CYBER criminals revealed new levels of ambition in 2016, according to Symantec Corp., citing Volume 22 of its Internet Security Threat Report (ISTR).
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, Asia Pacific & Japan cyber-security services senior director. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets, according to Symantec. Cyber attacks against the US Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns point to a growing trend to criminals attempting to influence politics and sow discord in other countries.
A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved, as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.
“This was an incredibly audacious hack, as well as the first time we observed strong indications of nation state involvement in financial cyber crime,” Sparkes said. “While their sights were set even higher, the attackers stole at least United States $94 million.”
According to Symantec, the growth of cloud computing is no consolation. “A growing reliance on cloud services has left organizations open to attacks,” according to the company.
According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000.
This disparity can lead to a lack of policies and procedures for how employees access cloud services, which, in turn, makes cloud apps riskier.