Skip to main content

Internet threats: what was trending in 2015?

Symantec’s latest annual Internet Security Threat Report[1] reveals a shift in the way cybercriminals are organised, describing how they are adopting industry best practices and putting sophisticated organisations in place so they can launch attacks more efficiently.

As well as the growing volume, frequency and complexity of cyberthreats, the report highlights the key trends of 2015:

  • An increase of 125% in the number of zero-day vulnerabilities (not yet publicly exposed, or with no known patch), reaching a record figure of 54, or averaging more than one a week. The most dangerous attackers continue to profit from previously undiscovered flaws in browsers and website plug-ins.
  • Malware also increased, with 430 million new pieces of malware discovered in 2015 (up 36%). This explosion shows that cybercriminals are being ever more resourceful in their ability to outsmart corporate protection systems and gain access to company networks.
  • 500 million personal information records stolen or lost in 2015. Security breaches continue to weaken companies, particularly large organisations (over 2,500 people), which were targeted three times more often than others. The report also states that a growing number of companies (up 85%) are choosing not to reveal the full extent of their data breaches. This is a worrying trend, because transparency is key to evaluating the risks and improving protection against future attacks.
  • Ransomware increased by 35%. Cybercriminals are using encryption as a weapon to hold critical company and personal data hostage. This type of attack encrypts the victim’s digital content and holds it hostage until a ransom is paid.
  • The number of spear-phishing campaigns aimed at employees increased by 55% in 2015. Large businesses targeted once were most likely to be targeted again at least three more times throughout the year (an average of 3.6 successful attacks each).
  • Over 100 million technical support scams were blocked in 2015 (up 200%). Attackers trick people with pop-ups alerting them to a "serious error" or "problem", thus steering the victim to a number where a "technical support representative" attempts to sell them a worthless service.
  • 75% of popular websites have unpatched vulnerabilities, with web administrators still struggling to stay current on patches.

So what’s the answer? To thwart cyberthreats, businesses must not allow themselves to be caught off-guard. Instead, they must build their cyber resilience, working with recognised providers to define and deploy a robust security policy and adopt security best practices, including security supervision for early threat detection, intelligent and evolutionary management of incidents and crises, procedures and continuous education for employees, etc.

Consumers are advised to think twice before they click, be wary of scareware tactics, use an effective password policy, safeguard their personal data and limit the amount of personal information they make publicly available on the web, especially via social networks (bank logins, birth date, etc.).
 
More about Thales’s security solutions:
Managed security services: managing an active cyberdefence
Cybersecurity consulting and evaluation: expert advice focused on your security  
Trust management: safeguard your critical data  
Mobile security  
 

 

[1] Internet Security Threat Report, Volume 2, April 2016, Symantec. The report analyses all Internet threat activity detected on Symantec’s global intelligence network, the most comprehensive in the world.