Ransomware, BEC Threats Surge in 2016

Ransomware, BEC Threats Surge in 2016

The first half of 2016 has seen a huge rise in ransomware and business email compromise (BEC) attacks, according to new figures from Trend Micro.

Trend Micro’s TrendLabs report into cybersecurity threats revealed that the number of new ransomware families detected in the first half of 2016 has already eclipsed the total 2015 volume by 172%. This makes ransomware a “prevalent and pervasive threat,” the report said.

Some of the new ransomware families picked up by Trend Micro featured new propagation and extortion techniques. One, called Jigsaw, deleted files if the ransom hadn’t been paid by the deadline, while another, called Surprise, increased the ransom when the deadline was missed. Ransomware called Powerware was designed to encrypt tax return files, according to Trend Micro.

In total, Trend Micro said it identified 79 new ransomware families during the first half of 2016. Ransomware cost enterprises $209 million (£160 million) across that six-month period.

“Ransomware is capable of crippling organizations who face it, and the cyber-criminals spearheading these attacks are creatively evolving on a continuous basis to keep enterprises guessing,” said Raimund Genes, chief technology officer for Trend Micro. “It has dominated the threat landscape so far in 2016, causing immense losses to businesses across multiple industries.

Another rising threat to enterprises is business email compromise (BEC), which is also known as whaling. This is when criminals send socially-engineered emails to employees at target organizations often imitating legitimate email contacts such as that of the CEO. The unsuspecting employee then authorizes a payment as requested.

Trend Micro has detected BEC attacks in the US, the UK, Hong Kong, Japan, and Brazil, which the FBI says has caused losses of $3 billion (£2.3 billion). During the first half of 2016 BEC attacks targeted CFOs more than any other position, Trend Micro said.

Adobe’s Flash continues to be a nightmare for security teams and a paradise for cyber-criminals—Trend Micro found 28 new vulnerabilities in Flash. The IoT is also proving to be a security headache as 108 vulnerabilities were discovered in Advantech’s Web Access.

“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, chief cybersecurity officer for Trend Micro.

“This creates massive problems for enterprises and individuals alike since the threats change as often as solutions are provided. It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles,” Cabrera added.

Photo © Nicescene

Source: Information Security Magazine