Hackers expand their repertoire as Trend Micro blocks 52 billion threats in 2019

By Ian Heritage

Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s latest annual roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.

In response, many CISOs are rightly re-examining how they approach threat defence. Rather than create potential security gaps and risk budget shortfalls through best-of-breedinvestments, they’re understanding that it may be better to consolidate on one provider that can do it all.

The state of play

Our report provides an alarming snapshot into a threat landscape characterised by volatility and chaos. Financially motivated cyber-criminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface. 

Three trends in the report stand out:

Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10% to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defence strategies.

Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91%) of threats we blocked last year, and increased 15% in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100% from the previous year. BEC attacks, which the FBI has claimed cost more than any other cybercrime typelast year, grew 5%.

The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. We also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts

What happens now?

This is just the tip of the iceberg. We also detected increases in mobile malware (6%), brute force IoT logins (189%) and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimising defence at each layer.

Here’s a quick checklist of elements to consider:• Network segmentation, regular back-ups and continuous network monitoring to help tackle ransomware• Improved security awareness programs so users can betterspot BEC and phishing attempts• Monitor vulnerabilities and misconfigurations in supply chain partners’ systems to defend against Magecart attacks• Scan container images at build and runtime for malware and vulnerabilities• Keep all systems and software on latest versions• Two-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like RDP and developer tools

To find out more, read Trend Micro’s 2019 roundup report here!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.