Credit to Author: Jon Clay (Global Threat Communications)| Date: Mon, 04 Mar 2019 15:00:20 +0000
Do you ever question the value of the mounds of data we all collect? We make a point to stop, analyze and share, especially because we know you might not have the time. So, I bring you our annual look back at the more interesting security events and trends seen last year. The report, Caught in the Net: Unraveling the Tangle of Old and New Threats, analyzes our threat data from the hundreds of millions of sensors we have deployed globally to identify the top threats seen. Let’s dive into a few of the more interesting items, but download and read the full report to get details on all we saw in 2018.
Top Trends
Phishing URLs increased 269% compared to 2017. Threat actor continue looking to steal login credentials to get full access to a victim’s accounts. In most cases we’re seeing phishing webpages associated with Office365 and other email accounts, as compromising an email account allows them to easily send out malicious emails purporting to come from that user. These emails will are more likely to be believed as they come from a trusted source.
Socially engineered attacks have gained interest with cybercriminals, mostly using fraudulent emails towards their victims. Email is still the most used threat vector against employees when an actor wants to infiltrate a corporate network. The actors will use Open Source Intelligence (OSINT) to identify the victim’s interests to craft a believable socially engineered email, fooling the victim into opening a weaponized attachment or click on a malicious embedded link.
Ransomware continues to decline, but it is still an issue for many organizations who have not deployed improved security controls, including proper backup procedures. We saw a decline in the number of new ransomware families, as well as detections of ransomware, which appears to indicate threat actors have lost some interest in this threat. Reasons can stem from improved detection capabilities, like the use of machine learning and behavior monitoring, to the lack of infected organizations paying the ransoms. However, we still see a large number of WannaCry detections every month, but that is likely due to its worm capability – it wants to automatically spread to as many systems as possible. Organizations that have deployed the improved ransomware detection capabilities and a good backup strategy are able to respond to any infections quickly and clean up effectively, thus not needing to pay the ransom.
Business Email Compromise (BEC) continues to rise, as seen by our data around the world. This threat is more targeted, which is why the numbers are still fairly low compared to other threats, but the average amount lost per successful attack is huge compared to ransomware. The FBI states the average loss is around $150,000 per attack. This big payoff is why we will continue to see threat actors use this attack method against select targets around the world. The good news for organizations is that newer AI and machine learning powered technologies are available to detect these emails before an employee can wire transfers money to the cybercriminals.
Vulnerabilities continue to grow. The Trend Micro Zero Day Initiative (ZDI) bug bounty program continues to see increased submissions each year and 2018 was no exception with a 43% increase compared to 2017. The usual players were well represented, like Microsoft and Adobe, but in recent years we’ve seen more submissions for ICS vendors. This is mainly around Human Machine Interface (HMI) software vendors that manage multiple ICS/SCADA devices on a network. This increase is positive for everyone, as it takes these vulnerabilities out of the hands of criminals who may look to exploit the vulnerabilities in critical infrastructure attacks.
Beyond these trends being an interesting look at how the threat landscape continues to evolve, we also use this insight to benefit our customers. The majority of the data we share in our reports comes from the Trend Micro Smart Protection Network and is processed by both automation and human analysis to identify what is good and bad. This information is then used to develop protections, but only if we cannot already detect them at 0-hour. Our data scientists use our massive data repositories to develop new technologies in artificial intelligence and machine learning that will help us detect threats at first sight.
An example of this is our new Writing Style DNA, which is used within our messaging security solutions to build a model of how a person writes emails. Once the model is complete, our technology can identify emails not written by the employee and flag them as potentially fraudulent emails. This is important, as you read earlier that threat actors look to compromise the email accounts of executives and other employees. If this happens and they craft an email from the compromised account, the likelihood that they write an email the same way as the victim is fairly low and we can use this Writing Style DNA technology to detect such fraudulent emails.
All of our researchers use the data and information we obtain from real-world attacks to improve our products and technologies, which improves our protection of your data and business. Our mission is to make the world safe for exchanging digital information and the reports and research we publish regularly can help you stay aware of the changing threat landscape.
These are only a few of the insights you can obtain through the full report and we recommend you download the full report today. You can also check out our 2019 predictions report to get some ideas on what we will see this year. You can also look forward to our 2019 mid-year report, which we’ll publish in Q3’19 covering the first half of this year.