Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
At the end of 2015, we predicted that 2016 would be the Year of Online Extortion. In only six months, January to June of this year, we saw how cybercriminals were able to ramp up their extortion efforts, using ransomware to target companies including medium to large enterprises.
Ransomware continues to grow as a prevalent threat . The number of new ransomware families we saw in the first half of 2016 alone has already eclipsed the total 2015 volume by 172%. With ransomware attacks becoming more and more sophisticated and prevalent, we believe that the threat will potentially cause more damage going into the second half of the year.
New ransomware families we detected exhibited both new propagation and extortion techniques. JIGSAW deletes encrypted files whenever victims fail to pay the ransom on the given deadline. Similarly, SURPRISE increases the ransom every time victims miss a deadline.
Our findings also revealed how some ransomware families were designed to target specific business-related files. SURPRISE and POWERWARE, for example, encrypt tax return files.
Organizations can lessen the risk of ransomware infections through virtual patching, and investing in multilayered security solutions and tools that leverage file, web, and email reputation. They should also educate their employees about the threat as well as the proper handling of suspicious emails and documents.
Business email compromise (BEC) schemes are another form of online extortion that is a major threat to businesses. These scams rely on deception and simple human error rather than sophisticated malware. Cybercriminals directly send socially-engineered emails to top-ranking employees in their target organizations. They imitate legitimate email contacts—normally key officials— to trick their victims into sending money to their accounts. According to the FBI, BEC scams caused more than US$3 billion in losses to more than 22,000 victims from the US, the UK, Hong Kong, Japan, and Brazil.
Analysis of our data also shows the prevalence of BEC campaigns in over 90 countries (see map below).
Businesses can protect against BEC scams by securing email—the most common BEC attack vector—with multilayered security solutions capable of blocking suspicious email before they reach endpoints. To further reduce BEC-related risks, organizations can invest in employee awareness and training. Employees need to know about safe practices and proper procedures when handling messages related to financial transactions.
Exploit kits continued to make headlines during the first half of 2016. Angler, arguably the most popular kit around, experienced a drop in its detection numbers during the second quarter. A likely cause for this was the arrest of 50 cybercriminals in the UK and Russia, which may have included some of Angler’s operators. Despite this decrease, Angler continued to be the most active in incorporating newfound vulnerabilities in Adobe Flash, Microsoft Internet Explorer®, and Microsoft Silverlight®.
The decline in Angler’s activity made room for other exploit kits, such as Neutrino, Magnitude, and Sundown. During the same period, we saw how exploit kits were used to deliver ransomware. Exploit kits Hunter and Sundown, for example, began delivering ransomware this year, while Rig changed the type of ransomware it delivered.
Regularly patching and updating software is crucial in securing systems against exploit kits. Relying on timely patching alone, however, is not enough as it takes time for official patches to be rolled out and applied. In the interim, virtual patching can become an effective solution.
During the first half of 2016, the Trend Micro Smart Protection Network™ was able to block 29 billion threats. Meanwhile, our acquisition of TippingPoint’s Zero-Day Initiative also revealed the presence of 473 vulnerabilities on a variety of products such as Adobe Flash® and Advantech’s WebAccess.
The number of threats we blocked in the first half of this year is already more than half of the total number of blocked threats in 2015. This threat count increase can be attributed to the rising number of ransomware attacks.
Other notable threat trends we saw in the first half of the year include the rising number of vulnerabilities found in Adobe Flash Player and other IoT platforms, advancements in PoS malware, and a spate of high-profile data breaches. You can read about these items in greater detail, including our suggested defense strategies for each threat trend, in our full 2016 midyear roundup report, The Reign of Ransomware.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.