There has been an increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refined and targeted their attacks for greater financial return, according to a Trend Micro report. The trend will continue in 2018, with extortion attempts likely to target organisations trying to comply with new EU privacy laws.
The new report validates Trend Micro’s previous predictions for 2018, with cybercriminals increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.
>See also: Can GDPR implementation be weaponised and used against a company
Based on this trend, it’s likely that some will try to extort money from enterprises by first determining the GDPR penalty that could result from an attack, and then demanding a ransom of slightly less than that fine, which CEOs might opt to pay.
“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cybercriminals increasingly finding they’re able to gain more — whether it’s money or data or reputation damage — by strategically targeting companies’ most valuable assets,” said Jon Clay, director of global threat communications for Trend Micro.
“It confirms our view that there is no silver bullet when it comes to the sheer range of cyber threats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively.”
>See also: Tech industry warns ministers not to drop EU GDPR
The report also revealed a 32% increase in new ransomware families from 2016 to 2017, a doubling of BEC attempts between the first and second half of 2017 and soaring rates of cryptocurrency mining malware, peaking at 100,000 detections in October.
Vulnerable IoT devices are also a major security risk across several trending threats. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing 49% of all IoT events observed.
Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017.