SAN FRANCISCO — Organized criminal gangs of hackers got smarter, faster and more ubiquitous last year, pulling off 312 major breaches against companies. That’s up 23% from the year before, Symantec’s 2014 Internet threat report found.
Health care companies were a major focus of hackers, with 37% of breaches in that sector, compared with 11% in retail and 10% in education, the security company’s yearly look at the seamy underbelly of the Web found.
Things are just as bad for individuals. Symantec, maker of Norton security software, found that fully 60% of all email is spam, though thankfully most email systems filter it out much of it.
That’s down from 66% in 2013, Symantec said. But the numbers are still enormous. An estimated 28 billion spam emails were sent per day in 2014, down from 29 billion a day in 2013.
While slightly down, they were more dangerous than ever. One out of every 965 emails was a phishing attack, meaning an email that includes an attachment or link which, when opened, infects the victim’s computer, Symantec found.
Ransomware also continues to grow. These digital extortion rings involve cyber thieves hijacking victims’ systems and locking up their data, then demanding a ransom to unlock it.
The thieves typically charge between $300 and $500 to free the files. Unfortunately, paying doesn’t mean you’ll get your data back.
“Roughly 80% of the time, they don’t decrypt the files,” said Robert Shaker, senior incident response manager with Symantec.
“And 100% of the time, you get put on the ‘payers’ list, meaning they’ll hit you again later,” he said.
These attacks more than doubled, with 8.8 million attacks in 2014, up from 4.1 million in 2013, Symantec found.
Symantec also saw an increase in the organization and reach of hacking groups, which are moving faster than security staff trying to defend companies. For example, in April 2014, a major Internet security bug called Heartbleed was made public.
“Within four hours of being announced, attackers were using it to break in and steal things,” said Kevin Haley, director of Symantec’s security response.
Today, hacking is now just another type of international business enterprise, one that’s highly organized and increasingly well-funded and multinational.
“Ten to 15 years ago, these were ad hoc networks of individuals motivated by ego. Now it’s almost entirely financial gain,” said Lillian Ablon, a cyber-security researcher with the RAND Corp. in Santa Monica, Calif.
International digital thieves have built an entire criminal infrastructure in plain sight with little fear of prosecution, said Haley.
“We’ve found Google guides on where to buy the best stolen credit cards and YouTube guides on where to buy the best exploits,” Ablon said, using the hacker term for a software tool that takes advantage of a flaw in a computer system.
“I’m waiting for Yelp reviews,” she said.