Website Security Threat Report Part 2

It’s often said that the only constant in life is change. This certainly rings true in the realm of internet security, where the struggle between those who are trying to protect the digital world and those who are trying to exploit it remains a long-standing game of cat-and-mouse.

Volume 20 of Symantec’s Internet Security Threat Report (ISTR) reveals that cyberattackers are infiltrating networks and evading detection by hijacking the infrastructure of companies and turning it against them, while extorting end-users through their smartphones and social media to make some quick cash.

With high-profile breaches constantly making headlines, people are more aware of their cyber “risk factor” than ever before—but many still aren’t taking action or are stuck fighting against old tactics rather than facing attackers head-on.

In 2014, we saw attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them. Once a victim had downloaded the software update, attackers were given unfettered access to the corporate network. Highly-targeted spear-phishing attacks remained a favorite tactic for infiltrating networks, as the total number of attacks rose eight percent. What makes last year particularly interesting is the precision of these attacks. Spear-phishing attacks used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.