Ransomware attacks up by three quarters, BEC attacks also up by half

News by Rene Millman

Ransomware attacks up 77%; BEC threats increase by 52% and a quarter of SMEs would collapse if unable to trade for a month due to a major attack - says new research

46 million threats were detected in the first half of 2019, compared to 26 million in the second half of 2018 reports Trend Micro’s latest Midyear Security Roundup, which monitored more than 26.8 billion cyber-threats across the globe in the first half of this year.

The report said that the number of emerging ransomware families is decreasing though, with WannaCry still reigning supreme throughout the first six month of this year. It added that cyber-criminals have focused more on multinationals, large enterprises, and even government organisations with ransomware attacks.

There have been some notable attacks, the report said. The LockerGoga ransomware, for example, hit a Norwegian manufacturing company and halted production in several of its plants in March, eventually resulting in over US$ 55 million (£45 million) in financial losses. And the city of Baltimore, Maryland, had incurred US$ 5.3 million  (£4.3 million) in recovery costs after its systems were infected with the RobbinHood ransomware in May.

Business Email Compromise (BEC) continued to thrive with attacks increasing by 52 percent from the second half of 2018. And as in the previous half-year, businesses in the US, Australia, and the UK encountered the most BEC attempts.

Cryptocurrency-mining malware was the most detected threat in the first half of 2019, but it has declined by 60 percent from the previous year, with 307,703 detections made in the first half of this year versus 787,146 in the same period in 2018. The report said that when analysing cryptocurrency-mining threats, they’re seen to have acquired some degree of maturity, with many of them using advanced hacking tools, modular malware, and intricate infection chains typically associated with targeted attacks or information theft campaigns.

The number of IoT threats has jumped by 63 percent year-on-year, with 589,770 router activities detected in H1 19 compared to H1 18. With the number of IoT devices in use set to reach 25 billion by 2021, the number of threats is only likely to increase.

The report noted that in a survey published in March, 50 percent of organisations already experienced an attack on their critical infrastructures in the past two years. And in 2019, malicious actors seemed to be assessing IIoT targets. The Xenotime hacking group, believed to be behind the Triton aka Trisis malware, was seen probing the industrial control systems (ICSs) of power grids in the US and Asia-Pacific region.

Another report, published by McAfee, chimed in with Trend Micro’s findings. Its  Labs Threats Report: August 2019 saw 504 new threats per minute in the first quarter 2019, with an 118 per cent increase in ransomware samples as cyber-criminals adopted new tactics and code innovations.  

McAfee researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns versus the traditional approach of setting up command-and-control (C2) servers. Authorities and private partners often hunt for C2 servers to obtain decryption keys and create evasion tools. Thus, the use of email services is perceived by threat actors to be a more anonymous method of conducting criminal business.

The Trend Micro repost said that the most active ransomware families of the quarter appeared to be Dharma (also known as Crysis), GandCrab and Ryuk. Other notable ransomware families of the quarter include Anatova, which was exposed by McAfee Advanced Threat Research before it had the opportunity to spread broadly, and Scarab, a persistent and prevalent ransomware family with regularly discovered new variants.

"After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach" said Christiaan Beek, McAfee lead scientist and senior principal engineer. "Paying ransoms supports cyber-criminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project."

A third report published today by insurance broker, risk management services and consulting firm Gallagher, found that 1.4 million SMEs in the UK were hit by a major attack or security incident last year, costing a combined £8.8 billion.

UK SMEs paid out an average £6,416.50 last year to deal with crisis incidents, according to research. 

In a poll of 1,120 UK SMEs, nearly a quarter (24 percent) confirmed they were affected by a crisis event last year, equating to 1.4 million across the country – a five percent increase from 2017. One in six (17 percent) of SMEs affected by a crisis spent £10,000 or more to combat crises, with nearly one in 10 (nine percent) paying out in excess of £20,000.

A quarter of SMEs (23 percent) said they would survive for less than a month if rendered unable to trade by a crisis incident. Based on these findings, the report estimates that nearly 57,000 UK SMEs could be at risk of collapse this year if unable to trade in the aftermath of a crisis event.

Paul Bassett, managing director of crisis management at Gallagher, said that the research illustrates the scale of the challenge facing UK SMEs. 

"When it comes to crises, cyber and IT security clearly represent a "soft underbelly" of businesses that together account for more than 99 percent of private sector firms. Given that the UK economy is heavily tilted towards services, cyber-attacks and data breaches evidently present a growing and grave threat to small and medium-sized businesses," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews