Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
Enterprises suffered major losses from a variety of cyberattacks in the first half of 2017. Several of our predictions regarding threats like ransomware, vulnerabilities, BEC scams, and cyberpropaganda have been on point. These threats may not have the same volume as in 2016, but the impact on organizations has been felt.
While the growth in ransomware families plateaued as predicted, ransomware reached its peak with the WannaCry and Petya attacks. WannaCry alone is estimated to have infected 300,000 machines around the world and to have caused financial and economic losses of up to US$4 billion.
These unprecedented attacks showed that cybercriminals are diversifying in methods, exploits, and attack vectors used. This is further proven by ransomware targeting non-Windows systems as well as variants capable of evading machine learning and sandbox detection. With ransomware evolving, enterprises should consider a multilayered security solution to reduce the risk of being compromised.
In the first half of the year, 382 new vulnerabilities were publicly disclosed by researchers and contributors from the Zero Day Initiative. Although Adobe and Foxit saw an increase in vulnerability counts, major vendors such as Microsoft, Apple, and Google had noticeable drops compared to the second half of 2016.
Aside from new and unpatched vulnerabilities, old ones can still be exploited if security updates are not deployed. The WannaCry and Petya attacks, for example, exploited a vulnerability already addressed by an earlier patch. It is, however, not always easy or possible to regularly install and manage patches. Some businesses use legacy systems or are in the middle of replacing legacy systems that no longer receive patch updates. Some organizations even have legacy equipment that are too critical to run the risk of mechanical breakdown when patches are installed. These limitations and challenges should not stop enterprises from adopting security measures. Vulnerability shielding and virtual patching can help protect enterprises from both old and new threats -- for both old and new systems.
Connected devices are vulnerable to cyberattacks, and those in industrial settings are not an exception. The research paper "Rogue Robots: Testing the Limits of an Industrial Robot’s Security" demonstrated attack scenarios that show how industrial robots can be compromised through exposed industrial routers and other vulnerabilities.
By 2018, over a million industrial robots will be employed in factories around the world. To prevent attacks and minimize risks to robots, operators, and the production line, security should be a priority for enterprises, robot vendors, software developers, network defenders, and cybersecurity standards makers.
Businesses still fall for email scams. According to the Federal Bureau of Investigation, global losses due to business email compromise (BEC) have reached $5.3 billion.
Based on a random sample set of BEC emails, data revealed that cybercriminals spoofed the CEO position the most while CFOs and finance directors were the top targets of attacks.
Cybercriminals continue to use schemes such as the bogus invoice or supplier swindle and employ keylogger malware or HTML pages in phishing emails to spoof employees. Employee training on common BEC methods goes hand in hand with a holistic security solution in defending enterprises from a variety of BEC attacks.
Trend Micro™ Smart Protection Network™ blocked 38 billion threats during the first half of 2017. Most of these threats were emails that contained malicious content. This result is consistent with the prevalence of ransomware and BEC, which use email as a primary attack vector.
Other significant stories include recent data breaches, cyberpropaganda threats to enterprises, and the status of exploit kits as cybercriminal tools. Read our midyear security report and find out what’s new in the threat landscape and what security strategies can defend against old and new threats.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.