Symantec report says the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54
Zero-day vulnerabilities were a weekly occurrence in 2015. Advanced criminal attack groups now echo the skills of nation-state attackers. They have well-resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off”, says Kevin Haley, director, Symantec Security Response.
“Organized hacking teams are turning these exploits into big business, creating a whole new market around finding and then selling them on to lower-level cyber-criminals to take advantage of”, he added.
“They will say attackers came and stole from us, but not saying how many records were lost”.
These sophisticated hackers are often the first to embrace zero-day vulnerabilities, which increased by 125% percent in 2015 to 54. The report said malware had risen at a staggering rate with 430 million new malware variants discovered in 2015, showing that cybercriminals were “leveraging vast resources” to try to overwhelm defenses and enter corporate networks.
This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit, indicating that the enterprise is the next target. The UK ranked as the most targeted nation for spear-phishing campaigns that attempt to steal data by targeting employees within a specific organization.
Ransomware infections also rose by 35 percent, but anyone that’s been reading a security blog can reach the same conclusion, 2015 being a year like no other for ransomware operators. Ransomware, which encrypts files on a computer that are only unlocked when victims pay a ransom, also remained popular among cybercriminals past year.
Fifty-four zero-day vulnerabilities were discovered past year, according to a report released this morning by Symantec, more than double that of 2014, and the number of mega-breaches of more than 10 million records also hit a record high.
As attackers evolve, Symantec said there are steps businesses can take to protect themselves, such as partnering with a managed security service provider (MSSP) to extend in-house security capabilities. This type of attack increased by 55 per cent in 2015. Symantec recommends that businesses implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies.
More Here [Symantec]