Takeaways from the 2016 Threat Landscape
Credit to Author: Jon Clay| Date: Tue, 28 Feb 2017 13:00:09 +0000
Every year Trend Micro takes a look back at the threat landscape from the previous year and analyzes the data we receive from our massive customer base around the world and reports on the trends we saw and the key threats that affected the cyber world. In our 2016 security roundup report, A Record Year for Enterprise Threats, we identified a number of the most critical threats that affected our commercial customers.
The following are some key takeaways we found when analyzing this data and how you can protect your environment from these.
Ransomware was the top threat in terms of volume and the amount of money generated by cybercriminals in 2016. Our threat researchers identified 247 new ransomware families in 2016 compared to 29 in 2015, a 752 percent increase. We saw many different iterations of new ransomware as the actors behind this threat constantly changed their tactics including new ways to infect users, different ransom demands, and ways to extort more money from victims. Email is still the No. 1 way ransomware is infecting victims (79 percent of victims came from email) but we also saw exploit kits adopting ransomware into their kits regularly and the use of malicious URLs to distribute ransomware also utilized. Ransoms ranged from an average of 1-2 bitcoins to some customized ransoms in the 100-bitcoin range for some victims.
Ransomware will continue to be a problem for businesses in 2017, but a multi-layered security solution that starts with enhanced messaging and web security and includes endpoint behavioral and machine learning capabilities is a good way to start minimizing the risk of infection.
Business Email Compromise (BEC) grew in 2016 and made its way into 92 different countries around the world. The reason for this growth is ROI. The upside for cybercriminals with this threat is great as the average loss, per the FBI, of this threat is $140K US dollars. The main BEC threat is using a simple email to a finance employee requesting them to wire transfer money to an account, with the email coming from a trusted and typically executive position within the company, like the CEO, President, or CFO. What makes this difficult to detect is the email usually has no payload (attachment or embedded URL) with which email security solutions so often require to detect. We expect this threat to continue in 2017 due to its simplicity and payoff.
Trend Micro has been researching and disclosing vulnerabilities for a long time, but with our acquisition of TippingPoint and the Zero Day Initiative (ZDI) we now have one of, if not the world’s best vulnerability research organizations today. Between ZDI and Trend Micro, 765 vulnerabilities were discovered and responsibly disclosed in 2016. These vulnerabilities ranged greatly from Operating Systems, to business applications, to even ICS/SCADA systems. Some key trends were seen in 2016 like the decrease in vulnerabilities within Microsoft products (47 percent decrease) but a significant increase (147 percent increase) in Apple vulnerabilities. We also saw a decrease in the number of vulnerabilities added to exploit kits for the year as well in the number of exploit kits due to the arrest of the Angler exploit kit authors and others leaving the scene. While this is good news, we do caution organizations to be vigilant in patching as this is still an easy way for threat actors to compromise their systems.
Banking and ATM malware held steady in 2016 with the re-emergence of QAKBOT banking Trojan due to the arrest of the DYRE/DYREZA authors. ATM malware continued to be found around the world and a new variant, ALICE, emerged with some interesting operational aspects. Organizations who operate ATMs should ensure both physical security and cyber security of their devices and regularly patch these devices and look towards using application control to lockdown the OS/Applications running on these ATMs. Consumers should regularly change their account credentials with their online banking accounts to minimize the threat of account compromise and utilize a robust Internet Security solution.
You can get more details on the data behind these threats in 2016 as well as other threats we covered within our roundup report by downloading a copy here. More blogs will be published in the coming days/weeks breaking out a few other key areas of the 2016 threat landscape for your reading pleasure.