The 2016 threat landscape was riddled with threats that set new record highs: new ransomware families, BEC scams across the world, and vulnerabilities found in widely used platforms. Stay ahead of the current business threats with our latest security roundup.
Cyber threats affecting enterprises were at a record high in 2016. Online extortion became a major issue with the unprecedented growth in the number of new ransomware families as well as big financial losses caused by business email compromise (BEC) scams. The sum volume of discovered vulnerabilities, including those on platforms like Supervisory Control and Data Acquisition (SCADA), also surpassed the previous year’s total. If 2016 were any indication of things to come, enterprises should step up in terms of security.
Ransomware spiked 752% in new families
Ransomware attacks became more tenacious than ever—with an increase of 752% of new ransomware families in 2016. Spam was the top infection vector.
Monthly number of Ransomware families added
The availability of open source ransomware and ransomware as a service (RaaS) will continue to make it easier for cybercriminals to run their own ransomware operations. Organizations should therefore stay vigilant to avoid losing data and money, and experiencing significant system downtime. Multilayered security solutions that employ machine learning and cover gateways, endpoints, networks, and servers can help prevent ransomware infections.
BEC scams cause hundreds of thousands in global losses
Organizations targeted with business email compromise (BEC) lost an average of US$140,000 per attack. Our findings show that BEC scams were present in over 90 countries. Most affected were the United States, the United Kingdom, Hong Kong, Japan, and India. The healthcare sector was heavily targeted. Several institutions across three countries were targeted by cybercriminals in just over two weeks.
Countries with the most number of organizations affected by BEC
1
2
3
4
5
6
7
8
9
10
UNITED STATES
37.55%
Organizations
UNITED STATES
37.55%
Organizations
UNITED KINGDOM
9.61%
Organizations
HONG KONG
2.85%
Organizations
JAPAN
2.75%
Organizations
INDIA
2.39%
Organizations
BRAZIL
2.34%
Organizations
FRANCE
2.20%
Organizations
NORWAY
2.02%
Organizations
AUSTRALIA
1.95%
Organizations
ARGENTINA
1.45%
Organizations
> 1.44%
1.44% - 1%
< 1%
Unspecified Domains
The map shows the % distribution of companies affected by BEC per country. Those in darker shade denote a higher concentration of affected companies.
Understanding how BEC scams work will help organizations avoid making unnecessary hefty payouts. Web and email gateway solutions with anti-spam, anti-phishing, and social engineering attack protection features will ensure defense against this scheme.
Enterprise and SCADA software lead in vulnerability count
Trend Micro and the Zero Day Initiative (ZDI), with TippingPoint, discovered a total of 765 vulnerabilities (including 60 zero days) in 2016, with most of the vulnerabilities coming from Adobe® Acrobat® Reader DC and Advantech’s SCADA software WebAccess. WebAccess and other SCADA systems are used by public and private sectors to remotely automate industrial processes and utility services.
The usual suspect, Adobe Flash, did not top the list for Adobe vulnerabilities in 2016. This change could be attributed to more browsers adopting HTML5. Overall, there was a decrease in the number of Microsoft vulnerabilities. Meanwhile, Apple saw a significant rise in the vulnerabilities for its smartphone and desktop computing platforms.
Trend Micro and ZDI (with TippingPoint) discovered vulnerabilities 2015 versus 2016
Regular deployment of patches and vulnerability shielding are still the best ways to stay protected against zero-day exploits and potential attacks.
The Mirai botnet—made up of around 100,000 compromised Internet of Things (IoT) devices—was responsible for a large-scale distributed denial-of-service (DDoS) attack on Dyn servers, disrupting access to a number of their sites. The incident proves that attacks on IoT devices are more than just isolated cases and proofs of concept.
Overview of the Mirai DDoS Attack
To prevent similar future attacks, manufacturers are advised to regularly perform risk assessments and ensure the security of their devices’ communication protocols and software development kits (SDKs.) Users are also advised to change their device passwords frequently and keep their firmware up-to-date.
Threat Landscape
In 2016, the Trend Micro™ Smart Protection Network™ was able to detect and block over 81 billion threats. The increase in the threat count can be attributed to the total number of email threats blocked throughout the year. This is consistent with the prevalence of ransomware and BEC, as both threats are widely spread through email or spam.
Total number of threats blocked in 2016
There was a 56% increase in the total number of threats in 2016.
Overall threats blocked by the Trend Micro Smart Protection Network per year
We also rounded up other noteworthy security stories of 2016 that include the exploit kits that emerged after Angler’s demise, the mega breach that raised the issue of responsible disclosure of breached organizations, and the developments in banking Trojans and ATM malware. Read our annual security report and learn about the security strategies enterprises should adopt to fend off such threats.
DOWNLOAD FULL REPORT
HIDE
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Side-Channel Attacks RIDL, Fallout, and ZombieLoad Affect Millions of Vulnerable Intel Processors
BEC Scammers Steal US$1.75 Million From an Ohio Church
Mobile Ad Fraud Schemes: How They Work, and How to Defend Against Them 
Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers