According to the cybersecurity company Symantec — known for its Norton and LifeLock products — cyber criminals reached “new levels of ambition” last year.
Below are some highlights of the firm’s 2017 Internet Security Threat Report.
One in 131 emails sent in 2016 contained a malware-laden link or attachment — the highest rate in five years. Malicious email, deemed “the weapon of choice,” is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:
- Spear-phishing attacks target specific individuals instead of a general, widespread audience (think phishing net). These malicious emails are often disguised as regular emails from trusted sources, such as invoices or delivery notifications. One spear-phishing campaign — fake Google emails instructing targets to reset Gmail account passwords — provided access to the account of Hillary Clinton’s campaign chairman John Podesta and resulted in the 2016 presidential election WikiLeaks fiasco.
- Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails, target more than 400 companies each day and have scammed more than $3 billion over the last three years.
- A growing proportion of spam — roughly 53 percent of all emails sent — now contains malware.
Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Symantec called it “the most dangerous cyber crime threat facing consumers and businesses in 2016.” The company identified 101 new “ransomware families” last year, tripling previous numbers.
Another threefold increase: the demanded ransom amount, which averaged $1,077 per victim last year, compared to $294 in 2015. The U.S. is the most targeted and lucrative market, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally, Symantec said.
Although the total number of data breaches decreased last year — 1,209 compared with 1,211 in 2015 and 1,523 in 2014 — they now have a bigger impact. Symantec said that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.
‘Smart Home’ Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffeemakers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.
Already, millions of IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.
Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test” and “abc123.” The default password for the Ubiquiti brand of routers — “ubnt” — was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.
For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud. Keep tabs on scams and law enforcement alerts in your area at our Scam-Tracking Map .