Cybercriminals changing business models to maximise profit from businesses and consumers in Australia and New Zealand
Trend Micro has released its annual security predictions report, “The next tier – 8 security predictions for 2017.” The upcoming year will include an increased breadth and depth of attacks on both businesses and consumers across Australia and New Zealand, with cybercriminals evolving their tactics to capitalise on changing technology.
“Next year will take the cybersecurity industry in ANZ into new territory after 2016’s threat landscape opened doors for cybercriminals to explore a wider range of attacks and attack surfaces,” said Dr. Jon Oliver, data scientist and senior architect at Trend Micro. “Cybercriminals have continuously changed their business models to ensure maximum profits from their activity, and we will continue to see this transform with new attack methods threatening corporations, expanding ransomware tactics impacting more devices.”
In 2016, there was a large increase in Apple® vulnerabilities, with 50 disclosed, along with 135 Adobe bugs and 76 affecting Microsoft. This apparent shift in exploits against vulnerable software will continue in 2017 as Microsoft’s mitigations continue to improve and Apple is seen as a more prominent operating system.
The Internet of Things (IoT) and Industrial Internet of Things (IIoT) will play a larger role in targeted attacks in 2017. These attacks will capitalise on the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with Mirai. The increasing use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organisations.
The increased proliferation of devices connected to the internet in homes across ANZ – from tablets and smartphones to gaming consoles, smart TVs and internet connected kitchen appliances – will open new security holes ripe for targeting.
“Ransomware will explode and diversify due to the ability for cybercriminals to not just threaten data encryption, but threaten inconvenience and potential damage through devices in the home,” continued Dr. Oliver. “Australians and New Zealanders will be targeted based on our reliance on convenience and our relative affluence.”
“The rise in popularity of connected devices will see homes being more connected than ever before,” said Tim Falinski, consumer director for Trend Micro in APAC. “While traditional devices such as laptops and home PCs are usually protected by security software, these new smart devices being used to access the internet at home are often forgotten and can be a huge security risk for families.”
Business Email Compromise (BEC) and Business Process Compromise (BPC) will continue to grow as a cost-effective and relatively simple form of corporate extortion. A BEC attack might yield $140,000 by luring an innocent employee to transfer money to a criminal’s account. Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for criminals – as much as $81 million.
“We continue to see cybercriminals evolving to the changing technology landscape, and attackers will find new ways to use existing malware families,” continued Dr. Oliver. “Cybercriminals will target low hanging fruit in Australian and New Zealand organisations exploiting business processes which have not been updated to account for the ubiquitous nature of today’s internet.”
Highlights from the 2017 predications report include:
- The number of new ransomware families is predicted to plateau, only growing 25 percent, but will branch out into IoT devices and non-desktop computing terminals, like PoS systems or ATMs
- Vendors will not secure IoT and IIoT devices in time to prevent denial of service and other attacks
- New vulnerabilities will continue to be discovered in Apple and Adobe, which will then be added to exploit kits
- With 46 percent of the world’s population now connected to the internet, the rise in cyber-propaganda will continue as new world leaders are appointed, potentially influencing public opinion with inaccurate information
- As seen in the Bangladesh Bank attack early in 2016, BPC attacks can allow cybercriminals to alter business processes and gain significant profits, and BEC attacks will continue to be useful to extort businesses via unsuspecting employees
- The European Union’s General Data Protection Regulation (GDPR) will force policy and administrative changes across the globe that will greatly impact costs and require organisations to conduct complete reviews of data processes to ensure compliance
- New targeted attack methods will focus on evading modern detection techniques to allow threat actors to target different organisations
To learn more about Trend Micro’s 2016 threat predictions, visit: http://www.trendmicro.com.au/vinfo/au/security/research-and-analysis/predictions/2017.
About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses and governments provide layered security for data centres, cloud environments, networks and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defence with centralised visibility and control, enabling better, faster protection. With more than 5,000 employees in more than 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organisations to secure their journey to the cloud. For more information, visit www.trendmicro.com.au / www.trendmicro.co.nz