Story image

Trend Micro 2016 report: 1.1 million ransomware hits against Australia

30 Aug 16

More than 1.1 million ransomware threats have hit Australia this year alone, with massive growth in both ransomware types and money lost from the scams, says Trend Micro.

The company's latest report, 'The Reign of Ransomware', showed that the 172% increase in ransomware hits have been through emails, documents and URLs, accountable for 58% of all attacks.

Business email compromise (BEC) scams cost upwards of US$3 billion, with more than 22,000 victims so far.

In 2016, more than 500 vulnerabilities were found across a range of products, including 28 from Adobe Flash and 108 from Advantech's Web Access program.

79 new malware families have formed, a record high compared to 2015. These families have accounted for US$209 million in losses.

Data breaches continue to plague large websites such as MySpace, hospitals and government organisations, while

“Ransomware is capable of crippling organisations who face it, and the cybercriminals spearheading these attacks are creatively evolving on a continuous basis to keep enterprises guessing. It has dominated the threat landscape so far in 2016, causing losses and immense business disruption across multiple industries. Australian enterprises must adopt multi-layered security solutions to optimally combat these threats that could attempt to penetrate corporate networks at any time," says Dr. Jon Oliver, senior security architect at Trend Micro.

In addition, exploit kits are becoming more popular. Research demonstrates that while usage of kits such as Angler dropped due to cybercriminal arrests, they were replaced by others such as Neutrino and Sundown.

The company says that unpatched software is one of many weak points in cybersecurity, and also provides attack kits easy access.

Shellshock exploits are also becoming more common, even though patches are available. Trend Micro says this illustrates the importance of virtual patching.

“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution. This creates massive problems for enterprises and individuals alike since the threats change as often as solutions are provided. It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles," Oliver continues.

Point-of-Sale malware affected SMEs worldwide through FastPoS and FighterPoS, which stole credit card information.

Banking trojans such as QAKBOT also took over stealing banking credentials and user data, after the creators of DYRE were arrested.

“Australian consumers have continued to be targeted with ransomware threats in the first half of this year. Consumers should make themselves aware of the threats and ensure all their devices – from smartphones to PCs to connected smart devices – are protected," concludes Tim Falinski, consumer director, Trend Micro Australia and New Zealand.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.