The number of attacks using software vulnerabilities increased by almost a quarter last year, to 702 million, according to a new report by Kaspersky Lab. This comes the same week as the UK’s National Crime Agency (NCA) published a report that found that more young people are getting into cyber crime using inexpensive off-the-shelf hacking tools such as DDoS- and ransomware-as-a-service.
According to Kaspersky Lab, there were 702,026,084 attacks using exploits in 2016, up 24.54% on the previous year.
The most exploited applications were browsers, the Windows and Android operating systems, and Microsoft Office. The majority of respondents (69.8%) claimed they encountered an exploit for at least one of these applications in 2016.
By contrast, there was a 20.85% decrease in the number of affected users, to 4,347,966.
One possible reason for this decline could be a reduction in the number of sources for exploits, the report said. Last year saw several large exploit kits, such as Neutrino and Angler, leave the underground market. Kaspersky’s researchers said this significantly affected the overall threat landscape, as many cyber criminal groups appeared to lose their capabilities to spread malware.
Rise in younger cyber criminals and off-the-shelf tools
Meanwhile, the NCA’s report focused on how and why young people – who are the most statistically likely to be cyber criminals – turn to cyber crime.
In 2015, the average suspect in NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in economic crime cases.
The NCA found that off-the-shelf tools such as DDoS- and ransomware-as-a-service – which can be used by even unskilled hackers – provide young people with the means to commit attacks.
Their motive is not, as you might expect, ideological or financial. Rather, cyber criminals surveyed by the NCA said they turned to crime because of the lack of alternative opportunities to apply their computing knowledge. Cyber crime provides a community motivated by a sense of belonging, and criminal acts reportedly gave hackers a sense of accomplishment and increased their online reputation.
There is untapped good
The idea that criminals are victims of circumstances is a story we’ve all heard before, as is the claim by Richard Jones, head of the National Cyber Crime Unit’s Prevention team, that all these criminals have the potential to use their powers for good.
Cyber crime can be mitigated, he says, by “highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give [young people] the sense of accomplishment and respect they are seeking”.
Protect your organisation by conducting regular penetration tests
Every day, hackers figure out new ways to break into websites and exploit vulnerabilities that companies and web app vendors don’t know about yet. Their goal may not always be financial, but a breach of your systems will almost always lead to some kind of repercussion – be it the loss of information, a regulatory fine, or damage to your reputation.
Regular vulnerability scans and penetration tests should be a fundamental part of any organisation’s security review. These tests identify vulnerabilities, provide advice on how to fix them as quickly as possible, and make sure all security controls are updated and working efficiently.
IT Governance offers a variety of penetration testing services to meet your organisation’s needs, from network testing and web application pen tests to wireless pen tests and simulated phishing attacks.