• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Malware   »   Takeaways from the 2016 Threat Landscape

Takeaways from the 2016 Threat Landscape

  • Posted on:February 28, 2017
  • Posted in:Malware, Ransomware, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Every year Trend Micro takes a look back at the threat landscape from the previous year and analyzes the data we receive from our massive customer base around the world and reports on the trends we saw and the key threats that affected the cyber world. In our 2016 security roundup report, A Record Year for Enterprise Threats, we identified a number of the most critical threats that affected our commercial customers.

The following are some key takeaways we found when analyzing this data and how you can protect your environment from these.

 

Ransomware was the top threat in terms of volume and the amount of money generated by cybercriminals in 2016. Our threat researchers identified 247 new ransomware families in 2016 compared to 29 in 2015, a 752 percent increase. We saw many different iterations of new ransomware as the actors behind this threat constantly changed their tactics including new ways to infect users, different ransom demands, and ways to extort more money from victims. Email is still the No. 1 way ransomware is infecting victims (79 percent of victims came from email) but we also saw exploit kits adopting ransomware into their kits regularly and the use of malicious URLs to distribute ransomware also utilized. Ransoms ranged from an average of 1-2 bitcoins to some customized ransoms in the 100-bitcoin range for some victims.

Ransomware will continue to be a problem for businesses in 2017, but a multi-layered security solution that starts with enhanced messaging and web security and includes endpoint behavioral and machine learning capabilities is a good way to start minimizing the risk of infection.

Business Email Compromise (BEC) grew in 2016 and made its way into 92 different countries around the world. The reason for this growth is ROI. The upside for cybercriminals with this threat is great as the average loss, per the FBI, of this threat is $140K US dollars. The main BEC threat is using a simple email to a finance employee requesting them to wire transfer money to an account, with the email coming from a trusted and typically executive position within the company, like the CEO, President, or CFO. What makes this difficult to detect is the email usually has no payload (attachment or embedded URL) with which email security solutions so often require to detect. We expect this threat to continue in 2017 due to its simplicity and payoff.

Trend Micro has been researching and disclosing vulnerabilities for a long time, but with our acquisition of TippingPoint and the Zero Day Initiative (ZDI) we now have one of, if not the world’s best vulnerability research organizations today. Between ZDI and Trend Micro, 765 vulnerabilities were discovered and responsibly disclosed in 2016. These vulnerabilities ranged greatly from Operating Systems, to business applications, to even ICS/SCADA systems. Some key trends were seen in 2016 like the decrease in vulnerabilities within Microsoft products (47 percent decrease) but a significant increase (147 percent increase) in Apple vulnerabilities. We also saw a decrease in the number of vulnerabilities added to exploit kits for the year as well in the number of exploit kits due to the arrest of the Angler exploit kit authors and others leaving the scene. While this is good news, we do caution organizations to be vigilant in patching as this is still an easy way for threat actors to compromise their systems.

Banking and ATM malware held steady in 2016 with the re-emergence of QAKBOT banking Trojan due to the arrest of the DYRE/DYREZA authors. ATM malware continued to be found around the world and a new variant, ALICE, emerged with some interesting operational aspects. Organizations who operate ATMs should ensure both physical security and cyber security of their devices and regularly patch these devices and look towards using application control to lockdown the OS/Applications running on these ATMs. Consumers should regularly change their account credentials with their online banking accounts to minimize the threat of account compromise and utilize a robust Internet Security solution.

You can get more details on the data behind these threats in 2016 as well as other threats we covered within our roundup report by downloading a copy here. More blogs will be published in the coming days/weeks breaking out a few other key areas of the 2016 threat landscape for your reading pleasure.

Related posts:

  1. 2016 Review of Vulnerabilities
  2. 2016 – The Year of Online Extortion: Proven
  3. RSA 2016: Top Four Takeaways
  4. The New Mobile Threat Landscape, circa 2017 to 2018

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.