3 reasons cybercriminals 'strategically' target companies: report

Cybercriminals continue to ‘follow the money’ as they refine and target attacks against businesses for greater financial return, with extortion attempts likely on the rise, according to a new global report by Trend Micro.  

The Security Roundup for 2017 looks back at last year’s increase in ransomware, cryptocurrency mining and BEC (business email compromise) attempts, revealing cybercriminals are strategically targeting companies’ most valuable assets: money, data and reputation.

The trend will continue in 2018, with extortion attempts likely to target organisations trying to comply with new EU privacy laws.

“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cybercriminals increasingly finding they’re able to gain more - whether it’s money or data or reputation damage — by strategically targeting companies’ most valuable assets,” said Trend Micro director and data scientist, Dr Jon Oliver. 

The new report, The Paradox of Cyberthreats, said cybercriminals are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Based on this trend, the report said it’s likely that some will try to extort money from enterprises by first determining the GDPR penalty that could result from an attack, and then demand a ransom of slightly less than that fine, which CEOs might opt to pay.

“It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defences to mitigate risk effectively.”

The report also reveals: a 32 per cent increase in new ransomware families from 2016 to 2017; a doubling of BEC attempts between the first and second half of 2017; and soaring rates of cryptocurrency mining malware, peaking at 100,000 detections in October. Locally, in the last quarter Australia saw 253 per cent increase in blocked email threats.

Additionally, vulnerable IoT devices are also a major security risk across several trending threats.

Read more:Transurban takes express route to smart roads and driverless vehicles

Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed. Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro’s Zero Day Initiative and their 3,500+ independent whitehat researchers. 

“This year’s report provides great validation that our 2018 predictions are anchored in the data we’re seeing,” Oliver said.

“In Australia, we’re likely to see the number of reported breaches double this year, improving not only organisations’ transparency and compliance to NDB legislation changes but also minimising the value of the data criminals have access to.”

On the eve of the NDB legislation rollout, Oliver estimates the number of reported breaches to double this year.

Read more:APAC CIOs ahead of peers on AI, IoT, chatbots: Gartner survey

“If 2018 is the year of breach reporting, the benefits to this will be two-fold with organisations complying to government standards but also minimising the value of the data criminals have access to.”

IDG Insider


« How to reset your HomePod


The 500GB Samsung 960 Evo is at its cheapest price yet »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?