Skyrocketing cyber threats driven by ransomware and BEC scams
Cyber threats reached an all-time high in 2016, with ransomware and business email compromise (BEC) scams gaining increased popularity among cyber criminals looking to extort enterprises, according to a new study by security technology company Trend Micro Inc.
A 752% increase in new ransomware families resulted in $1 billion in losses for enterprises worldwide, the report said. Trend Micro and the Zero Day Initiative (ZDI)—a program begun by Trend Micro’s TippingPoint unit to reward security researchers for responsibly disclosing vulnerabilities—discovered 765 vulnerabilities in 2016.
Of these, 678 were brought to ZDI through its bug bounty program, then verified and disclosed to the affected vendors. Compared with vulnerabilities discovered by Trend Micro and ZDI in 2015, Apple saw a 145% increase in vulnerabilities, while Microsoft bugs decreased by 47%.
“As threats have diversified and grown in sophistication, cyber criminals have moved on from primarily targeting individuals to focusing on where the money is: enterprises,” said Ed Cabrera, chief cyber security officer for Trend Micro. “Throughout 2016 we witnessed threat actors extort companies and organizations for the sake of profitability and we don’t anticipate this trend slowing down.”
In 2016, the Trend Micro Smart Protection Network blocked more than 81 billion threats for the entire year, a 56% increase from 2015. In the second half of 2016, more than 3,000 attacks per second were blocked. During this time, 75 billion of blocked attempts were email based, indicating that email remains the top entry point for threats.
Throughout the course of 12 months, the number of ransomware families grew from 29 to 247. One leading factor to explain the increase is the profitability of ransomware. Although individuals and organizations are encouraged not to pay ransoms, cyber criminals still managed to rake in roughly $1 billion last year.