More than 1.1 million ransomware threats have hit Australia this year alone, with massive growth in both ransomware types and money lost from the scams, says Trend Micro.
The company's latest report, 'The Reign of Ransomware', showed that the 172% increase in ransomware hits have been through emails, documents and URLs, accountable for 58% of all attacks.
Business email compromise (BEC) scams cost upwards of US$3 billion, with more than 22,000 victims so far.
In 2016, more than 500 vulnerabilities were found across a range of products, including 28 from Adobe Flash and 108 from Advantech's Web Access program.
79 new malware families have formed, a record high compared to 2015. These families have accounted for US$209 million in losses.
Data breaches continue to plague large websites such as MySpace, hospitals and government organisations, while
“Ransomware is capable of crippling organisations who face it, and the cybercriminals spearheading these attacks are creatively evolving on a continuous basis to keep enterprises guessing. It has dominated the threat landscape so far in 2016, causing losses and immense business disruption across multiple industries. Australian enterprises must adopt multi-layered security solutions to optimally combat these threats that could attempt to penetrate corporate networks at any time," says Dr. Jon Oliver, senior security architect at Trend Micro.
In addition, exploit kits are becoming more popular. Research demonstrates that while usage of kits such as Angler dropped due to cybercriminal arrests, they were replaced by others such as Neutrino and Sundown.
The company says that unpatched software is one of many weak points in cybersecurity, and also provides attack kits easy access.
Shellshock exploits are also becoming more common, even though patches are available. Trend Micro says this illustrates the importance of virtual patching.
“While it's unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution. This creates massive problems for enterprises and individuals alike since the threats change as often as solutions are provided. It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles," Oliver continues.
Point-of-Sale malware affected SMEs worldwide through FastPoS and FighterPoS, which stole credit card information.
Banking trojans such as QAKBOT also took over stealing banking credentials and user data, after the creators of DYRE were arrested.
“Australian consumers have continued to be targeted with ransomware threats in the first half of this year. Consumers should make themselves aware of the threats and ensure all their devices – from smartphones to PCs to connected smart devices – are protected," concludes Tim Falinski, consumer director, Trend Micro Australia and New Zealand.