Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.
Exploits kits are down, but 2017 saw over 300 new ransomware families, in addition to a rise in business email compromise scams and the all-new malicious crypto-mining threat.
The report appears to validate Trend Micro’s previous predictions for 2018, as criminals move away from indiscriminate attacks and start creating more strategic attacks designed to be as financially viable as possible. Based on this trend, the report says it is likely that cyber criminals will begin to exploit businesses by threatening to report them to data protection authorities, and charging a ransom that would be slightly less than the fines they could receive under the GDPR. Not only can businesses be fined up to €20 million when the GDPR comes into effect in May, but experts believe that businesses may be willing to pay criminals to avoid making the news and damaging their business’ hard earned reputation.
Cyber criminals exploit weaknesses and vulnerabilities in order to compromise a business and access their data and, as such, a GDPR fine could not only include a penalty for losing data, but also a fine for having vulnerabilities in the first place. In addition to having data protection-oriented policies and procedures in place, the GDPR also places stringent technical requirements on business owners to keep data secure. Trends that we’ve seen among businesses, including lack of adequate security patching and lack of any cyber security training for staff, could warrant fines under the GDPR, especially if the issues are discovered on the back of a data breach or cyber attack.
“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cyber criminals increasingly finding they’re able to gain more – whether it’s money or data or reputation damage – by strategically targeting companies’ most valuable assets,” according to Jon Clay, Trend Micro’s director of global threat communications.
“It confirms our view that there is no silver bullet when it comes to the sheer range of cyber threats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively.”
Business Email Compromise
Also know as CEO or CFO Fraud, business email compromise (BEC) scams are a form of phishing attack where cyber criminals impersonate an executive or decision-maker within an organisation and then attempts to convince an employee to carry out there orders – usually to transfer money into the criminals account, to access sensitive data, or to download malware onto their network.
Unlike traditional phishing attacks, BEC scams are highly targeted, and cyber criminals will research their target organisations in order to (most convincingly) deliver their payload. They scrape the internet for information and can even spoof email addresses so that the emails they send appear to be coming from a legitimate source, without any hacking required. In other words, without having any prior security compromises, an email from [email protected] could still be a spoofed email from a cyber criminal with malicious intents towards your business.
Crypto-Mining and IoT Devices
While some cyber criminals have resorted to ransomware to extort Bitcoin and other crypto-currencies from businesses, some criminals have been developing a different means of making their money. The report has shown an increase in so-called crypto-mining malware, which can hijack a computer or series of computers in order to turn them into mining machines. Recently, over 4000 websites were compromised via a third-party app and turned any PC that visited the sites into a crypto-mining machine, earning money for hackers at the expense of the victims.
Mining for crypto-currency can be quite resource-intensive on a PC and uses up a lot of electricity, so rather than build their own expensive machines, criminals are hacking PCs, servers and Internet of Things (IoT) devices to do it for them. In fact, whereas in previous years IoT devices were mostly compromised in order to disrupt businesses, the criminals have now moved their model to one that earns them a larger return-on-investment.
Last year, WannaCry opened the door for large-scale, often politically motivated and military-grade ransomware attacks, the likes of which had never been seen before, and caused untold disruption and financial loss for businesses all over Europe and even further afield. 2017 saw over 300 new families of ransomware released into the wild by cyber criminals, ranging from sophisticated attacks such as “BadRabbit” to classic strains such as Cerber and Locky.
The main predictions for 2018 are that ransomware will continue to grow at a very fast rate, and now the ransoms themselves may be tied to the potential fines that a business or organisation could receive under the GDPR. Another clear pattern that has emerged is the use of phishing and spam emails in order to infect a network with ransomware, as humans have proven to be the weakest link of an organisation time and time again. Despite this, a majorly over-looked aspect of cyber security has been security awareness training for staff, which can help prevent ransomware attacks from being downloaded onto your business network.
Worried about the GDPR?
We get it, the deadline is approaching fast and it can be hard to know what to prioritise and what will be the most important step towards compliance, especially for small and medium enterprises (SMEs). This is why Tech Guard has developed an IT Essentials bundle to aid with GDPR compliance, including services such as next-generation antivirus and firewall, a robust and regularly tested backup and recovery service, regular security patching, cyber security awareness training and operational cyber security measures. Contact us today to get a quote or more information.