pixel_dreams - Fotolia

Trend Micro confirms rise of ransomware and whaling

Ransomware is confirmed as a pervasive threat and whaling emerges as a strong trend, according to the latest security report by Trend Micro

The occurrence of ransomware families nearly doubled, up by 172%, in the first half of 2016 compared with the whole of 2015, the latest report from security firm Trend Micro shows.

Whaling attacks, also known as business email compromise (BEC) and CEO fraud, also emerged as a major trend, accounting for $3bn in losses in the US alone in the first six months of 2016.

Trend Micro identified a total of 79 new ransomware families in the first six months of this year, with 58% of ransomware attacks in the first half originating from attachments in spammed emails.

Ransomware is now a prevalent and pervasive threat, with variants designed to attack all levels of the network, the report said.

The uptick in malware is in line with Trend Micro’s predictions that online extortion will increase in 2016 as cyber criminals devise new ways to personalise attacks.

The report said cyber criminals are becoming increasingly creative with their tactics. For example, Jigsaw ransomware threatens to delete a number of files for every hour a ransom is not paid, and Surprise ransomware increases the ransom amount if the payment deadline is not met.

The first half the year also saw the rise of several ransomware families built with routines designed to attach enterprise machines and endpoints, such as Crypsam, Zcrypt, CrypJoker, Crypradam and Powerware.

“Ransomware is capable of crippling organisations that face it, and the cyber criminals spearheading these attacks are creatively evolving on a continuous basis to keep enterprises guessing,” said Raimund Genes, chief technology officer at Trend Micro.

“It has dominated the threat landscape so far in 2016, causing immense losses to businesses across multiple industries. Enterprises must adopt multi-layered security solutions to optimally combat these threats, which could attempt to penetrate corporate networks at any time,” he said.

Read more about ransomware

The report also confirmed an increase in popularity of whaling attacks, in which cyber criminals compromise business email accounts in order to facilitate an unauthorised fund transfer, usually by impersonating people who have access to a company’s finances or manipulating people with such access by pretending to be the company chief executive.

The report showed whaling attacks are most prevalent in the US, followed by the UK, Hong Kong, Japan and Brazil. Research showed that in the first half of the year, such scams targeted chief financial officers and their email accounts more than any other role in a company.

Trend Micro with Tipping Point and Zero Day Initiative found a total of 473 vulnerabilities in a variety of products, the report said.

Most vulnerabilities were found in Adobe Flash and Advantech’s Web Access, a web-based human machine interface, and Scada (supervisory control and data acquisition) software that remotely automates industrial processes and is used by many companies in the private and public sectors.

Out of 108 vulnerabilities discovered in Advantech’s WebAccess, 28 were zero-day vulnerabilities, the report said.

Criminals resilient and flexible

“While it is unfortunate for us, cyber criminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, chief cyber security officer at Trend Micro.

“This creates massive problems for enterprises and individuals alike because the threats change as often as solutions are provided,” he added. “It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles.”

The report also noted that data breaches plagued various industries in the first half of the year in both the private and public sectors, that updates in point-of-sale (PoS) malware gave rise to new attacks and that Shellshock exploits increased in the first half of the year with thousands of new exploits each month, despite available patches.

Trend Micro said this was an example of the benefit of virtual patching, which provides faster protection to enterprise networks when vulnerabilities surface.

Read more on Hackers and cybercrime prevention