Cyber attackers revealed new levels of ambition globally in 2016—a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks powered by a botnet of IoT devices. Closer home, in the last 12 months more than ever before, there have been aggressive cyber attacks ranging from ransomware attacks to spam and bots menace. “Indians faced a total of 1,148 ransomware attacks per day—the highest in the region,” says Tarun Kaura, director, product management, Asia Pacific Japan, Symantec. In an interaction with Sudhir Chowdhary, he shares insights on the changing threat landscape. Excerpts:
What is the overall theme and key findings from the latest internet security threat report?
Analysis of data and attacks from 2016 show that attackers are using simple techniques, but with sometimes devastating results. There was an evident shift in targeted attacks from being economic espionage to politically motivated sabotage and subversion. Ransomware continued to evolve in the past year with 100 new ransomware families discovered, over three times more than what we observed in the last two years. High-profile attacks such as the DNC hacking, Shamoon sabotage attacks in the Middle East and even the Mirai IoT DDoS campaign which brought down many Cloud services, were all carried out using simple and refined tactics.
Why is there an increase in email-based attacks? Is there a tactic that stands out?
Attackers have moved away from web exploit kits in favour of email-based campaigns, particularly for the distribution of ransomware. Unlike exploit kits, email campaigns don’t require the use of exploits or additional backend infrastructure. Malicious emails were the weapon of choice for a wide range of cyber attacks during 2016, used by everyone from state-sponsored cyber espionage groups to mass-mailing ransomware gangs. While
globally, one in 131 emails sent were malicious, in India, one in 150 was malicious which is almost double of last year.
What are the industries most impacted by data breaches globally?
Symantec’s Internet Security Threat Report 2017 revealed that while the number of data breaches in 2016 remained steady compared to 2015, the number of identities stolen increased significantly. Almost 1.1 billion identities were stolen in 2016, a big jump from the 563.8 million stolen in 2015. The services sector was most impacted by data breaches than any other industry globally, with 452 incidents and 914,382,512 identities exposed. The largest number of breaches—248 incidents—took place within the business services sub-sector, which comprised 24.2% of all breaches in the year. Health was second on the list with 115 breaches or 11.2%.
What are the best practices that Indian online users can consider for safeguarding themselves?
As attackers evolve, there are many steps businesses and consumers can take to protect themselves. As a starting point, Symantec recommends the following best practices:
Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
Go for multi-layered defense: Implement a multi-layered defence strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
Change default passwords on your devices and services: Use strong and unique passwords for computers, IoT devices and Wi-Fi networks.
Keep operating system and software up to date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
Be extra careful on email: Email is one of the top infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments.