Symantec's 2017 Internet Security Threat Report (ISTR) details how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity. This report covers a lot of areas like international bank heists, disrupted elections, and state-sponsored attacks. However, one thing stood out and that is the following paragraph:
Email Becomes the Weapon of Choice
Email posed a dangerous and efficient threat to users: one in 131 emails contained malware, the highest rate in five years. And Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years.
A combination of PowerShell, a common scripting language installed on PCs, and Microsoft Office files was an effective weapon. Cyber criminals used the two to leave a lighter footprint and hide in plain sight. Last year, 95 percent of PowerShell files seen by Symantec in the wild were malicious.
Which was followed by:
USA is an Easy Mark for Ransomware Scammers
64 percent of Americans cave in to digital extortion
Ransomware escalated across the globe as a profit center for criminals. Symantec identified 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide.
The United States was the biggest – and softest – target. Symantec found 64 percent of Americans are willing to pay a ransom, compared to 34 percent globally. And the average ransom spiked 266 percent, with criminals demanding an average of $1,077 per victim.
I suggest you grab a copy of this report. It is excellent ammo if you need to get more IT security budget:
https://www.symantec.com/security-center/threat-report
