Online election defense improving, threat report finds
- By Derek B. Johnson
- Feb 21, 2019
Symantec's latest annual internet threat report credited the U.S. government and social media companies with using a mix of intelligence, bot tracking and lessons learned from the 2016 election to identify and close thousands of accounts and pages believed to be associated with foreign influence campaigns.
The Department of Homeland Security and U.S. Cyber Command also got shout outs for efforts to protect election infrastructure in the lead up to the 2018 midterms. Those efforts included conducting cyber operations against Russia and other nations, establishing better coordination with states and installing Albert sensors that could detect malicious activity around voting machines and election software.
However, such cyber campaigns continue, and these organizations should only get "partial credit" for tackling the issue until their efforts are further tested during the 2020 presidential elections, Symantec said.
Other threat trends highlighted include the rising use of formjacking, which steals credit card details and other information from payment forms on web pages, and cryptojacking, where unwitting victims' computers are used to mine cryptocurrencies.
Ransomware, which made headlines in when it hit state and local government offices, is accelerating in the enterprise, accounting for 81 percent of all ransomware infections. Even though overall ransomware attacks were down, 2018 saw a 12 percent increase in enterprise infections, primarily delivered by email campaigns. Because enterprises rely on email as their chief communication tool, they have been hit harder by email-based attacks, the report said.
While the rate of malware in emails stayed relatively constant, phishing levels declined, as it has every year for the last four years, the report said. Symantec also found that the global use of zero-day exploits continues to fall, while malware inserted into Microsoft Word documents accounted for nearly half of all malicious email attachments -- a huge leap from 2017 when the practice accounted for only five percent of such attacks. Macros in Office files are also used by cyber crime groups to propagate malicious payloads.
"Hunting for a zero day is very expensive,” said Ken Durbin, a senior strategist for global government affairs at Symantec. "It takes time and effort and resources and … once it's out in the wild it can be mitigated, which means you've lost your investment. It's very hard to flag Microsoft Word traffic as malicious unless you have more context around it, so it's hiding in plain sight."
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a former senior staff writer at FCW.