2019 Internet Security Threat Report

Take a deep dive into the latest cyber security trends.

The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including ransomware, formjacking, and cloud security.

Read the Report

Formjacking. Targeted attacks. Living off the land. Coming for your business.

Use intel from the world’s largest civilian threat network to your advantage by downloading the Symantec 2019 Internet Security Threat Report.

Our cyber security leaders walk you through the threat landscape

Watch an on-demand global webcast to learn about global threat activity, cyber crime trends, and attacker motivations.


Cyber Criminals Get Rich Quick with Formjacking

Crooks skim credit card data from both large and small businesses

Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month.

Both well-known and small-medium businesses were attacked, conservatively yielding tens of millions of dollars to bad actors last year.

Ransomware and Cryptojacking: Down, But Not Out

Coin miner infections decline as prices drop; ransomware narrows in on enterprises

Ransomware and cryptojacking were go-to moneymakers for cyber criminals. But 2018 brought diminishing returns, resulting in lower activity.

For the first time since 2013, ransomware declined, down 20 percent overall, but up 12 percent for enterprises.

With a 90 percent plunge in the value of cryptocurrencies, cryptojacking fell 52 percent in 2018. Yet, cryptojacking remains popular due to a low barrier of entry and minimal overhead; Symantec blocked four times as many cryptojacking attacks in 2018 compared to the previous year.

Targeted Attackers Have an Appetite for Destruction

Hiding in plain sight: malicious PowerShell scripts up 1000%

Supply chain and Living off the Land (LotL) attacks are now a cyber crime mainstay: supply chain attacks ballooned by 78 percent in 2018.

Living off the land techniques allow attackers to hide inside legitimate processes. For example, the use of malicious PowerShell scripts increased by 1000 percent last year.

Attackers also increased their use of tried-and-true methods, like spear-phishing, to infiltrate organizations. While intelligence gathering remains their primary motive, attack groups using malware designed to destroy and disrupt business operations increased by 25 percent in 2018.

70 million records stolen from poorly configured S3 buckets

A single misconfigured cloud workload or storage instance could cost an organization millions or cause a compliance nightmare. In 2018, more than 70 million records were stolen or leaked from poorly configured S3 buckets. Off-the-shelf tools on the web allow attackers to identify misconfigured cloud resources.

Hardware chip vulnerabilities, including Meltdown, Spectre, and Foreshadow allow intruders to access companies’ protected memory spaces on cloud services hosted on the same physical server.


If it’s in the cloud, security’s on you

“Smart Speaker, Get Me A Cyber Attack.”

Your favorite IoT device is an attacker’s best friend

Although routers and connected cameras make up 90 percent of infected devices, almost every IoT device is vulnerable, from smart light bulbs to voice assistants.

Targeted attack groups increasingly focus on IoT as a soft entry point, where they can destroy or wipe a device, steal credentials and data, and intercept SCADA communications.

And industrial IT shaped up as a potential cyber warfare battleground, with threat groups such as Thrip and Triton vested in compromising operational and industrial control systems.

Did Your Social Media Feed Sway an Election?

Waging information warfare through social media

With all eyes on the 2018 US Midterms, thankfully, no major disruptions landed. But social media continued as a hyperactive battlefield.

Malicious domains mimicking legitimate political websites were discovered and shut down, while Russia-linked accounts used third parties to purchase social media ads for them.

Social media took a more active role in combatting election interference. Facebook set up a war room to tackle election interference; Twitter removed more than 10,000 bots posting messages encouraging people not to vote.