author photo
By Bruce Sussman
Fri | Mar 9, 2018 | 5:18 AM PST

The SecureWorld team just finished reading the latest Trend Micro report, and it's the type of threat landscape information, in plain English, you'll want to share with your leadership team.

Entitled "2017 Annual Security Roundup: The Paradox of Cyberthreats," the report deals in facts from Trend Micro's respected research team: ransomware's bigger outbreaks, BEC scams still thriving, crypto-related cybercrimes shooting up like a rocket. 

But we did have to wonder about the title. Why are cyberthreats a paradox? And what surprised the research team the most?

Here is a quick Q&A about that, and more, as we go behind the scenes of the report with Jon Clay, the company's Director of Global Threat Communications.

[SW] Your report cites a "paradox of cyberthreats." What do you mean by this?

[Clay] Cybercriminals are becoming smarter in their approach to attacks. We’ve seen a general spray-and-pray approach to a wide range of attacks over the years, but that is starting to fade as adversaries have found they're able to gain more, whether it's money or data or reputation damage, by strategically targeting a company’s most valuable assets.

[SW] What two or three things surprised the Trend Micro team the most about this year's findings?

[Clay] The increase in cryptocurrency mining efforts by the cybercriminals as a means to extract profit from the exponential increase in currency values.

And certainly the increase in Zero-Day vulnerabilities which are those that a vendor has chosen not to patch prior to the public disclosure. This worries our team because many threat actors are speeding up the time to exploit a new vulnerability as well as using new vulnerabilities in attacks against organizations. We understand the patch requirements can be difficult for an organization to deal with, but it is something that we need every organization that develops code to manage better in the future.

This is especially true of those vendors who proved SCADA/ICS as these are regularly used in critical infrastructure where we also saw an increase in zero-day vulnerabilities.

[SW] BEC threats are way up, but there's more awareness on this topic than ever. So what is happening here?

[Clay] The threat actors have recognized that they can obtain a very good ROI using the BEC attack vector. As such, we're seeing more actors using this threat in their attacks, but we're also seeing them use the supplier swindle and the W-2 scams which are two types of BEC attacks. All of this is causing an increase in the number of attacks against organizations around the world.

[SW] We often say in the SecureWorld newsroom that "It's all about the crypto." You touched on this earlier, but can you give more detail on ways your report finds cryptocurrency is driving cybercrime?

[Clay] Two areas of crypto are being exploited by threat actors. Crypto-ransomware is continuing to be used as a means of obtaining quick income by encrypting key files or applications within an organization. We're also seeing big movements in cryptocurrency mining activity in an effort to capitalize on the increase in these currency values. Many attacks now contain some type of malicious miner code as part of the attack sequence.

[SW] You found some vulnerabilities that are 5-8 years old still being well used. What makes this possible?

[Clay] Many organizations around the world are still using older operating systems and/or applications that have not been patched or cannot be patched. As a result, these older vulnerabilities are still able to infect an organization's network.

We also see a lot of devices that use embedded operating systems that are not being upgraded to the newer OS as they simply still work well and there appears to be no compelling reason to deal with the cost and resources needed to do this upgrade.

Lastly, the Conficker worm is self-propagating (both on premise and over the internet), and as such, unless you can eradicate every single instance of this malware, it will continue to try and spread itself.

[SW] What trends did you detect in your research around ransomware?

[Clay] 2017 saw an increase in the overall number of new families and variants, which we expected due to the popularity of this threat among the cybercriminals and their undergrounds. However, we also noted a decrease in the sheer number of ransomware detections among our customers. We attribute this decrease to the shift in how cybercriminals are targeting victims.

The mass spam attacks have shifted to more targeted lists of users and organizations with an emphasis on targeting those organizations and industries who may pay a higher ransom for their data.

We also saw that while email and web are still the dominant means of propagating ransomware, network worms using exploits emerged as a legitimate and effective method of infecting a large number of organizations.


Thanks to Jon Clay for taking some time to go behind the scenes on Trend Micro's 2017 Annual Security Roundup: The Paradox of Cyberthreats.