Kuala Lumpur (16 February 2017) — In a press briefing today, Trend Micro Incorporated shared key findings from this year’s annual security predictions report; highlighting the continued prevalence of Business Email Compromise (BEC) attacks amongst other rising security issues.
Business Email Compromise (BEC) and Business Process Compromise (BPC) are sophisticated scams targeting businesses that regularly perform wire transfer payments and it will continue to grow as a cost-effective and relatively simple form of corporate extortion. A BEC attack operates by luring an innocent employee to transfer money to a criminal’s account. Another option is hacking directly into a financial transaction system, which requires more work, will result in far greater financial windfalls for criminals.
“BEC attacks and ransomware have dominated the threat landscape so far in 2016, causing immense losses to businesses across industries and we continue to see cybercriminals adapting to the changing technology landscape,” said Goh Chee Hoh, Trend Micro Malaysia Managing Director. “While new ransomware saw an exceptional increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. We foresee new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”
The Internet of Things (IoT) and Industrial Internet of Things (IIoT) will also play a larger role in targeted attacks in 2017 as attackers become more interested in targeting connected devices to add botnets to carry out DDoS attacks. In the past year, IoT security has quickly escalated as a hot-button issue with multiple threats against the enterprise such as the Mirai botnet that took down Twitter, Amazon, and Netflix. IoT malware will open backdoors into the connected home that could go undetected for years.
In addition to that, the increased use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organisations.
There’s no silver bullet to solve these challenges. But you can go a long way by investing in products which offer vulnerability shielding. It’s the only way to reliably and proactively mitigate the risk of zero day and unpatched flaws.
Highlights from the 2017 predications report include:
- The number of new ransomware families is predicted to plateau, only growing 25 percent, but will branch out into IoT devices and non-desktop computing terminals, like PoS systems or ATMs
- Vendors will not secure IoT and IIoT devices in time to prevent denial of service and other attacks
- New vulnerabilities will continue to be discovered in Apple and Adobe, which will then be added to exploit kits
- With 46 percent of the world’s population now connected to the internet, the rise in cyber-propaganda will continue as new world leaders are appointed, potentially influencing public opinion with inaccurate information
- As seen in the Bangladesh Bank attack early in 2016, BPC attacks can allow cybercriminals to alter business processes and gain significant profits, and BEC attacks will continue to be useful to extort businesses via unsuspecting employees
- GDPR will force policy and administrative changes that will greatly impact costs and require organizations to conduct complete reviews of data processes to ensure compliance
- New targeted attack methods will focus on evading modern detection techniques to allow threat actors to target different organizations
To learn more about Trend Micro’s 2017 threat predictions, visit goo.gl/gQwmBw.