Beware the phony update, warns data security provider Symantec in a new report.
Hacker attacks on large companies were up 40 percent in 2014 from the year before, Symantec said in a report released Wednesday on Internet security threats, and the hackers often succeeded with a simple trick.
The ruse was an update to a legitimate piece of software.
Once the unsuspecting employee clicked download, a Trojan horse would give hackers a free ride into company networks, where they had unfettered access, the Mountain View internet security company said.
Advanced hackers also were using a company s own infrastructure against it, the report said.
For example, they installed legitimate software onto compromised computers to use as a cloak to avoid discovery by anti-malware tools. Or, they used company management tools to move stolen intellectual property around a company network. Once inside the network, some hackers built custom attack software using the company s own servers.
Five out of six large companies were targeted by various hacker attacks, the report said.
On top of that, many of the attacks exploited previously unknown vulnerabilities, also known as zero day attacks, and it took companies longer to patch them.
By comparison, the average time for a patch to be issued in 2013 was only four days, Symantec said in an executive summary of the report. The
most frightening part, however, is that the top five zero-days of 2014 were actively used by attackers for a combined 295 days before patches were available.
Ransomware was up 113 percent, the report said.
Above: Logo from Symantec
