Story image

Cybercriminals likely to attempt GDPR extortion for greater ROI

01 Mar 2018

The implementation of the EU's General Data Protection Regulations (GDPR) is just around the corner and there are some that say it could cause more harm than good.

Trend Micro has released the findings from its Security Roundup for 2017 that show a sharp increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refine and target their attacks for greater return.

The cybersecurity solutions provider says these trends are set to continue in 2018 with extortion attempts likely to target organisations that are trying to comply with new EU privacy laws.

Trend micro says cybercriminals are becoming smarter and more business-minded as they are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Because of this, it’s likely that cybercriminals will attempt to wrest money from enterprises by first determining the GDPR penalty that could result from an attack and then demanding a ransom of slightly less than that fine. The result being cybercriminals would hope these affected businesses would choose the ‘lesser of two evils’.

"The 2017 roundup report reveals a threat landscape as volatile as anything we've seen, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," says Trend Micro global threat communications director Jon Clay.

"It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively."

The report painted a pretty grim picture of the year just gone, after new ransomware families increased 32 percent, BEC attempts doubled between the first and second half, and soaring rates of cryptocurrency mining malware which peaked at 100,000 detections in October.

Internet of Things (IoT) devices continue to be a major security risk across several trending areas. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.

Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro's Zero Day Initiative and their 3,500+ independent whitehat researchers.

Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.