Cybercriminals are improving their game so rapidly and effectively that mainstream malware is showing the kind of sophistication previously only seen in nation-state attacks – and Australians are the world's most accommodating victims, a senior security researcher has warned.
Australia's high overall wealth and prominent financial services, resources and other large industries had made it a target for spearphishing attacks aimed at companies, and ransomware that has been “very lucrative” for its instigators, Symantec specialist sales engineer within Symantec Australia's Information Security Practice Nick Savvides told CSO Australia in the wake of new research that found the volume of targeted attacks increased 40 percent in 2014 compared with the year earlier.
“The way some of these attacks have been conducted is absolutely fascinating,” Savvides said, noting the “amazing” effort malware authors were putting into work such as Trojanising malware disguised as system updates and other attack vectors.
“If you had asked me the question a year ago, I would have said this is really only the domain of nation states,” Savvides said, singling out a recent toolkit that he said was “probably the most sophisticated piece of malware that we had seen.”
Sandbox detection technologies – seen in 28 percent of malware detected in 2014 – as well as evasive behaviour to evade detection by security tools, and the ability to capture and steal data from victim computers, were amongst the “amazing stuff” that was becoming commonplace on the malware scene, Savvides said.
“We still don't know what the full capabilities of the attack were because we haven't seen the whole package,” he added. “But based on the attacks we saw last year, there are examples where the level of sophistication amongst commercial attackers is sufficiently high that they are responding with the same level of sophistication as state-sponsored attackers.”
Those attacks were not only more numerous, but they were faster to market as victim organisations and vendors struggled to keep up. Figures in Symantec's 2015 Internet Security Threat Report (ISTR) suggested that the top five zero-day attacks in 2014 were exploited by hackers within hours of their release, and remained in the wild for a collective 295 days before patches became available.
That leaves a lot of time for malware to do its work: “A lot of companies do change control very badly because they're very order driven,” Savvides said. “The gaps between shining a light or checking compliance can lead to massive windows of opportunity for the bad guys to attack.”
Malware authors weren't squandering the opportunity: use of targeted spear-phishing attacks rose 8 percent during 2014, the ISTR concluded, even as attackers narrowed the scope of their work – sending 14 percent less email to 20 percent fewer targets.
Non-targeted attacks comprised an even larger percentage of the overall threat activity during 2014, with nearly 317 million new pieces of malware created during the year. Of these, ransomware proved particularly effective: the number of devices locked by such code grew 45 times in 2014 compared with the previous year.
Significantly, analysis showed that Australians were significantly more likely to share malware with their friends using social media: some 87 percent of all social-media scams that Symantec identified in Australia were shared manually by users, compared with just 70 percent globally.
“People love to be first with things,” said Savvides, who finds it “fascinating” just how eager Australians have proven to be in sharing both good and bad content.
“It's interesting to see what works in social media,” he said, “and what that tells you about the psyche of the individuals using it. Despite all this education when people are warned about scams, they still don't show much scepticism when they come across fake offers online. We Australians really are punching above our weight when it comes to this.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.