2016 – The Year of Online Extortion: Proven

In his predictions for 2016, our Chief Technology Officer (CTO), Raimund Genes, said that 2016 would be the year for online extortion.

Today, with the release of our security roundup for the first half of 2016, we can say that Raimund’s prediction has been on the mark. In the first half of 2016, the ransomware threat has marked an unprecedented surge in the prevalence and success of online extortion.

Our research has shown a nearly incredible increase not just in the number of ransomware attacks, but in the multiplicity of ransomware families. In all of 2015, we saw 29 new families of ransomware. In the first half of 2016 alone, we’ve seen 79. That’s an increase of 172% in only six months over what previously took a full year to develop.

If you feel like you’re seeing a lot of ransomware and discussions about it lately, it’s because there’s a lot of it out there.

Unfortunately the ransomware threat shows no signs of abating anytime soon, which means it’s imperative that everyone take steps to protect themselves as best they can. Whether we’re talking about home users, small businesses or even large enterprises, taking steps to protect against ransomware is one of the smartest things you can do right now.

Of course, one of the best things you can do is look to your email security. And as I noted earlier, the benefit of doing that is you’re also addressing another major threat: Business Email Compromise (BEC). In our roundup, we show that BEC remains a major threat, especially for the United States and the United Kingdom. The BEC threat is real with major losses: the FBI listed over 22,000 victims to BEC scams from January 2015 to June 2016, with over US$3 billion in total losses all over the world. In particular, our analysis has shown that Chief Financial Officers (CFOs) are the primary targets of BEC. If your organization has a CFO, you should take extra steps to ensure he or she doesn’t become a victim of BEC.

In past reports, we’ve highlighted the dangers posed by exploit kits, like Angler and Neutrino. In the first half of 2016, those dangers are still present. Predictably, though, they have merged with the ransomware threat: all major exploit kits, and some new ones this year, are all aggressively delivering ransomware now. One thing that is notable in regards to exploit kits is that the competition between Angler and Neutrino has continued, with Neutrino surpassing Angler for the first time since early 2015. This is likely due to the arrest of individuals in Russia and the United Kingdom who were associated with Angler. Since that arrest, Angler’s presence has dropped precipitously, fast approaching zero, likely due to cybercriminals viewing the exploit kit as suspect now due to the law enforcement action.

With the addition of TippingPoint and the Zero Day Initiative to our own vulnerability research teams, Trend Micro now is in a position to offer an unparalleled view into vulnerability research trends. In the first half of 2016, our teams and researchers working through our Zero Day Initiative accounted for 473 newly reported vulnerabilities. Below is a table outlining the top ten products for vulnerabilities found by our own researchers and those working through our Zero Day Initiative.

Overall, the first half of 2016 has been a year of some surprises, particularly in terms of how significant the ransomware threat has become. Of course, these are just some highlights of the report: there’s much more detail to be found in the full report.

We’ll be back in six months to review the overall trends that we saw in 2016. Before that, though, we will release our 2017 predictions.