Archive for Symantec

Alarming Increase in Targeted Attacks Aimed at Politically Motivated Sabotage and Subversion: Symantec

Posted in Commentary with tags on April 28, 2017 by itnerd

Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec’s Internet Security Threat Report (ISTR), Volume 22, released yesterday.

Symantec’s ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. Key highlights include:

Subversion and Sabotage Attacks Emerge at the Forefront

Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. Cyber attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly-publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns – including the U.S. election and Shamoon – point to a growing trend to criminals attempting to influence politics and sow discord in other countries.

Nation States Chase the Big Scores

A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland. 

Attackers Weaponize Commonly Used Software; Email Becomes the Weapon of Choice

In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 percent of PowerShell files seen by Symantec in the wild were malicious.

The use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users. Symantec found one in 131 emails contained a malicious link or attachment – the highest rate in five years. Further, Business Email Compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails – scammed more than three billion dollars from businesses over the last three years, targeting over 400 businesses every day.

Caving in to Digital Extortion: Americans Most Likely to Pay Ransom Demands

Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide.

However, the United States is firmly in the crosshairs of attackers as the number-one targeted country. Symantec found 64 percent of American ransomware victims are willing to pay a ransom, compared to 34 percent globally. Unfortunately, this has consequences. In 2016, the average ransom spiked 266 percent with criminals demanding an average of$1,077 per victim up from $294 as reported for the previous year.

Cracks in the Cloud: The Next Frontier for Cyber Crime is Upon Us

A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.

Cloud security continues to challenge CIOs. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier. These cracks found in the cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their environment.

About the Internet Security Threat Report

The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze and provide commentary on emerging trends in attacks, malicious code activity, phishing and spam.

Symantec will host a webinar on this year’s ISTR results on May 16 at 10 a.m. Pacific / 1 p.m. Eastern. For more information or to register, please go here . Please visit Symantec’s website to download the full report plus supplemental assets.



Google Finds Flaws In Symantec AV Software That Have Existed For YEARS

Posted in Commentary with tags , on July 1, 2016 by itnerd

Millions of people and companies that use Symantec’s anti-virus software were likely living with serious vulnerabilities for years according to Google’s Project Zero. That means they were at risk for being pwned by hackers. Here’s the details:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
As Symantec use the same core engine across their entire product line, all Symantec and Norton branded antivirus products are affected by these vulnerabilities, including:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on.
Some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks. Symantec has published advisories for customers, available here.
If you have a Symantec anti-virus product, you need to update yourself right now because it’s a safe bet that the forces of evil will take advantage of these flaws now that they’re public. it also shows that just because you have anti-virus software installed on your computer, it doesn’t mean that you’re safe.

Norton and Staples Canada Launch Norton Virus Protection Service

Posted in Commentary with tags , on July 18, 2014 by itnerd

Norton and Staples in Canada have launched a very unique service that helps to protect you from viruses. Called the Norton Virus Protection Service, it’s not simply just another boxed product. Here’s the key points:

  • When customers purchase any installation package with Norton 360 Multi-Device on their computer. The customer follows the normal product support and if it is detected that they have a virus, Norton Support will provide their extended Virus Removal Service included with this product through the Staples Easy Tech Services.
  • If remote services do not resolve the virus issue, Norton will have an agent dispatched to examine the problem on-site.
  • This service can be added on to most installation services available through Staples Easy Tech Centres.
  • Norton Virus Protection Services covers one user, for one year from the date of installation.
  • The product/attached services are available exclusively at Staples locations across Canada
  • The Norton Virus Protection Service is available on your first device for $99, additional services can be purchased for your other devices for only $49 each (PC’s, Mac’s, smartphones and tablets).
  • These products are available in both English and French.

The key thing is that support is available 24/7. So you can get help when you need it. That’s key because according to Symantec, 80% of Canadian consumers still believe they will NOT fall victim to a computer virus, malware or spyware in 2014. From my personal experience I know that if you don’t protect yourself you will get hit by something. So any service that makes it easy to protect consumers from all of that is a good thing. Thus I believe that  Staples and Norton have a winner here that a variety of people would benefit from.

Android Malware Scammer Who Pocketed $3.9 Million Busted: Symantec

Posted in Commentary with tags on July 29, 2013 by itnerd

If you’re a fan of Poker, you’ll recognize the name of Masaaki Kagawa. For those who who aren’t into poker, he’s an avid and successful poker tournament player who won more than $1 million in worldwide tournaments. He also had a side hobby. He ran operation that dealt in Android Marware. Mr. Kagawa’s operation began around September, 2012 and ceased in April, 2013 when authorities in Tokyo raided the company office. Symantec confirmed around 150 domains were registered to host malicious Android apps during this span. The group was able to collect approximately 37 million email addresses from around 810,000 Android devices. As a result, the company earned approximately $3.9 million US dollars by running a fake online dating service called Sakura site. Spam used to lure victims to the dating site was sent to the addresses collected by the malware.

If you want more detail about Kagawa and how Symantec helped to take him down and stop this threat to Android users click here. It shows how security companies like Symantec is making the digital world safe for all.

Android Malware Toolkit On Underground Economy: Symantec

Posted in Commentary with tags , on July 17, 2013 by itnerd

If you use an Android phone. Then you need to read this Symantec blog post. Mobile malware is now a commercial product available on the online underground economy and the development of mobile malware toolkits is one indication the evolution of mobile malware is steadily moving towards becoming a true criminal enterprise. An example of this is the so called AndroRAT APK Binder which is a tool now being sold on the online underground economy that easily allows an attacker with limited expertise to automate the process of infecting any legitimate Android application with the AndroRAT malware, thus Trojanizing the app. Symantec data shows only several hundred infections of AndroRAT worldwide at this time; however, the telemetry is reporting a recent rise in infection numbers, which Symantec expects to continue as both the availability and sophistication of tools such as AndroRAT APK Binder increase.

If that doesn’t make you nervous, it should. I would recommend reading the blog post and protecting yourself accordingly.

Symantec Looks At Organizations Attitudes Towards Migration To Windows Server 2012

Posted in Commentary with tags , on May 27, 2013 by itnerd

The only thing that is constant in IT is change. One of the bigger changes for IT is Windows Server 2012. Symantec wanted to see how businesses are doing when it comes to navigating their way through these changes. These key facts emerged:

  • While many are planning to upgrade to Windows Server 2012, 93 percent haven’t actually made the move yet

For those that are planning to migrate:

  • 13 percent plan to make the move after the 1st service pack
  • 15 percent within the next 6 months
  • 17 percent within the next 12 months
  • 11 percent in more than 12 months

So it looks like there is a conservative march towards Windows Server 2012 which is likely the sensible thing to do. The report that Symantec did on this topic also reports on what factors are responsible for this slow pace of transition as well as other factors that organizations are considering. It’s a very interesting read and worth a look if you’re looking to move to Windows Server 2012.

Cybercriminal Tactics Are Changing: Symantec

Posted in Commentary with tags on April 17, 2013 by itnerd

Symantec yesterday released their latest Internet Security Threats Report with something that caught me off guard. There was a 58 percent increase in mobile threats occurred last year, with a third of those threats designed to steal information. These are threats that are aimed at smartphones and tablets. Not only that, social networks are becoming more of the launching pad for attacks, not to mention that targeted attacks, hacktivism, and data breaches are on the rise. Not good if you ask me. I strongly suggest that you give this a read if you have a business or support users in a business from a IT security perspective.

Now on the mobile front, I’ll mention this: Symantec announced an update to their Mobile Management Suite that provides some protection from the mobile related threats. Updates include:

  • a secure email client for both iOS and Android platforms
  • single sign-on across wrapped apps to improve authentication process and security
  • SSL policing and URL whitelisting for secure app connections

More details can be found in this blog post. Businesses who have mobile devices deployed, should take a look at this.