Security Response

2017 Internet Security Threat Report, Volume 22

The 2017 Internet Security Threat Report (ISTR) details how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.

The report draws on intelligence from the Symantec Global Intelligence Network, which our analysts use to identify and synthesize insights on emerging trends in the threat landscape.

Download the report and more.

90 Day Global Threats, Risks, and Vulnerabilities Timeline

Most Active New Threats

Name	Type	Protected*	Discovered
Trojan.FakeAV!gen121	Trojan	04/21/2014	04/21/2014
JS.Bondat	Worm	02/19/2015	02/18/2015
Trojan.Shylock!gen12	Trojan	04/17/2014	04/17/2014
Trojan.Pandex!gen4	Trojan	04/16/2014	04/16/2014
Trojan.Zbot!gen74	Trojan	04/15/2014	04/15/2014
Trojan.Shylock!gen10	Trojan	04/14/2014	04/13/2014
Trojan.Shylock!gen11	Trojan	04/14/2014	04/13/2014
Downloader.Ponik!gm	Trojan		05/22/2014
Packed.Generic.460	Trojan	04/12/2014	04/11/2014

*For continued protection, make sure that your Symantec subscription and/or license are up to date.

Threat Spotlight: Ransom.Wannacry

A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers, which were patched by Microsoft in March 2017 (MS17-010).

WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days it claims the encrypted files will be deleted. However Symantec has not found any code within the ransomware which would cause files to be deleted.

More information on Ransom.Wannacry is available in our threat writeup.

Best Practices

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

White Paper Spotlight: Financial Threats Review 2017

Symantec discusses changes and trends in the financial threat landscape throughout 2016. The white paper looks at which threats ruled the financial threat space in 2016 and how they were affected by various disruptions over the year.

It also examines how the actors behind financial threats are beginning to focus their attention on financial organizations rather than their customers.

You can read the full details of our research in our white paper.

View the full set of Symantec Security Response white papers.