Story image

Cybercriminals likely to attempt GDPR extortion for greater ROI

01 Mar 18

The implementation of the EU's General Data Protection Regulations (GDPR) is just around the corner and there are some that say it could cause more harm than good.

Trend Micro has released the findings from its Security Roundup for 2017 that show a sharp increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refine and target their attacks for greater return.

The cybersecurity solutions provider says these trends are set to continue in 2018 with extortion attempts likely to target organisations that are trying to comply with new EU privacy laws.

Trend micro says cybercriminals are becoming smarter and more business-minded as they are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Because of this, it’s likely that cybercriminals will attempt to wrest money from enterprises by first determining the GDPR penalty that could result from an attack and then demanding a ransom of slightly less than that fine. The result being cybercriminals would hope these affected businesses would choose the ‘lesser of two evils’.

"The 2017 roundup report reveals a threat landscape as volatile as anything we've seen, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," says Trend Micro global threat communications director Jon Clay.

"It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively."

The report painted a pretty grim picture of the year just gone, after new ransomware families increased 32 percent, BEC attempts doubled between the first and second half, and soaring rates of cryptocurrency mining malware which peaked at 100,000 detections in October.

Internet of Things (IoT) devices continue to be a major security risk across several trending areas. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.

Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro's Zero Day Initiative and their 3,500+ independent whitehat researchers.