• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Ransomware   »   2016 – The Year of Online Extortion: Proven

2016 – The Year of Online Extortion: Proven

  • Posted on:August 23, 2016
  • Posted in:Ransomware, Security, Vulnerabilities & Exploits
  • Posted by:Christopher Budd (Global Threat Communications)
0

In his predictions for 2016, our Chief Technology Officer (CTO), Raimund Genes, said that 2016 would be the year for online extortion.

Today, with the release of our security roundup for the first half of 2016, we can say that Raimund’s prediction has been on the mark. In the first half of 2016, the ransomware threat has marked an unprecedented surge in the prevalence and success of online extortion.

Our research has shown a nearly incredible increase not just in the number of ransomware attacks, but in the multiplicity of ransomware families. In all of 2015, we saw 29 new families of ransomware. In the first half of 2016 alone, we’ve seen 79. That’s an increase of 172% in only six months over what previously took a full year to develop.

If you feel like you’re seeing a lot of ransomware and discussions about it lately, it’s because there’s a lot of it out there.

Unfortunately the ransomware threat shows no signs of abating anytime soon, which means it’s imperative that everyone take steps to protect themselves as best they can. Whether we’re talking about home users, small businesses or even large enterprises, taking steps to protect against ransomware is one of the smartest things you can do right now.

Of course, one of the best things you can do is look to your email security. And as I noted earlier, the benefit of doing that is you’re also addressing another major threat: Business Email Compromise (BEC). In our roundup, we show that BEC remains a major threat, especially for the United States and the United Kingdom. The BEC threat is real with major losses: the FBI listed over 22,000 victims to BEC scams from January 2015 to June 2016, with over US$3 billion in total losses all over the world. In particular, our analysis has shown that Chief Financial Officers (CFOs) are the primary targets of BEC. If your organization has a CFO, you should take extra steps to ensure he or she doesn’t become a victim of BEC.

In past reports, we’ve highlighted the dangers posed by exploit kits, like Angler and Neutrino. In the first half of 2016, those dangers are still present. Predictably, though, they have merged with the ransomware threat: all major exploit kits, and some new ones this year, are all aggressively delivering ransomware now. One thing that is notable in regards to exploit kits is that the competition between Angler and Neutrino has continued, with Neutrino surpassing Angler for the first time since early 2015. This is likely due to the arrest of individuals in Russia and the United Kingdom who were associated with Angler. Since that arrest, Angler’s presence has dropped precipitously, fast approaching zero, likely due to cybercriminals viewing the exploit kit as suspect now due to the law enforcement action.

With the addition of TippingPoint and the Zero Day Initiative to our own vulnerability research teams, Trend Micro now is in a position to offer an unparalleled view into vulnerability research trends. In the first half of 2016, our teams and researchers working through our Zero Day Initiative accounted for 473 newly reported vulnerabilities. Below is a table outlining the top ten products for vulnerabilities found by our own researchers and those working through our Zero Day Initiative.

Discovered by Trend Micro

(In partnership with TippingPoint)

Discovered through the Zero Day Initiative
  Product CVE’s Product CVE’s
1. Adobe Flash 28 Advantech Web Access 108
2. Google Android 11 Adobe Reader DC 26
3. Apple Mac OS X 11 Solar Winds Storage Resource Monitor Profiler Module 24
4. Apple iOS 8 Foxit Reader 23
5. Microsoft Office 5 Microsoft Internet Explorer 22
6. Microsoft Internet Explorer 3 Adobe Acrobat Pro DC 19
7. Qualcomm 1 Apple Mac OS X 17
8. Apache Active MQ 1 Oracle Application Testing Suite 15
9. ffmpeg 1 LeviStudio 14
10. Microsoft Edge 1 Microsoft Edge 13

Overall, the first half of 2016 has been a year of some surprises, particularly in terms of how significant the ransomware threat has become. Of course, these are just some highlights of the report: there’s much more detail to be found in the full report.

We’ll be back in six months to review the overall trends that we saw in 2016. Before that, though, we will release our 2017 predictions.

Related posts:

  1. 2016: The Year of Online Extortion
  2. Angler: The Rise and Fall of an Exploit Kit
  3. Exploits as a Service: How the Exploit Kit + Ransomware Tandem Affects a Company’s Bottom Line
  4. 2016 Review of Vulnerabilities

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.