How to Read Symantec’s Internet Security Report to Improve Your EPP

How to Read Symantec's Internet Security Report to Improve Your EPP

Today, endpoint security solution provider Symantec released their Internet Security Threat Report for February 2019. Among their findings, Symantec revealed 4,800 websites on average suffer a formjacking code attack every month.

Symantec’s findings of course prove vital threat intelligence for enterprise IT security teams around the world. However, some of the most essential lessons exist between the lines of the statistics. We here at Solutions Review read the report in full and decided to use it as a jumping off point to make some key points about endpoint security.

Securing the digital perimeter doesn’t begin and end with raw numbers (although that often proves a solid foundation). It begins with understanding how these numbers influence the gradual adjustments in your endpoint security policies and rules.

Key Findings from the Symantec Internet Security Threat Report

Before we dive into what these numbers mean, we need to establish some of Symantec’s key findings:

  • 1 in 10 URLs are malicious.
  • Web attacks on enterprises rose 56%.
  • 2018 saw four times the number of cryptojacking attacks than 2017.
  • However, cryptojacking continues to trend downwards as cryptocurrency falls in value.
  • Overall ransomware attacks are down 20%.
  • Enterprise-targeting ransomware rose 12%.
  • Mobile ransomware rose 33%.
  • Malicious Powershell scripts, a key component of fileless malware attacks, rose over 1000%.  

With these numbers to guide us, we can conclude…

Formjacking: There is Always a New Threat

In their report, Symantec defines formjacking as “the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of eCommerce sites.” They also report a serious uptick in formjacking attacks in 2018.

Formjacking falls under the umbrella of supply chain attacks, in which threat actors use third-parties to get their malicious codes to their actual target websites or users. Moreover, Symantec believes the rise of formjacking correlates with the drop in cryptojacking malware. Cryptocurrencies’ overall drop in value means stealing credit cards through formjacking proves a far more reliable malicious revenue source in the current climate.

However the real lesson in endpoint security from formjacking is that your digital perimeter must always be prepared for a new threat vector or attack tactic. Hackers constantly seek out the most profitable cyber attack and probe defenses to look for new ways to bypass your endpoint security. If what once worked no longer pays as it used to, they seek out a new tactic.  

Your endpoint security needs a steady threat intelligence feed to best supplement their defense tactics and EDR capabilities. Only preparing for the last attack leaves on the back foot when hackers come calling.    

Cryptojacking and Ransomware: Old Threats Persist and Recur

Symantec points out that even with the drop in cryptocurrency mining malware attacks, they still blocked 3.5 million such attacks in December 2018 alone. Meanwhile, ransomware overall dropped but enterprise ransomware attacks rose. Importantly, enterprise ransomware had through 2018 suffered a drop in usage.    

Cryptojacking and ransomware combine to provide an important lesson to enterprises: no threat goes away. Yes, cryptojacking may never see the same levels of popularity it enjoyed in 2018. However, some hackers will continue to use it as early adopters shift to other cyber weapons; the return of ransomware as an enterprise threat illustrates this perfectly.

Your firewall and EDR must remain attuned to these threats as they continue to evolve and see usage in smaller numbers. Cybersecurity remains a marathon. Don’t let yourself trip because you dodged a pothole the first time.  

Fileless Malware: Legacy Antivirus is Dead

Symantec found an increase in “living off the land” attacks via PowerShell; these attacks also go under the alias “fileless malware.”

We’ve written extensively on the dangers of fileless malware and the inability of legacy endpoint security solutions to detect much less prevent them; it doesn’t download a file when it runs it malicious scripts, making signature detection impossible. It’s no wonder fileless malware continues to see massive escalation in usage in 2018.

Therefore, enterprises need to stop deluding themselves into believing their legacy antivirus solutions can keep them secure. While familiar and comforting, these traditional solutions are wildly inadequate for defending against fileless malware and other modern penetrative threats.

Your enterprise needs a modern endpoint security solution. To leave your digital perimeter lingering in a feeble state lays out the welcome mat for innovative hackers. Unfortunately, hackers are nothing if not innovative.   

Why Internet Security Matters to Endpoint Security

But ultimately, the question surrounding the Symantec Internet Security Threat Report for February 2019 is how it relates to endpoint security at all.

Endpoints don’t exist in a vacuum. They serve as the gateway both to your network and digital resources and to the wider Internet. Hackers are constantly developing ways to use malicious websites as a jumping off point to infiltrate more lucrative targets, including your business. With the rise of bring-your-own-devices culture and the Internet of Things, anything connecting to the Internet and your network can become a potential infection point.

Your endpoint security has to prepare for this eventuality. You can start by making sure every device connecting to your network has a consistent level of endpoint security. Further you should ensure your endpoint security can recognize and block malicious websites and codes.  

You can read the full Symantec Internet Security Threat Report for February 2019 here.

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *