Story image

Cybercriminals likely to attempt GDPR extortion for greater ROI

01 Mar 18

The implementation of the EU's General Data Protection Regulations (GDPR) is just around the corner and there are some that say it could cause more harm than good.

Trend Micro has released the findings from its Security Roundup for 2017 that show a sharp increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refine and target their attacks for greater return.

The cybersecurity solutions provider says these trends are set to continue in 2018 with extortion attempts likely to target organisations that are trying to comply with new EU privacy laws.

Trend micro says cybercriminals are becoming smarter and more business-minded as they are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Because of this, it’s likely that cybercriminals will attempt to wrest money from enterprises by first determining the GDPR penalty that could result from an attack and then demanding a ransom of slightly less than that fine. The result being cybercriminals would hope these affected businesses would choose the ‘lesser of two evils’.

"The 2017 roundup report reveals a threat landscape as volatile as anything we've seen, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," says Trend Micro global threat communications director Jon Clay.

"It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively."

The report painted a pretty grim picture of the year just gone, after new ransomware families increased 32 percent, BEC attempts doubled between the first and second half, and soaring rates of cryptocurrency mining malware which peaked at 100,000 detections in October.

Internet of Things (IoT) devices continue to be a major security risk across several trending areas. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.

Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro's Zero Day Initiative and their 3,500+ independent whitehat researchers.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.