• What are the most common threats for 2016?

What are the most common threats for 2016?

|
The cybercrime landscape is constantly shifting, with new threats coming in to play all the time. As such, it is important for internet users to be aware of the current areas of risk to ensure that they are doing all they can to protect their details from online criminals.

The latest intelligence for March 2016 from Symantec has revealed the threats being posed to individuals and organisations alike this year. Here are current the key avenues for cybercrime revealed by the statistics(1). 

1. Phishing scams

According to the Symantec report, phishing increased from February to March 2016 to an average rate of one in every 1,773 messages. The sectors most commonly being affected by phishing are real estate, finance and insurance. Professionals in these industries may need to be especially vigilant(1).

It is apparent that cybercriminals are often using phishing messages to trick people into revealing their personal or financial details. A prime example of this can be seen in a recent round on fake SMS messages reported by ABC Online in February 2016. The messages asked users for "account verification" and lead them to fake online banking domains created to resemble those of major Australian banks. These sites were described as being very convincing, and even included details like a loading page to make them appear more authentic - demonstrating the lengths that online thieves will take to gain access to a victim's details(2).

2. Web attacks

The Symantec report showed that the prevalence of web attacks has decreased slightly, but it is still a significant issue for cybersecurity. The amount of web attacks that were blocked each day reduced by around 130,000 to a daily rate of 745,000. Although this may still seem like and alarmingly high figure Symantec's Financial Threat report for 2015 showed that 2016's rates are substantially lower than in the pervious year, which saw an average of 1 million web attacks blocked per day(3).

The most frequently used toolkit for web attacks so far in 2016 has been Spartan, at 26.8 per cent in March, followed by Anglar, suggesting that these may be the toolkits to look out for this year(1).

3. Mobile and social media scams

Interestingly, mobile and social media attacks have been shown to be two of the most prominent threats to internet users at present. The manual sharing rates of social media scams increased to around 74 per cent in March, and there are around 50 different variants of mobile malware per family that have been detected suggesting the malicious software is becoming more adaptable(1).

The use of personal details on social media accounts is particularly concerning, with security solutions company MailGuard reporting that scammers have been using the it to create personalised email attacks on users. The messages are more convincing because they include information such as the recipient's full mane, job and location, and appeared to come from Australia Post. The case demonstrates that Australian social media users should be aware of the information they provide on these platforms and how it might be misused(4).

4. Spam

According to the Australian Spam Act 2003, it is illegal to send unsolicited electronic messages. With a possible penalty of up to $1.1 million a day for organisations that repeatedly infringe on the law, it could be supposed that this would be enough to deter offenders. Yet this legislation is difficult to enforce where the sender resides outside of the Australia. Consequently, spam is a common issue for internet users around the country(5).

However, the Symantec report shows a slow decrease in spam rates for March, dropping to 52.9 per cent, and is down across most industries and company sizes. Although no-one is immune to spam, the current most commonly affected sector is reported to be Mining, followed by construction and manufacturing(1). 

5. Malware

Finally, another recent banking attack has illustrated the how significant the issue of malicious software is at present. The Sydney Morning Herald reported that advanced malware was hidden on the devices of affected users, which superimposed a fake interface when the apps of many major banks were accessed. The malware was also capable of intercepting the real security messages of the banks, meaning victims were completely unaware they were being scammed. This enables hackers to attain security information and use it to encroach on people's bank accounts, transferring funds at will(6).

This issue is reflected in the Symantec insights, which reveals that one out of every 118 emails contains malicious software, with 16.7 new malware variants discovered. Additionally, Symantec reports that while companies of all sizes can be targeted by malware, those with between 251 and 500 employees are currently the most affected(1).

If you suspect that you or your company have been affected by any of the current cybersecurity risks, it is important that you take action to insure that your information is safe. For advanced detection of online fraud and identity theft, contact Identity Watch today. 

1 Symantec. Monthly threat report. Accessed 19 April 2016.

2 ABC Online. Mobile banking customers are being targeted in a 'persistent and sophisticated' SMS phishing scam. Accessed 19 April 2016.

3 Symantec. Financial threats 2015. Accessed 19 April 2016.

4 MailGuard. Breaking: Scammers Shift to Social with New AusPost Ransomware Attack. Accessed 19 April 2016.

5 ACMA. Spam. Accessed 19 April 2016. 

6 Sydney Morning Herald. Malware hijacks big four Australian banks' apps, steals two-factor SMS codes. Accessed 19 April 2016.