Enterprises suffered major losses from a variety of cyberattacks in the first half of 2017. Several of our predictions regarding threats like ransomware, vulnerabilities, BEC scams, and cyberpropaganda have been on point. These threats may not have the same volume as in 2016, but the impact on organizations has been felt.
Ransomware Reaches Peak With WannaCry and Petya
While the growth in ransomware families plateaued as predicted, ransomware reached its peak with the WannaCry and Petya attacks. WannaCry alone is estimated to have infected 300,000 machines around the world and to have caused financial and economic losses of up to US$4 billion.
Average number of new ransomware families detected from July to December 2016 and from January to June 2017
These unprecedented attacks showed that cybercriminals are diversifying in methods, exploits, and attack vectors used. This is further proven by ransomware targeting non-Windows systems as well as variants capable of evading machine learning and sandbox detection. With ransomware evolving, enterprises should consider a multilayered security solution to reduce the risk of being compromised.
Enterprises Still Trip Over Old Vulnerabilities
In the first half of the year, 382 new vulnerabilities were publicly disclosed by researchers and contributors from the Zero Day Initiative. Although Adobe and Foxit saw an increase in vulnerability counts, major vendors such as Microsoft, Apple, and Google had noticeable drops compared to the second half of 2016.
Comparison of vulnerabilities found in the second half of 2016 and the first half of 2017
Aside from new and unpatched vulnerabilities, old ones can still be exploited if security updates are not deployed. The WannaCry and Petya attacks, for example, exploited a vulnerability already addressed by an earlier patch. It is, however, not always easy or possible to regularly install and manage patches. Some businesses use legacy systems or are in the middle of replacing legacy systems that no longer receive patch updates. Some organizations even have legacy equipment that are too critical to run the risk of mechanical breakdown when patches are installed. These limitations and challenges should not stop enterprises from adopting security measures. Vulnerability shielding and virtual patching can help protect enterprises from both old and new threats -- for both old and new systems.
Connected Devices Put Smart Factories at Risk
Connected devices are vulnerable to cyberattacks, and those in industrial settings are not an exception. The research paper "Rogue Robots: Testing the Limits of an Industrial Robot’s Security" demonstrated attack scenarios that show how industrial robots can be compromised through exposed industrial routers and other vulnerabilities.
By 2018, over a million industrial robots will be employed in factories around the world. To prevent attacks and minimize risks to robots, operators, and the production line, security should be a priority for enterprises, robot vendors, software developers, network defenders, and cybersecurity standards makers.
Business Email Compromise Losses Reach $5 Billion Mark
Businesses still fall for email scams. According to the Federal Bureau of Investigation, global losses due to business email compromise (BEC) have reached $5.3 billion.
Based on a random sample set of BEC emails, data revealed that cybercriminals spoofed the CEO position the most while CFOs and finance directors were the top targets of attacks.
Cybercriminals continue to use schemes such as the bogus invoice or supplier swindle and employ keylogger malware or HTML pages in phishing emails to spoof employees. Employee training on common BEC methods goes hand in hand with a holistic security solution in defending enterprises from a variety of BEC attacks.
Trend Micro™ Smart Protection Network™ blocked 38 billion threats during the first half of 2017. Most of these threats were emails that contained malicious content. This result is consistent with the prevalence of ransomware and BEC, which use email as a primary attack vector.
Total number of threats blocked in 1H 2017
Number of Email Threats Blocked
Number of Malicious Files Blocked
Number of Malicious URLs Blocked
Other significant stories include recent data breaches, cyberpropaganda threats to enterprises, and the status of exploit kits as cybercriminal tools. Read our midyear security report and find out what’s new in the threat landscape and what security strategies can defend against old and new threats.