The cyber breaches of 2017 had a wide range of sometimes conflicting patterns — for example, despite ample media warnings about the attack strategy, business email compromise stung many organizations — says a look back at the year by Trend Micro released this week.
However, it adds, there was a common thread: What the security vendors calls the “susceptibility” of people and organizations to leave themselves open to successful attacks. “Cybercriminals consistently pull on the susceptibility thread to unravel defense systems and obtain valuable assets at the expense of the innocent,” says the report. “These were the result of a destructive combination of increasingly aggressive threats and incomplete security practices.”
In 2017 big name enterprises — including Equifax, Yahoo, FedEx, Maersk, Google and Facebook — were victimized by different forms of cybercrime, the report notes, with huge amounts of money and information lost in the process. In addition to cash loses, “enterprises stand to lose their clients’ unquantifiable trust and patronage,” it points out.
Among the patterns Trend Micro researchers saw:
—Ransomware “changed the rules of the game.” By year’s end, there had been a 32-percent increase in the number of ransomware families from 2016 to 2017. At the same time the number of major players was considerably smaller compared to 2016. However, this leaner number “delivered a remarkable twist” by delivering punches like the WannaCry and Petya outbreaks. It is estimated these ransomware families resulted in an estimated US$5 billion in losses.
–Known software vulnerabilities were exploited in new ways. Thanks to another dump by the Shadow Brokers of what are believed to be vulnerabilities found by the U.S. National Security Agency, a number of attacks (including WannaCry) were crafted. That was on top of the 1,008 new vulnerabilities researchers around the world discovered in 2017. Worrying was the discovery of a steep rise in zero-day vulnerabilities, which increased 98 percent from 2016 — and all but six of these were as a steep rise in zero-day vulnerabilities between 2016 and 2017. Zero-day vulnerabilities increased 98 percent from 2016, and all but six of these were related to industrial supervisory control and data acquisition (SCADA) systems.
–Business email compromises (sometimes called business executive compromises), where a scammer posing as an executive tries to get employees to wire money, are rising. Citing news reports, the document notes that even Google and Facebook had been defrauded of over US$100 million by a man who allegedly used falsified invoices and convinced both companies that he was part of a partner manufacturing company. Most of the losses for both companies were promptly recouped after the incident. The most spoofed position was the chief executive officer, while the most targeted was the chief financial officer.
Companies of all sizes need to beef up their cybersecurity practices to stop BEC attacks, the report warns. “Educating executives and employees of all levels on how to effectively distinguish BEC scams and using security solutions that protect from spam and spear-phishing attempts are a company’s best defence against this growing, costly threat. It is also recommended to implement a multi-factor verification system for financial requests so as to spot scams before any money is paid out.”
–The rise in the value of cryptocurrencies is making them tempting targets. In addition to wallet theft, unauthorized cryptomining is a worry for enterprises. One campaign used tech support scams to deliver Coinhive’s cryptocurrency miner.
–IoT botnets are multiplying. In November a new Mirai campaign detected in South American and North African countries was found to be responsible for 371,640 attack attempts coming from around 9,000 unique IP addresses. But there’s a new trend: Using botnets for cryptomining. Trend Micro also warns that intelligent transportation systems, which vehicle makers and partners are pouring a lot of money into, are a potential new vector for attack.
Despite the WannaCry ransomware causing a worldwide stir, the IoT botnet-related events affected more devices — something enterprises should pay careful consideration to.
Finally, the report cites news stories to repeat a truism: Not all data breaches are caused by sophisticated infiltration. Sometimes, they’re the result of sheer carelessness or even neglect.
Examples: An improperly configured backup system at River City Media led to the exposure of 1.37 billion email addresses. And Deep Root Analytics, which had 1.1 terabytes of information on more than 198 million U.S. citizens, saw the data leaked because it was unintentionally uploaded to a publicly available server. And JobLink saw an unpatched vulnerability in its application code gave a hacker access to the information of 4.8 million job seekers across 10 states in the U.S.
