Security Roundup

A Record Year for Enterprise Threats

February 28, 2017

Cyber threats affecting enterprises were at a record high in 2016. Online extortion became a major issue with the unprecedented growth in the number of new ransomware families as well as big financial losses caused by business email compromise (BEC) scams. The sum volume of discovered vulnerabilities, including those on platforms like Supervisory Control and Data Acquisition (SCADA), also surpassed the previous year’s total. If 2016 were any indication of things to come, enterprises should step up in terms of security.


Ransomware spiked 752% in new families

Ransomware attacks became more tenacious than ever—with an increase of 752% of new ransomware families in 2016. Spam was the top infection vector.

Monthly number of Ransomware families added

The availability of open source ransomware and ransomware as a service (RaaS) will continue to make it easier for cybercriminals to run their own ransomware operations. Organizations should therefore stay vigilant to avoid losing data and money, and experiencing significant system downtime. Multilayered security solutions that employ machine learning and cover gateways, endpoints, networks, and servers can help prevent ransomware infections.


BEC scams cause hundreds of thousands in global losses

Organizations targeted with business email compromise (BEC) lost an average of US$140,000 per attack. Our findings show that BEC scams were present in over 90 countries. Most affected were the United States, the United Kingdom, Hong Kong, Japan, and India. The healthcare sector was heavily targeted. Several institutions across three countries were targeted by cybercriminals in just over two weeks.

Countries with the most number of organizations affected by BEC

1
2
3
4
5
6
7
8
9
10
UNITED STATES
37.55%
Organizations
UNITED STATES
37.55%
Organizations
UNITED KINGDOM
9.61%
Organizations
HONG KONG
2.85%
Organizations
JAPAN
2.75%
Organizations
INDIA
2.39%
Organizations
BRAZIL
2.34%
Organizations
FRANCE
2.20%
Organizations
NORWAY
2.02%
Organizations
AUSTRALIA
1.95%
Organizations
ARGENTINA
1.45%
Organizations
U.S.37.55% UK9.61% Norway2.02% Hong Kong2.85% Argentina1.45% Japan2.75% India2.39% France2.20% Brazil2.34% Australia2.34% 37.55% 9.61% 2.85% 2.75% 2.39% 2.34% 2.20% 2.02% 1.95% 1.45% 1.39% 1.32% 1.20% 1.17% 1.11% 0.92% 0.91% 0.87% 0.86% 0.82% 0.81% 0.81% 0.79% 0.68% 0.67% 0.63% 0.53% 0.81% 0.52% 0.49% 0.47% 0.44% 0.42% 0.38% 2.20% 0.37% 0.37% 0.33% 0.30% 0.29% 0.28% 0.28% 0.25% 0.25% 0.21% 0.21% 0.20% 0.16% 0.15% 0.15% 0.15% 0.14% 9.61% 0.14% 0.14% 0.11% 0.10% 0.10% 0.09% 0.09% 0.79% 0.08% 0.08% 0.06% 0.06% 0.05% 0.05% 0.05% 0.05% 0.04% 0.04% 0.03% 0.03% 0.03% 2.85% 0.03% 0.01% 0.01% 0.01% 0.01% 0.01% 0.01% 0.01% 0.01% 0.01% 9.86%Unspecifiedcountry domains:
> 1.44%
1.44% - 1%
< 1%
Unspecified Domains
The map shows the % distribution of companies affected by BEC per country. Those in darker shade denote a higher concentration of affected companies.

Understanding how BEC scams work will help organizations avoid making unnecessary hefty payouts. Web and email gateway solutions with anti-spam, anti-phishing, and social engineering attack protection features will ensure defense against this scheme.


Enterprise and SCADA software lead in vulnerability count

Trend Micro and the Zero Day Initiative (ZDI), with TippingPoint, discovered a total of 765 vulnerabilities (including 60 zero days) in 2016, with most of the vulnerabilities coming from Adobe® Acrobat® Reader DC and Advantech’s SCADA software WebAccess. WebAccess and other SCADA systems are used by public and private sectors to remotely automate industrial processes and utility services.

The usual suspect, Adobe Flash, did not top the list for Adobe vulnerabilities in 2016. This change could be attributed to more browsers adopting HTML5. Overall, there was a decrease in the number of Microsoft vulnerabilities. Meanwhile, Apple saw a significant rise in the vulnerabilities for its smartphone and desktop computing platforms.


Trend Micro and ZDI (with TippingPoint)
discovered vulnerabilities 2015 versus 2016


Regular deployment of patches and vulnerability shielding are still the best ways to stay protected against zero-day exploits and potential attacks.


Mirai botnet attack elevates IoT security conversation

The Mirai botnet—made up of around 100,000 compromised Internet of Things (IoT) devices—was responsible for a large-scale distributed denial-of-service (DDoS) attack on Dyn servers, disrupting access to a number of their sites. The incident proves that attacks on IoT devices are more than just isolated cases and proofs of concept.

Overview of the Mirai DDoS Attack

To prevent similar future attacks, manufacturers are advised to regularly perform risk assessments and ensure the security of their devices’ communication protocols and software development kits (SDKs.) Users are also advised to change their device passwords frequently and keep their firmware up-to-date.


Threat Landscape

In 2016, the Trend Micro™ Smart Protection Network™ was able to detect and block over 81 billion threats. The increase in the threat count can be attributed to the total number of email threats blocked throughout the year. This is consistent with the prevalence of ransomware and BEC, as both threats are widely spread through email or spam.

Total number of threats blocked in 2016

There was a 56% increase in the total number of threats in 2016.

Overall threats blocked by the Trend Micro Smart Protection Network per year

We also rounded up other noteworthy security stories of 2016 that include the exploit kits that emerged after Angler’s demise, the mega breach that raised the issue of responsible disclosure of breached organizations, and the developments in banking Trojans and ATM malware. Read our annual security report and learn about the security strategies enterprises should adopt to fend off such threats.


DOWNLOAD FULL REPORT

2016 Midyear Security Roundup: The Reign of Ransomware

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Connect with us on