Cybercriminals Changing Tactics as Seen in First Half Report

Today, Trend Micro released its first half 2018 security roundup report in which we want to share the threat intelligence we discovered through the Trend Micro™ Smart Protection Network™ that allows us to identify the threats that have targeted our customer base. Below are some thoughts I’d like to share with you about these trends and how they could affect you and your organization.

Cybercriminals regularly change who they target, how they target them, and what they are after. Most recently we’ve seen a shift from large ransomware spam campaigns to more targeted attacks using ransomware as the tool to disrupt critical business operations. Any organization that depends on critical systems to run their businesses need to ensure they have prepared themselves for a targeted attack. Secondly, we’ve seen a shift towards cryptomining and cryptojacking as the predominate threat for many cybercriminals today. This threat has taken over as the threat du jour within the criminal undergrounds, with a lot of chatter on how best to perpetrate this crime. While this threat is not as destructive as ransomware, it can disrupt system operations, as the goal of most cryptomining malware is to use as many system resources as possible to perform the mining functions, and as such the system will not be supporting its primary business operation.

Any organization that supports critical infrastructure needs to look at how to harden up their ICS/SCADA networks as we’re starting to see threat actors looking to perform destructive attacks versus simply doing reconnaissance and testing capabilities when compromising these networks. As our Zero Day Initiative is finding out, vulnerabilities within the applications and devices in this sector are increasing and, more worrying, we’re not seeing quick patching of the vulnerabilities by the affected vendors. This will likely change as the vendors are made more accountable for fixing their bugs, but until then providers of critical infrastructure need to build improved patching processes, like the use of virtual patching at the network and host layers.

As the FBI has shared, the BEC threat has been increasing every year since 2013 with total losses from this threat reaching $12B US. This shows the threat actors behind these attacks are emboldened due to the simplicity (i.e. low investment in perpetrating), as well as the high monetary returns. We will likely see more actors and criminal syndicates leveraging this threat to target businesses of all sizes. The good news is that diligence in educating your financial and HR employees on how to identify this threat, along with implementing two-factor verification of requests, can greatly mitigate the risk of compromise.

Overall, organizations need to continue being vigilant in reviewing their security processes, as well as their existing cybersecurity solutions. Solution sprawl is a real problem due to technological complexities and a lack of trained personnel required to run them. Instead, businesses should look at consolidating and connecting their defenses in a way that allows faster protections from new threats and improved visibility across their entire network infrastructure. Lastly, look to invest in and enable advanced threat protections that are coming to market using artificial intelligence and machine learning, but don’t forget that many traditional technologies are still very effective at stopping a bulk of today’s threats.

There’s more details within our report you should read to ensure you have a full understanding of the threats we saw during this most recent first half. I will also be covering the trends and data in my upcoming live monthly threat webinar series I do on August 30 or watch it on-demand later.

If you have any questions or comments, please do so below.

Read More HERE