Cybercrime is increasing in popularity every day – according to Symantec’s Internet Security Threat Report, web attacks are up by 56%. How we manage our data as a business is a crucial step in protecting ourselves against cyberattacks, especially with the use of data recovery. We have summarised the main factors in Symantec’s 2019 Threat Report to highlight the essential need for SMEs and large organisations to act now and protect themselves from becoming another statistic of cybercrime.
Formjacking was one of the biggest cyber security trends of 2018, with an average of 4800 websites being compromised with formjacking code every month in 2018.
Symantec found that just 10 credit cards stolen from compromised websites could yield up to $2.2 million for cybercriminals each month on underground markets.
The majority of the Formjacking activity has been blamed on a group dubbed ‘Magecart’, believed to be several groups operating in competition with one another. One of these groups is thought to be behind the high-profile data breach attacks on British Airways and Ticketmaster.
Research shows that this group targeted third-party applications, such as chatbots, which then loaded malicious code into the web browsers of visitors on the infected site, aiming to harvest the customers’ payment data.
Symantec’s report goes on to explain that even though household names are mentioned in the news, their analysis shows that small and medium businesses have also been victims of Formjacking, making this a universal issue.
So, how can you make sure your website isn't hacked? The simplest way is to perform regular auditing of the page. Formjacking puts malicious code into your web page, so a careful, regular observation allows you to check if any changes have been made, which imply your website has been tampered with.
For the first time in 5 years, ransomware activity decreased with the overall amount of ransomware infections on endpoints dropping by 20%.
If popular ransomware worms, such as WannaCry and Petya were taken out from the statistics, the drop in infections was greater with a 52% fall.
However, up until 2017, consumers were the hardest hit by ransomware, accounting for the majority of infections. In 2017, however, the balance tipped towards enterprises with the most infections occurring in businesses thanks to WannaCry, Petya and NotPetya.
In 2018, this increase accelerated, with enterprises making up 81% of all ransomware infections. So, although overall ransomware infections were down in 2018, enterprise infections were up by 12%.
Symantec believe this shift was due to the main distribution of ransomware being through emails, which tend to be the main communication tool used in organisations.
The number of attack groups using destructive malware is up by 25%
So, how can you protect yourself against malware? The easiest way to protect yourself is to keep your software up-to-date. The reason 2017 was a busy year for ransomware was because Windows users hadn't updated their operating systems with the latest patch update, leaving their systems vulnerable to a breach.
According to Symantec's Threat Report, small organisations were more likely to be hit by email threats in 2018, which included spam, phishing and email malware.
Malicious links had decreased in popularity, as cybercriminals focused on malicious email attachments instead.
In 2017, malicious links in emails had increased to 12.3%, but this dropped down to 7.8% in 2018. Symantec’s analysis showed that MS Office users were more at risk of falling victim to email-based malware, as Office files accounted for 48% of malicious email attachments – jumping from just 5% in 2017.
These attachments were usually disguised as invoices or receipts, which when downloaded would execute the script to download the malware.
So, how do you protect yourself against email threats? Don't open email attachments from senders you don't know - and do not click on suspicious links. If you hover over the email address or links, you will see the actual email address/links - such as, the email may say 'firstname.lastname@example.org', but when you hover over it will say something else, 'email@example.com'.
Top Malicious Email Themes in 2018:
|Subject Topic||Percent (%)|
|Email Delivery Failure||13.3|
Top Malicious Email Attachment Types:
|File Type||Percent (%)|
|.doc / .dot||37.0|
|.xls / .xlt / .xla||7.2|
|.html / htm||5.5|
How can we help?
Symantec’s 2019 Internet Security Threat Report brings to light how crucial it is to back up our data and train our staff on the increasing number of cyberthreats out there.
Our Managed IT Security services can help safeguard your business - we can review your current security policies, provide user awareness training and use penetration testing to check for areas of vulnerabilities.
Furthermore, as Symantec's report states, the amount of enterprises falling victim to cybercrime is increasing every day, therefore having a data recovery plan in place can help ease your mind about major data loss.
We take a broad view of disaster recovery and business continuity and work hard to ensure that every element of your critical infrastructure, applications and data is protected.
This allows us to create a comprehensive disaster recovery and business continuity plan that’s tailored specifically to the needs of your organisation.