The year of online extortion


10 March 2017

2016 was truly “the year of online extortion”. According to Trend Micro’s security roundup report for the year, there was a 752 percent increase in new ransomware families that ultimately resulted in US$1 billion in losses for enterprises worldwide.

“As threats have diversified and grown in sophistication, cybercriminals have moved on from primarily targeting individuals to focusing on where the money is: enterprises,” said Ed Cabrera, chief cybersecurity officer for Trend Micro. “Throughout 2016 we witnessed threat actors extort companies and organisations for the sake of profitability and we don’t anticipate this trend slowing down.

Business email compromise (BEC) scams also gained popularity among cybercriminals looking to extort enterprises. In Singapore, for example, 165 cases were reported between January and September last year, an increase of 20 per cent compared with the same period the previous year.

In one such case reported in the media, a local company received an email purportedly from its overseas business partner requesting for money. After transferring the money to a foreign bank account, the company realised that their partners’ email account had been compromised and that they had fallen prey to a scam.

Much like ransomware, BEC scams have proven to be incredibly lucrative for cybercriminals, resulting in an average of US$140,000 in losses for companies around the globe.

Trend Micro also reported that 75 billion out of the 81 billion threats blocked by its Smart Protection Network in 2016 were email-based, confirming email as the top entry point for threats.

The following are some of the other highlights of the Trend Micro report:

  • Record number of vulnerabilities discovered: Trend Micro and the Zero Day Initiative (ZDI) discovered a record high number of vulnerabilities in 2016, most of which were found in Adobe Acrobat Reader DC and Advantech’s WebAccess. Both applications are widely used throughout enterprise and Supervisory Control and Data Acquisition (SCADA) systems.
  • Angler arrested: Following the arrest of 50 cybercriminals, the once-dominant Angler exploit kit slowly faded out of the spotlight until it ceased to exist. While new exploit kits were quick to move into the space vacated by Angler, by the end of 2016, the amount of vulnerabilities included in exploit kits had decreased by 71 per cent.
  • Banking trojans and ATM malware target personal data: Attacks using ATM malware, skimming cards and banking trojans have diversified. Threat actors are now targeting personally identifiable information (PII) and credentials which can be used to gain a foothold inside enterprise networks.
  • Massive Mirai attack hints at IoT exploits to come: In October 2016, attackers took advantage of poorly secured IoT devices to issue a distributed denial-of-service (DDoS) attack that hijacked about 100,000 IoT devices and forced websites such as Twitter, Reddit and Spotify to go offline for several hours.
  • Yahoo’s history-making data breach sparks discussions on responsible disclosure: Yahoo experienced the largest data breach in history in August 2013, compromising 1 billion account users’ information. However, the incident was not disclosed until three months after reports of a separate data breach in September 2016, which involved 500 million more accounts. These events stirred up the responsible disclosure conversation and the accountability companies have to their customers regarding the security of user data.