sb-nz logo
Story image

Cybercriminals likely to attempt GDPR extortion for greater ROI

01 Mar 2018

The implementation of the EU's General Data Protection Regulations (GDPR) is just around the corner and there are some that say it could cause more harm than good.

Trend Micro has released the findings from its Security Roundup for 2017 that show a sharp increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refine and target their attacks for greater return.

The cybersecurity solutions provider says these trends are set to continue in 2018 with extortion attempts likely to target organisations that are trying to comply with new EU privacy laws.

Trend micro says cybercriminals are becoming smarter and more business-minded as they are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Because of this, it’s likely that cybercriminals will attempt to wrest money from enterprises by first determining the GDPR penalty that could result from an attack and then demanding a ransom of slightly less than that fine. The result being cybercriminals would hope these affected businesses would choose the ‘lesser of two evils’.

"The 2017 roundup report reveals a threat landscape as volatile as anything we've seen, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," says Trend Micro global threat communications director Jon Clay.

"It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively."

The report painted a pretty grim picture of the year just gone, after new ransomware families increased 32 percent, BEC attempts doubled between the first and second half, and soaring rates of cryptocurrency mining malware which peaked at 100,000 detections in October.

Internet of Things (IoT) devices continue to be a major security risk across several trending areas. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.

Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro's Zero Day Initiative and their 3,500+ independent whitehat researchers.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More