Last year saw "far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years," Symantec Intelligence revealed in a new report.
Symantec tipped a 23 percent increase in the number of online breaches in 2014. "However, attention shifted during the year from what was being exfiltrated to the way attackers could gain access."
Specifically, the news focused on how hackers were exploiting specific bugs, like Heartbleed, Shellshock, and Poodle.
Unfortunately, many attack victims are not able to keep up. "When it comes to incident detection and response, time has an ominous correlation to potential damage," Jon Oltsik, senior principal analyst at ESG, said in a statement. "The longer it takes an organization to identify, investigate and respond to a cyber-attack, the more likely it is that their actions won't be enough to preclude a costly breach of sensitive data."
In 2014, spear-phishing attacks—phishing attacks that target specific companies—were up 8 percent, as hackers got down to business. Rather than blindly sending email to random targets to see who they could snag, attackers were more strategic, "deploying 14 percent less email towards 20 percent fewer targets," Symantec said.
But while major breaches captured headlines, Symantec said that "60 percent of all targeted attacks [in 2014] struck small- and medium-sized organizations. These organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments."
That also contributed to a 113 percent increase in ransomware attacks, including a 4,000 percent increase in crypto-ransomware, a tactic that allows an unmasked hacker to hold hostage the victim's files, photos, or other digital media, offering a decryption key for $300 to $500—without the promise their files will be let go.
Going forward, Symantec warned about an increased use of social networks among hackers. "In 2014, Symantec observed that 70 percent of social media scams were manually shared," the company found. "These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend.”
The report also cautioned people to be aware of mobile threats; attacks are not confined to PCs. The Internet of Things, meanwhile, will only exacerbate that problem, as many IOT services are linked to mobile devices.
Meanwhile, a similar report from Enterprise Strategy Group (ESG), commissioned by Intel Security, tipped an average 78 security investigations last year by each of the 700 surveyed organizations.
Like Symantec, ESG found that "security professionals often have limited knowledge about the latest tactics, techniques, and procedures."