Symantec: Cybercriminals Hijacking Corporate Infrastructure

ItEUs not a matter of if you will be attacked. ItEUs a matter of when. ThatEUs the storyline Symantec is pushing out in volume 20 of its Internet Security Threat Report.

The report reveals cyberattackersEU troubling tactical shift: They are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them.

EUAttackers donEUt need to break down the door to a companyEUs network when the keys are readily available,EU said Kevin Haley, director of Symantec Security Response. EUWeEUre seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them -- giving attackers unfettered access to the corporate network.EU

Bringing Down the Enterprise

According to Symantec, 2014 was a record-setting year for zero-day vulnerabilities. ThatEUs not good news, but whatEUs worse is that it took software companies an average of 59 days to create and roll out patches -- up from only four days in 2013, Symantec noted. Attackers jumped on the opportunity to exploit vulnerabilities. The Heartbleed bug was a prime example and some estimates projected costs to companies in the millions.

There was also an 8 percent increase in highly-targeted spear-phishing attacks in 2014. What made last year particularly interesting was the precision of these attacks, which used 20 percent fewer e-mails to successfully reach their targets and incorporated more drive-by malware downloads and other Web-based exploits, Symantec noted.

We asked Anthony DiBello, director of security at cybersecurity software firm Guidance Software, for his thoughts on the social engineering aspect of enterprise hacks. He told us the social engineering methods hackers use for targeting organizations are becoming far more complex.

EUThere's also more money funding those that commit cybercrimes whether they are government backed or on the payroll of organized crime gangs. These are large groups...

Comments are closed.