Three quarters of legitimate websites have unpatched vulnerabilities, making it easier for increasingly professional cyber-crooks to gain access and target users with online scams and spam, according to a report from Symantec.
Cyber-criminals are adopting corporate best practices, meaning businesses and consumers are facing an ever growing online threats, warns Symantec. With nine 'mega-breaches' last year, the report estimates that the total number of records stolen - including personal and financial information - in 2015 tops half a billion.
Professional attack groups tap zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised. In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125% increase from the year before. Meanwhile, 430 million new malware variants were discovered.
The report also highlights a rise in crypto-ransomware attacks that encrypt victims' digital content and hold it hostage until ransoms are paid. This year, ransomware spread beyond PCs to smartphones, Mac and Linux systems, with the UK suffering up to 2,215 attacks per day, the third highest in the world.
In 2015, Symantec also saw a resurgence of many tried-and-true scams. Cybercriminals revisited fake technical support scams, which saw a 200% increase last year, with the UK the second most targeted nation globally. The difference now is that scammers send fake warning messages to devices like smartphones, driving users to attacker-run call centres in order to dupe them into buying useless services.
Kevin Haley, director, Symantec Security Response, says: "Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off. We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams."