Symantec’s ISTR suggests seismic shift in the motivation and focus of cyber criminals

Symantec’s Internet Security Threat Report (ISTR) suggests that the Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million-dollar virtual bank heists and overt attempts to sabotage organizations by state-sponsored groups including Shamoon, and record-breaking DDoS attacks that were carried out by infecting IoT devices.

The UAE’s 2016 Internet Security Threat Profile improved with its world ranking dropping from 41 in 2015 to 51 in 2016. In the Middle East and Africa, UAE improved its regional standing, dropping to 10th place compared to 6th the previous year. However, the country was heavily targeted for ransomware, the second highest in the Middle East and Africa region, and representing about 0.5 percent of all global detections. Furthermore, the UAE ranked 26th globally for ransomware attacks, Saudi Arabia was the 20th most targeted country, and the United States ranked first. Symantec found 30 percent of UAE ransomware victims are willing to pay a ransom, compared to 34 percent globally. Adversely, 64 percent of Americans victims are prepared to pay a ransom. Consequently, in 2016 the global average ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Hussam Sidani, Regional Manager for Gulf, Symantec. “The world has seen specific nation states doubling down on political manipulation and straight sabotage. In the Middle East, we saw Shamoon putting the Kingdom on high alert again after attacks were uncovered late 2016. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools, unsecured IoT devices and cloud services.”

“UAE has taken commendable measures at federal, public and private levels to solidify cybersecurity in the country. Furthermore, various entities have made efforts to identify and foster future cybersecurity specialists, and there is also a growing awareness about cyberthreats in the weakest link in the chain – the end user or consumer,” added Sidani.

Other key highlights or trends from Symantec’s ISTR include:

Subversion and Sabotage Attacks Emerge at the Forefront, The Increasing Threat of Ransomware, Nation States Chase the Big Scores, Attackers Weaponize Commonly Used Software; Email Becomes the Weapon of Choice and Cracks in the Cloud.