Emails have become the battleground for the first half of the year in terms of security. It is the number one infection vector that have ushered in 2016’s biggest threats so far—ransomware and business email compromise (BEC). Ransomware infections normally start via email. Based on our findings, 71% of the known ransomware families’ delivery method is through spam.
Looking at the threat trends so far, both ransomware and BEC have proved profitable across the world. This echoes our prediction that 2016 would be the Year of Online Extortion. Ransomware continues to threaten business-critical data and cost organization thousands of dollars in losses; BEC scams bank on social engineering lures that lead even companies’ top decision-makers to transfer huge sums of money—totaling to over US$3 billion in estimated losses.
Through our own analysis and data from the Trend Micro Smart Protection Network, we were able to map how the respective threats impacted different regions. From January to June 2016, we were able to catalog the number of companies attacked by BEC scams, as well as the number of email-based ransomware threats.
Figure 1. Regional breakdown by volume of ransomware threats
Figure 2. Regional breakdown by volume of organizations affected by BEC scams
Our telemetry shows that ransomware’s scope is more widespread than BEC as it targets countries in Europe, Middle East, and Africa. The prevalence of BEC scams are higher in the North American region, with fewer countries but more targeted—attackers behind BEC scams most often impersonate and target C-level executives.
Email is the preferred attack vector
58% of the nearly 80 million ransomware threats Trend Micro blocked from January to June 2016 are email-borne ransomware. BEC scams, on the other hand, all arrive via email. These factors make the two threats quite formidable, as email remains a firm staple in everyday business.
They both also utilize social engineering. In ransomware’s case, it’s for the user to click and run the ransomware attached to their opening email. For BECs, it’s to trick the targeted officer into thinking that their request for a money transfer is legitimate, without the usual malware payload.
For comparison, below is a sample of a ransomware-carrying email, as well as one of a BEC in progress.
Figure 3. Ransomware email sample
Figure 4. BEC email sample
Knowing that these threats use email as an attack vector, companies should strengthen employee education and invest smartly in email protection. With these, the threat of ransomware and BEC attacks can be greatly reduced.
Businesses should look into email security solutions that have the ability to identify and block emails, files, and URLs related to ransomware, before even reaching endpoints, as well as in-depth analysis of attachments, virtual analysis of URLs, script emulation, zero-day exploit detection and so on. Our security offering, Trend Micro™ Deep Discovery™ Email Inspector, is a prime example of such an offering.
Another solution that would definitely work well against BEC scams is our own Trend Micro Interscan™ Messaging Security Virtual Appliance. It detects and flags spear phishing and socially-engineered emails by correlating email components with new social engineering attack protection technologies in order to block them before even reaching employee mailboxes.
Finally, in the case of malware-using BEC attacks, Trend Micro Network Defense solutions detect and block them through capabilities such as the detection of network anomalies, custom sandbox analysis, as well as a shared and correlated threat insight with all the other technologies working in synergy.
For more on these and other business-crippling threats such as exploit kits, vulnerabilities, and data breaches, and how to defend against them, read our 1H 2016 security roundup, The Reign of Ransomware.