Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019

Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019  roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.

In response, many CISOs are rightly re-examining how they approach threat defense. Rather than create potential security gaps and risk budget shortfalls through best-of-breed investments, they’re understanding that it may be better to consolidate on one provider that can do it all.

The state of play

Our report provides an alarming snapshot into a threat landscape characterized by volatility and chaos. Financially motivated cybercriminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface.

Three trends in the report stand out:

Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10% to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defense strategies.

Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91%) of threats we blocked last year, and increased 15% in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100% from the previous year. BEC attacks, which the FBI has claimed cost more than any other cybercrime type last year, grew 5%.

The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. We also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts.

What happens now?

This is just the tip of the iceberg. We also detected a 189% brute force IoT logins, an increase in mobile malware, and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimizing defense at each layer.

Here’s a quick checklist of elements to consider:

  • Network segmentation, regular back-ups and continuous network monitoring to help tackle ransomware
  • Improved security awareness programs so users can better spot BEC and phishing attempts
  • Monitor vulnerabilities and misconfigurations in supply chain partners’ systems to defend against Magecart attacks
  • Scan container images at build and runtime for malware and vulnerabilities
  • Keep all systems and software on latest versions
  • Two-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like RDP and developer tools

To find out more, read Trend Micro’s 2019 roundup report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/the-sprawling-reach-of-complex-threats.

Read More HERE