Trend Micro Warns of GDPR Extortion Attempts from Strategic Cybercriminals

AUCKLAND, February 21, 2018 – Trend Micro, a global leader in cybersecurity solutions, today announced its Security Roundup for 2017, revealing an increase in ransomware, cryptocurrency mining and BEC attempts over the past 12 months as cybercriminals refined and targeted their attacks for greater financial return. The trend will continue in 2018, with extortion attempts likely to target organisations trying to comply with new EU privacy laws.

The new report, The Paradox of Cyberthreats, validates Trend Micro’s previous predictions for 2018, with cybercriminals increasingly abandoning exploit kits and spray-and-pray tactics in favor of more strategic attacks designed to improve their return on investment. Based on this trend, it’s likely that some will try to extort money from enterprises by first determining the GDPR penalty that could result from an attack, and then demanding a ransom of slightly less than that fine, which CEOs might opt to pay.

“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cybercriminals increasingly finding they’re able to gain more — whether it’s money or data or reputation damage — by strategically targeting companies’ most valuable assets,” says Dr Jon Oliver, Director and Data Scientist, Trend Micro.

“It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defences to mitigate risk effectively.”

The report also reveals: a 32 percent increase in new ransomware families from 2016 to 2017; a doubling of BEC attempts between the first and second half of 2017; and soaring rates of cryptocurrency mining malware, peaking at 100,000 detections in October. Locally, Locally, in the last quarter New Zealand saw 82 percent increase in blocked Email Threats.

Vulnerable IoT devices are also a major security risk across several trending threats. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed. Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro’s Zero Day Initiative and their 3,500+ independent whitehat researchers.

“This year’s report provides great validation that our 2018 predictions are anchored in the data we’re seeing” Oliver concludes. “In Australia we’re likely to see the number of reported breaches double this year, improving not only organisations’ transparency and compliance to NDB legislation changes but also minimising the value of the data criminals have access to.”

To download the full The Paradox of Cyberthreats report, visit here.

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centres, cloud environments, networks and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defence with centralised visibility and control, enabling better, faster protection. With nearly 6,000 employees in more than 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organisations to secure their journey to the cloud. For more information, visit www.trendmicro.co.nz