The number of targeted cyber-attack campaigns increased by 91 per cent in 2013, with each attack lasting three times longer than in 2012, according to an industry report.
Symantec’s Internet Security Threat Report 2014, found that the mining, which includes oil and gas, and manufacturing industries were most at risk of being attacked, while the most targeted attacks last year were against governments and the services industry.
The cyber-security provider describes 2013 as the year of the ‘Mega Data Breach’, with the total number of data breaches up 62 per cent to 253.
“However, even a 62 per cent increase does not truly reflect the scale of the breaches last year. 2013 was the year of the mega breach, with eight of the data breaches exposing more than 10 million identities,” it was noted in the report.
Spear phishing attacks, in which the cyber-criminal uses email spoofing for financial gain or trade secrets, were found to more evenly target large organisations and SMEs last year, with large corporations hit by 39 per cent of attacks compared to 50 per cent in 2012.
The most targeted worker for spear phishing was found to be a personal assistant at a large mining company, which may be particularly relevant to hydrocarbon rich GCC nations, as oil and gas businesses are classed under this category.
Paul Wood, cyber security intelligence manager at Symantec’s Security Technology and Response Group, speculated that this was because of the valuable exploration data these firms hold.
Ransomware attacks, in which cyber criminals pretend to be law enforcement demanding a fake fine of between $100 and $500, increased by 500 per cent last year, with 1.5 million internet users targeted.
The company also highlighted an evolution, Ransomcrypt, as a potentially increasing problem for 2014.These attacks encrypt victims’ files, demanding money to get them back, and can prove even more damaging to businesses if they target network drives.
A small percentage of Ransomcrypt attacks using RSA 2048 encryption make it impossible to get files back if they aren’t detected by security solutions.
“Without access to the private key there is nothing you can do,” said Orla Cox, senior manager for security response at Symantec’s Dublin offices.
Symantec also highlighted the increasing number of Internet of Things devices targeted last year including routers, baby monitors and security cameras.
“While the benefit to attackers of compromising these devices may not be immediately clear and there is still a lot of hype, the risk is real. Internet of Thing (IoT) devices will become access points for targeted attackers and become bots for cyber-criminals,” according to the report.