Cyberthreats in Government Continue to Escalate, Report Says

The results of an annual report centered on the cyberthreat landscape show an increase in attacks across the board.

by / April 15, 2016

While it stands to reason that cyberattacks are bound to increase as our dependence on technology accelerates, a new report released by Symantec highlights a startling surge in zero-day, ransomware and phishing attacks – especially in the public sector.

Despite the belief that cyberattacks are mainly focused on larger agencies, like OPM and the IRS, Kevin Haley, director of Product Management for Symantec Security Response, said smaller, often more vulnerable agencies and governments are more frequently targeted.

According to Symantec's Internet Security Threat Report, 67 percent of the attacks on organizations were launched against those with 250 employees or fewer.

Of the more unsettling trends in the greater cyberthreats space is the increase in ransomware and zero day attacks. Haley said the “professionalization” of the hacking industry is leading to more exploits being made available to nefarious actors. Zero day vulnerabilities refer to unrecognized holes in software, which can then be sold to and exploited by hackers.

According to Symantec’s count, the number of zero day attacks has increased from roughly 10 attacks since the company began monitoring them in 2006 to nearly 60 in 2015, which is 125 percent higher than the previous year.

“Between 2006 and 2012, we saw between eight and 15 [attacks annually]. … Then we hit 2013 and it explodes up to 23, 24 the next year and now we’ve hit 54. We’ve just reached a new plateau in terms of these vulnerabilities,” he said. “That’s because of the professionalization of hunting for these zero day vulnerabilities and the fact that people are paying good money for them, so people are out looking for them.”

Ransomware attacks, like the one launched against Hollywood Presbyterian Medical Center in February, are also seeing a startling increase within the last year. Haley said crypto ransomware attacks, where attackers encrypt an organization’s systems to extort money, grew by 35 percent.

“We saw about 1,000 attacks per day in 2015, and we’ve actually seen peaks of 4,000 per day in 2016,” he told Government Technology. “There’s a real significance to these threats. They’re not an annoyance anymore, they’re a real hazard to all of us.”

The prevalence of malware has also seen a surge in development. In 2015, Haley said there were as many as 430 million new pieces of malware discovered – more than a million pieces launched a day.

While there are instances of nation state actors involved in these types of attacks, Haley said attackers vary from organizations to individuals. Unsurprisingly, the number of attacks correlates closely with countries that have Internet-capable computers.

“It’s coming from everywhere,” he said, adding that although legislation and policy always lag behind the technology industry and its capabilities, he sees positive steps being taken to strengthen security. Within organizations, he points to a lack of adherence to best practices as one of the key factors behind security vulnerabilities.

“From what I see, the biggest problem is that many companies have not taken this seriously enough. ... They’re not being serious about security," Haley said. "We see that in many cases, best practices are not followed."

Procedures can be as simple as not allowing executable file attachments through email systems. These files, once opened, infect computers and the systems they are connected to.

“There are many places that aren’t doing something as basic as not allowing executables to come in through their mail systems," he said. "It’s just a standard best practice."

Additionally, Haley said that organizations and individuals, if targeted once, were likely the victim of three other attacks that were not caught initially as of 2015.

“The joke used to be that there are two kinds of people: those who had been attacked and those who didn’t know they had been attacked,” he said. “Most people have been attacked four times if they have been attacked at all." 

Eyragon Eidam Web Editor

Eyragon Eidam is the Web editor for Government Technology magazine, after previously serving as  assistant news editor and covering such topics as legislation, social media and public safety. He can be reached at eeidam@erepublic.com.