Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Supply Chain Attacks Nearly Doubled in 2018: Symantec

The number of supply chain attacks observed last year was 78% higher compared to the previous year, a new Symantec report reveals. 

The number of supply chain attacks observed last year was 78% higher compared to the previous year, a new Symantec report reveals. 

Aiming to compromise a target by exploiting third-party services and software, supply chain attacks take many forms, including the hijacking of software updates to inject malicious code into legitimate software. Threat actors abuse stolen credentials or compromised third-party libraries to exploit software developers in their attacks. 

2018 has seen a surge in formjacking attacks, once again proving that supply chain can be a weak point for online retailers and eCommerce sites, Symantec reveals in its latest Internet Security Threat Report (ISTR). Many of these formjacking attacks steamed from compromised third-party services used by online retailers, including chatbots and customer review widgets.

Ransomware attacks went down 20% compared to 2017, but attacks against enterprises increased 12% and mobile ransomware surged 33%. Cryptojacking attacks dropped by 52% between January and December, likely influenced by a 90% drop in the value of Monero.

The use of off-the-shelf tools and operating system features to conduct attacks increased as well in 2018, with PowerShell usage showing a massive surge: the number of scripts blocked at endpoint went up 1,000% compared to the previous year. 

“While we block on average 115,000 malicious PowerShell scripts each month, this only accounts for less than 1 percent of overall PowerShell usage. Effectively identifying and blocking these attacks requires the use of advanced detection methods such as analytics and machine learning,” Symantec notes. 

Attackers also switched focus to smaller organizations, which were more likely to be hit with spam, phishing, and email malware last year. Spam levels continued to rise in 2018, reaching 55% of all emails, email malware remained stable, but phishing dropped from 1 in 2,995 emails to 1 in 3,207 emails.

Microsoft Office accounted for 48% of all malicious email attachments, as cyber-crime groups such as Mealybug and Necurs used not only macros in Office files, but also malicious XML files and Office files with DDE payloads. There were fewer URLs used in malicious emails (7.8%) as attackers focused on malicious attachments. 

Advertisement. Scroll to continue reading.

The use of zero-day exploits continued to decline last year, with only 23% of attack groups using zero-days. Some attack groups such as Gallmaker switched to relying solely on “living off the land” techniques, without using malicious code. 

Large attack groups intensified their activity in 2018 and also diversified their targets. More and more groups focused on compromising operational computers to mount disruptive operations, a tactic pioneered by the Dragonfly espionage group. The method was also adopted by groups such as Thrip and Chafer last year. 

According to Symantec, the increased interest in potentially disruptive attacks was also reflected in the number of groups known to use destructive malware, which went up by 25% in 2018.

The number of indictments in the United States against people alleged to be involved in state-sponsored espionage also went up last year, with 49 individuals or organizations indicted. The US charged 18 alleged Russian agents with involvement in attacks relating to the 2016 presidential election, 19 Chinese individuals or organizations, 11 Iranians, and one North Korean

“This sudden glare of publicity may disrupt some of the organizations named in these indictments. It will severely limit the ability of indicted individuals to travel internationally, potentially hampering their ability to mount operations against targets in other countries,” Symantec notes.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Supply Chain Security

Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...

Supply Chain Security

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...