Key Findings From the Symantec Internet Security Threat Report Vol. 23

Endpoint security solution provider Symantec released Volume 23 of their Internet Security Threat Report in March. We finally got the chance to read it through and found it, unsurprisingly, incredibly insightful on the current state of endpoint protection and digital threats.

Here’s some of the findings we found most compelling:

The Numbers around Cryptojacking Are Staggering

We’ve written about illicit cryptocurrency mining, or cryptojacking, many times before. However, that’s because it bears repeating. All evidence suggests cryptojacking is supplanting ransomware as the premiere digital threat, and your enterprise’s endpoint security needs to reflect that new reality.

Symantec’s findings reaffirm this argument. Their report found an 8,500% increase in detected cryptojacking malware on endpoints in 2017. The vendor believes this is because cryptocurrency mining has a low barrier to entry than ransomware for much better profitably.

Symantec also restates a commonly forgotten truth about cryptocurrency mining codes—they may be less flashy than ransomware, but no less devastating. Cryptojacking on your enterprise’s endpoints can cause severe performance issues, higher electricity demands, and even rendering some devices unusable. They recommend keeping an eye on the IoT devices in your network in particular.  

Software Supply Chain Attack See Uptick

The good news is, according to Symantec, vulnerabilities are in fact becoming harder to find and exploit. The bad news is Symantec reports seeing more hackers infect supply chains—200% increase in such attacks. Hacking into software updates, a common attack vector, allows for far easier infiltration into your enterprise’s network.

Symantec Says Ransomware is a Market

Symantec reminds us that ransomware is now a commodity used by (malicious and unscrupulous) economic actors. And like any commodity, ransomware can have its ups and downs. After the market became flooded and demands went too high, it appears ransomware has corrected itself with fewer families demanding less ransom per attack.

Possibly this correction comes as cryptojacking takes ransomware’s place in the digital threat toolbox. However, Symantec warns that ransomware has not gone away by any stretch. Your endpoint security solution should be working to keep them at bay, especially if you are in the banking and financial industries which have seen a resurgence of ransomware attacks.  

Mobile Malware Increases Dramatically

Mobile threats saw a 54% increase in new variants in 2017. Last year also saw 24,000 malicious mobile apps blocked per day. Only a small percentage of mobile endpoints use the latest operating system available, which leaves them more vulnerable.

Symantec also highlights the threat of grayware—applications that are not outright malicious but can prove dangerous all the same. 63% of grayware applications leak the device’s phone number.

Other Essential Numbers

To truly unpack all of Symantec’s endpoint security findings would take pages upon pages of reporting. We do strongly encourage you to read the full report, available here, but here’s a few more of their findings by the numbers to whet your appetite.

2017 saw:

A 92% increase in new downloader malware variants.

A 80% increase in new malware on Mac endpoints.

That 1 in 13 web requests result in malware.

55% of emails are spam.

71% of hacking groups use spearphishing as their main attack vector, making it by far the most widespread.  

A 46% increase in new ransomware variants.

A 600% in IoT attacks, with 11% of those attacks originating in the United States.

In short, your enterprise needs to ensure that your endpoint security solution is up to the new challenges of digital threats. And if it isn’t, then it’s time for an upgrade.