Η Symantec Corp.. announced the new report Internet Security Threat Report (ISTR), Volume 21, which reveals an organizational turnaround of cyber criminals. In particular, cyber criminals have established best corporate practices and business-level businesses to increase the effectiveness of their attacks on both businesses and end-users.
This new category of cybercriminals is now working across the entire ecosystem, expanding business and threats to end users, and further fueling its development online crime.
"The complex criminal attack by sophisticated groups has now an impact on the community as a whole. Modern cyber criminals have extensive resources and highly specialized technical staff operating at such a rate that they even work in normal working hours and even on weekends and holidays, "said Kevin haley, Its Director Symantec Security Response.
"We are even seeing low-level cybercriminals set up call center operations to increase the impact of their attacks."
Complex task force groups are the first to exploit the vulnerabilities zero-days, using their for the benefit or selling to low-crime countries where the market is open and easily traded. 2015, the number of vulnerabilities has more than doubled, recording a new record with 54 zero-days, an increase of 125% compared to the previous year, thus confirming the crucial role played by targeted attacks.
Meanwhile, malware is growing at an impressive rate since 2015 has discovered 430 million new variants malware. The sheer volume of malware proves that professional cybercriminals have vast resources at their disposal with the aim of crushing all defenses and breaking into corporate networks.
More than half a billion personal data has been stolen by 2015
Data breaches continue to affect businesses. Indeed, large companies selected for attack will be three times more targeted this year. In addition, last year we saw the biggest data violation ever publicly reported, with 191 millions of records being compromised in just one single instance. In addition, there was a record in data breaches with nine reported large incidents. Meanwhile, 429 million identities were compromised, while the number of companies that opted not to report the number of lost entries increased by 85%. A conservative estimate by Symantec of these violations raises the actual number of lost data to over half a billion.
"The increase in the number of companies that choose not to report critical details after a violation is a worrying trend," he said. Haley. "Transparency is critical to security. By hiding the full impact of an attack, it is becoming increasingly difficult to assess the risk and improve the security attitude to prevent future attacks. "
Encryption as a Cybercriminal weapon against theft of critical data
The ransomware 2015 has continued to evolve in more damaging form with its crypto-ransomware attacks to increase by 35%. This more aggressive form encrypts all of the victim's digital content and holds the hostage of the attack until he pays a ransom. This year ransomware will spread beyond computers to smartphones, systems Mac and Linux, with attackers looking for more and more networked Appliances from which they will be able to make more profit, which makes it clear that business is the next target.
Do not call us, we will call: Cyber criminals are calling to receive cash
As more and more people expose their lives online, the attackers are now turning to the digital world for their benefit. 2015, the Symantec saw a revival of many classes-and-truescams. Οι εγκληματίες του κυβερνοχώρου υποδύονταν την τεχνική υποστήριξη δημιουργώντας απάτες οι οποίες μάλιστα πέρυσι αυξήθηκαν κατά 200%. Η διαφορά πλέον είναι ότι τώρα οι απατεώνες στέλνουν πλαστά messages warning on devices like smartphones, directing users directly over them, through alleged phone service centers, to mislead them and buy unnecessary services.
Safety tips from experts
As attackers evolve, there are many steps that both businesses and private consumers need to do to protect themselves. As a starting point, the Symantec suggests the following best practices:
For businesses:
- Prevention saves: The use of advanced threat detection solutions helps to identify compromise indicators and to respond more quickly to incidents.
- Powerful team security: Multilevel application endpoint security, network security, encryption, but also powerful authenticationas well as technologies based on reputation, provide security. Cooperate with me managed security service providers thus further expanding the computerization team.
- Prepare for the worst: Incident management ensures that your security framework has been optimized, with measurable and verifiable results, and that lessons improve the company's security attitude. Consider adding third-party services to help with crisis management.
- Providing continued education and training: Establish a training simulation based on training for all employees, as well as guidelines and procedures for protecting sensitive data on personal and corporate devices. Evaluate on a regular basis the internal teams and conduct practical exercises to make sure that you take all the necessary steps to effectively combat cyber threats.
For individuals:
- Use strong passwords: Use powerful and unique passwords for your accounts. Change your passwords every three months and never reuse them. Additionally, you can use a password manager (password manager ) to further protect your information.
- Think before you click: Opening the wrong attached file can infect malware on your system. Never see, open, or copy the e-mail attachments unless you wait for it Email and you trust the sender.
- Protect Yourself: Proper protection deserves much more than treatment itself. Use a security solution for Internet which includes antivirus, firewalls, browser protection and proven protection against online threats.
- Be wary of tactics scareware: Various versions of software that claim to be free, broken, or pirated programs can expose you to malicious software. Social engineering attacks and attacks ransomware they will try to trick you and think your computer is infected, so you can buy outrageous software or pay instant money to make sure.
- Securing your personal data: The information you share on the internet puts you at risk for social engineering attacks for the purpose of posting personal data. Restrict personal information you share on social networks and more generally online, including connection information (login) with birth dates and pet names.
Η Symantec will host an interesting online seminar on this year's results ISTR the Tuesday, May 3 and 09 am. PT.For more information or subscriptions, please click Here!
