F-Secure: New Cyber Security Report Analyzes ‘Post-Malware’ World
February 2017 by F-Secure
Cyber security company F-Secure released a new report today that explores the trends and threats defining the current state of cyber security across the globe. F-Secure’s State of Cyber Security 2017 report pays particular attention to security issues facing companies as the threat landscape transitions away from conventional malware to more dynamic threats.
“Today’s threats can outsmart old one-dimensional security approaches, regardless of how strong everyone thinks they are. Phishing, lists of pre-compromised accounts and networks sold online, and other resources make breaching a government or Fortune 500 company within reach of a lot of different attackers,” said F-Secure Security Advisor Sean Sullivan. “We’re in a post-malware world because the threat landscape has industrialized, and cyber criminals aren’t only relying on the most common types of malware to make money.”
The report provides data and insights on the key issues cyber security researchers and experts see dominating the threat landscape. Some key findings from the report include:
• A majority of active reconnaissance traffic in 2016 came from IP addresses in just 10 countries, with Russia, the Netherlands, the United States, China, and Germany being hotspots for these activities
• Outdated versions of Android continue to expose mobile devices to risks, with Indonesia having the largest proportion of outdated Android devices in use, while Norway has the smallest
• Most cyber attacks are performed with basic, scriptable techniques against poorly maintained infrastructure
• 197 new ransomware families were discovered in 2016 compared with just 44 in 2015
• Exploit kit usage declined during 2016
The report also contains features on notable events and trends from 2016, including information on Mirai-based botnets, upstream attacks, cyber crime, and general IT trends that are shaping the threat landscape. Several other organizations also contributed articles to the report, including the Finnish Communications Regulatory Authority, Virus Bulletin, and AV-TEST.
According to F-Secure Security Expert Andy Patel, the report was written to send a message to defenders about the importance of risk management. “Commodity malware, like ransomware, is still prevalent. And endpoint protection is great at protecting users from those threats. But defenders need to think about threat assessment, penetration testing, breach detection, incident response, and crisis management if they want cyber security plans they can count on when attackers wise up to their defenses.”
“The bomber will always get through, so defenders better be ready for it,” added Patel.