IoT devices, cloud solutions soft target for cybercriminals: Symantec

IoT devices, cloud solutions soft target for cybercriminals: Symantec
Photo Credit: Photo Credit: Thinkstock
4 Oct, 2019

Internet-of-things (IoT) devices are becoming increasingly vulnerable to targeted attacks, found a study by cybersecurity company Symantec Corporation.

IoT devices are considered as a soft entry point for cybercriminals as they help hackers intercept communication and steal data.

California-headquartered Symantec found that routers and connected cameras made up 90% of infected devices. Other IoT devices such as smart light bulbs and voice assistants can also be used to steal user credentials and data. 

The study also found that there has been a rise in attacks on cloud workloads carrying enterprise data. In 2018, more than 70 million records were stolen or leaked from poorly configured cloud Amazon Web Services S3 (simple storage service) workloads alone, the study found.

The cybersecurity company said that hardware chip vulnerabilities allow intruders access to companies’ protected memory spaces. 

Apart from the growing security threats plaguing IoT devices and cloud workloads, ransomware targets have seen a shift from consumers to enterprises. 

Ransomware attacks registered an overall decline for the first time since 2013, falling by 20%. However, Symantec found that ransomware attacks on enterprises have risen by 12%.

The study found that cryptojacking fell 52% in 2018. The fall was attributed to the decline in the value of cryptocurrencies.

Instances of formjacking have also increased sharply as around 4,800 websites are compromised each month. Websites such as that of British Airways and online ticketing platform Ticketmaster garnered the most formjacking attacks. More than 380,000 credit cards’ details were stolen from the British Airways portal alone.

Formjacking is a form of cybersecurity attack by which cybercriminals steal credit card details from payments forms on the checkout webpages of ecommerce portals. 

Conventional cybersecurity attacks such as spear-phishing are still popular among cybercriminals. Symantec found that intelligence gathering remained the primary motive of spear phishing. 

The study also found that one in ten targeted attack groups makes use of malware to destroy and disrupt business operations, rather than limiting themselves to stealing data.

As per the Symantec report, cybersecurity attacks made on supply-chain systems registered a rise of 78%.

In its report titled ‘2019 Internet Security Threat Report, Volume 24’, Symantec surveyed cybersecurity threats from over 157 countries and territories across the world. 

The report analysed data from Symantec’s Global Intelligence Network, which claims to record events from 123 million attack sensors worldwide.

Symantec provides cybersecurity solutions include integrated cyber defence, advanced threat protection and endpoint security across sectors such as education, healthcare, automotive and financial services. The company also provides business to consumer cybersecurity solutions through its Norton line of products. 

Recent cybersecurity report findings:

IT services giant Infosys found that two-thirds of the enterprises it surveyed struggle to embed security solutions in their technology architecture. 

In an interview with TechCircle, Vaidyanathan Iyer, security software leader for India and South Asia at IBM, said that digital transformation has made enterprises more vulnerable to data breaches.

Cybersecurity firm Sophos found that phishing emails impacted 54% of all Indian enterprises attacked by hackers. 48% of the enterprises surveyed suffered from a breach of their data while 39% of them were attacked by ransomware.