Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
Cyber threats affecting enterprises were at a record high in 2016. Online extortion became a major issue with the unprecedented growth in the number of new ransomware families as well as big financial losses caused by business email compromise (BEC) scams. The sum volume of discovered vulnerabilities, including those on platforms like Supervisory Control and Data Acquisition (SCADA), also surpassed the previous year’s total. If 2016 were any indication of things to come, enterprises should step up in terms of security.
Ransomware attacks became more tenacious than ever—with an increase of 752% of new ransomware families in 2016. Spam was the top infection vector.
The availability of open source ransomware and ransomware as a service (RaaS) will continue to make it easier for cybercriminals to run their own ransomware operations. Organizations should therefore stay vigilant to avoid losing data and money, and experiencing significant system downtime. Multilayered security solutions that employ machine learning and cover gateways, endpoints, networks, and servers can help prevent ransomware infections.
Organizations targeted with business email compromise (BEC) lost an average of US$140,000 per attack. Our findings show that BEC scams were present in over 90 countries. Most affected were the United States, the United Kingdom, Hong Kong, Japan, and India. The healthcare sector was heavily targeted. Several institutions across three countries were targeted by cybercriminals in just over two weeks.
Understanding how BEC scams work will help organizations avoid making unnecessary hefty payouts. Web and email gateway solutions with anti-spam, anti-phishing, and social engineering attack protection features will ensure defense against this scheme.
Trend Micro and the Zero Day Initiative (ZDI), with TippingPoint, discovered a total of 765 vulnerabilities (including 60 zero days) in 2016, with most of the vulnerabilities coming from Adobe® Acrobat® Reader DC and Advantech’s SCADA software WebAccess. WebAccess and other SCADA systems are used by public and private sectors to remotely automate industrial processes and utility services.
The usual suspect, Adobe Flash, did not top the list for Adobe vulnerabilities in 2016. This change could be attributed to more browsers adopting HTML5. Overall, there was a decrease in the number of Microsoft vulnerabilities. Meanwhile, Apple saw a significant rise in the vulnerabilities for its smartphone and desktop computing platforms.
Regular deployment of patches and vulnerability shielding are still the best ways to stay protected against zero-day exploits and potential attacks.
The Mirai botnet—made up of around 100,000 compromised Internet of Things (IoT) devices—was responsible for a large-scale distributed denial-of-service (DDoS) attack on Dyn servers, disrupting access to a number of their sites. The incident proves that attacks on IoT devices are more than just isolated cases and proofs of concept.
To prevent similar future attacks, manufacturers are advised to regularly perform risk assessments and ensure the security of their devices’ communication protocols and software development kits (SDKs.) Users are also advised to change their device passwords frequently and keep their firmware up-to-date.
In 2016, the Trend Micro™ Smart Protection Network™ was able to detect and block over 81 billion threats. The increase in the threat count can be attributed to the total number of email threats blocked throughout the year. This is consistent with the prevalence of ransomware and BEC, as both threats are widely spread through email or spam.
There was a 56% increase in the total number of threats in 2016.
We also rounded up other noteworthy security stories of 2016 that include the exploit kits that emerged after Angler’s demise, the mega breach that raised the issue of responsible disclosure of breached organizations, and the developments in banking Trojans and ATM malware. Read our annual security report and learn about the security strategies enterprises should adopt to fend off such threats.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.