Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Internet of Things (IoT) attacks increased 600% between 2016 and 2017. — Symantec, 2018
- Detection of cryptocurrency miners increased 8,500% in Q4 2017. — Symantec, 2018
The Internet of Things (IoT) continues to grow as a prime target for cybercriminals to exploit, according to a new threat report from security firm Symantec. The number of IoT attacks increased from about 6,000 in 2016 to 50,000 in 2017–a 600% rise in just one year, the report found.
The majority of IoT attacks in 2017–21%–originated from China, the report found, followed by the US (11%), Brazil (7%), and Russia (6%). More than half of the attempted attacks against IoT devices targeted the Telnet service, the report found.
Cybercriminals are also increasingly turning to cryptocurrency mining, the report found: Detection of cryptocurrency miners increased 8,500% in Q4 2017 alone. Often, these attackers install miners on victims’ computers or IoT devices without their knowledge.
SEE: Incident response policy (Tech Pro Research)
However, this explosion in mining activity may not continue through 2018, as it is strongly linked to the increase in value of cryptocurrencies like Bitcoin, the report noted.
Ransomware remained a major threat in 2017, with the WannaCry and Petya/Not Petya attacks taking down systems worldwide. While the number of ransomware variants increased 46% last year, the average ransom demand dropped from its peak of $1,071 in 2016 to $522 in 2017. This indicates that established criminal groups are still working, but perhaps have shifted their focus to new, higher-value targets, the report said.
Mobile malware also continues to surge, as the number of new variants increased by 54% in 2017, the report found.
And while threats are increasing, the problem is made worse by the fact that many consumers and businesses continue to use older operating systems, the report found. On Android in particular, only 20% of devices were running the newest major version.
These numbers highlight the need for businesses to ensure that all endpoints, and particularly IoT devices, are secure. IT organizations should be sure to provide employee training on cyberthreats, and implement policies for updating all software systems.