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Three different methods to achieve their goal Internet Security Threat Report Volume 23 Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 20
  • 22. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Mobile Malware Continues to Surge 24,000 malicious mobile applications blocked each day 99.9% of malware discovered on third-party app stores 22
  • 23. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 79% 24% 15% 12% 77% 27% 20% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2016 2017 Mobile Malware Continues to Surge Unfortunately mobile devices are rarely kept up-to-date iOS devices on newest Major Version iOS devices on newest Minor Version Android devices on newest Major Version Android devices on newest Minor Version 23
  • 24. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Privacy on mobile phones App categories that have the most malicious mobile apps are: 20% Music & Audio 27% Lifestyle Leaky Apps – what sensitive information do they most often leak? 37% Device Location 63% Phone Number 20% Percent increase in grayware in 2017 24
  • 25. Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Internet of Things (IoT) Main attack vector: • Weak default passwords • Misconfiguration 2017 50K 2016 6K 600% Increase in Attacks 25
  • 27. Internet Security Threat Report Thank You! go.symantec.com/ISTR Volume 23

Editor's Notes

  1. Overall coin-mining activity increased by 34,000 percent over the course of the year, while file-based detections of coinminers on endpoint machines increased by 8,500 percent. (p15) Cryptocurrencies are digital currencies: they are created using computer programs and computing power, and recorded on the blockchain. (p19) Coin mining is not illegal, and many people are now choosing to run files or scripts on their computers to carry out coin mining. (p21)
  2. File-based coin mining involves downloading and running an executable file on your computer. Browser-based coin mining, which saw the biggest jump in prevalence in 2017, takes place inside a web browser and is implemented using scripting languages (p21) In-browser mining does not install malware on the endpoint
  3. From Page 21, cyber crime
  4. Attacks against IoT devices increased by 600% in 2017 (p9) Attackers misued SCADA networks and manufacturing sites to mine cryptocurrencies. Cloud accounts are often hijacked e.g. through phishing attacks
  5. In 2017, 28 new ransomware families appeared, which is on par with 2014 and 2015, but a drop on 2016, when an unprecedented 98 new families were discovered (p17) There were also declines in activity from some of the big ransomware families in 2017. Cerber, Locky, and TorrentLocker all but disappeared from the scene over the course of the year. (p17) Emotet is a financial Trojan that first emerged in 2014 and, after a quiet period, reappeared to make waves in the second half of 2017. (p17)
  6. Graph from page 17 cyber crime The Necurs botnet is one of the biggest drivers of cyber crime activity The disappearance of Necurs in the first quarter of the year led to a decline in email malware from 1 in 131 in 2016 to 1 in 412 in 2017. (p 66) The Necurs botnet sent out almost 15 million malicious emails in 2017, 82.5 percent of which were sent in the second half of the year Despite its absence at the beginning of the year, Necurs was still one of the biggest hitters in cyber crime in 2017. If we look at telemetry for the number of email malware campaigns executed by Necurs in 2017 we can see an increase in activity from June, with a notable surge in September and October, and some peaks visible right through to the end of the year. (p17)
  7. For the first time Symantec has gone back through its data gathered on targeted attacks to gain an understanding of the Tactics, Techniques and Procedures of targeted attackers
  8. From p43
  9. Spear-phishing is the number one infection vector employed by 71 percent of organized groups in 2017 (p43) The use of zero days continues to fall out of favor. In fact, only 27 percent of the 140 targeted attack groups that Symantec tracks have been known to use zero-day vulnerabilities at any point in the past. (p43)
  10. While Petya and Ccleaner are the most notable examples of supply chain attacks in 2017, there have in fact been many others.
  11. Why software supply chain attacks?
  12. Details p45 The most straightforward attack path is when an attacker is able to compromise the vendor of a software package directly. This method was leveraged with great effect in the Petya/ NotPetya attack campaign in June 2017.