Story image

Cybercriminals likely to attempt GDPR extortion for greater ROI

01 Mar 18

The implementation of the EU's General Data Protection Regulations (GDPR) is just around the corner and there are some that say it could cause more harm than good.

Trend Micro has released the findings from its Security Roundup for 2017 that show a sharp increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past 12 months as cybercriminals refine and target their attacks for greater return.

The cybersecurity solutions provider says these trends are set to continue in 2018 with extortion attempts likely to target organisations that are trying to comply with new EU privacy laws.

Trend micro says cybercriminals are becoming smarter and more business-minded as they are increasingly abandoning exploit kits and spray-and-pray tactics in favour of more strategic attacks designed to improve their return on investment.

Because of this, it’s likely that cybercriminals will attempt to wrest money from enterprises by first determining the GDPR penalty that could result from an attack and then demanding a ransom of slightly less than that fine. The result being cybercriminals would hope these affected businesses would choose the ‘lesser of two evils’.

"The 2017 roundup report reveals a threat landscape as volatile as anything we've seen, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," says Trend Micro global threat communications director Jon Clay.

"It confirms our view that there is no silver bullet when it comes to the sheer range of cyberthreats facing organisations. Businesses instead need a cross-generational security solution that uses a blend of proven security protections with the best new defenses to mitigate risk effectively."

The report painted a pretty grim picture of the year just gone, after new ransomware families increased 32 percent, BEC attempts doubled between the first and second half, and soaring rates of cryptocurrency mining malware which peaked at 100,000 detections in October.

Internet of Things (IoT) devices continue to be a major security risk across several trending areas. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.

Software vulnerabilities also continued to be targeted, with 1,009 new flaws discovered and disclosed in 2017 through Trend Micro's Zero Day Initiative and their 3,500+ independent whitehat researchers.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.