The cyber threat landscape has experienced a major shift toward politically motivated attacks, according to the Symantec 2017 Internet Security Threat Report.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Kevin Haley, director of Symantec Security Response. “The world saw specific nation-states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
According to the report, the apparent success of the Democratic National Committee hacks and the Shamoon computer virus have driven politically motivated threats from a rare occurrence to an increasing problem.
“We’ve seen a significant shift toward more cyber espionage, subversion, and sabotage,” said Chris Townsend, Federal vice president at Symantec. “If we start to see hackers with more political motivation and increased nation-state involvement, that’s a major concern.”
According to Townsend, these attacks have both overt political and economic motivations, as nation-states can use funds gained in a financial attack to finance political plans.
According to the report, Symantec found evidence linking North Korea to cyberattacks on banks in Bangladesh, Ecuador, Poland, and Vietnam.
“This was an incredibly audacious hack as well as the first time we observed strong indications of nation-state involvement in financial cyber crime,” said Haley. “While their sights were set even higher, the attackers stole at least $94 million.”
“There’s some concern that stolen money may be used for nuclear weapons,” said Haley.
The report also found that, when faced with a ransomware attack, Americans were far more likely to pay to get their files back: 64 percent pay their ransom compared with 34 percent globally.
Townsend said that the difference in these numbers “could be a cultural thing,” as Americans are often more attached to their technology than people from other nations.
However, this increased likelihood of paying a ransom has also drastically driven up the price of ransoms, $1,077 per victim up from $294 last year, because hackers know people will still pay.
According to the report, cybercriminals’ use of email to attack victims also saw a rise, with one in 133 emails containing a malicious link or attachment. According to Townsend, this is a popular avenue of attack because “the biggest challenge is to secure the behavior of the individual” that clicks on a link.
Townsend said that cloud will be the next major attack vector, as many CIOs vastly underestimate the number of applications on their cloud.
“This whole idea of shadow IT is a real concern,” said Townsend, adding that these unknown applications present points of vulnerability if their security is not evaluated.