The first half of the year saw a continued surge in ransomware, Business Email Compromise (BEC) and other threats, with Trend Micro blocking over 38 billion during the period, it claimed in a new report.
The security giant’s Smart Protection Network stopped a total of 38.5 billion threats in 1H 2017, according to its 2017 Midyear Security Roundup: The Cost of Compromise.
It claimed to have detected over 82 million ransomware threats globally during the period, which was notable for widespread chaos caused by the WannaCry and NotPetya ransomware campaigns.
Also very much on the radar still are BEC scams: the vendor claimed to have detected over 3,000 such threats during the first half of 2017.
The FBI claimed back in May that between October 2013 and December 2016 the scams have netted cyber-criminals over $5.3bn worldwide.
According to Trend Micro data it’s the CEO’s name that’s most frequently spoofed to con recipients into transferring large sums of money out of the corporate bank account; used in 42% of attacks spotted in the first half of 2017.
Next came the managing director or director (23%), followed by president (7%).
In terms of the roles directly targeted by the scammers, the CFO unsurprisingly came top (19%), followed by director of finance (7%) and finance manager (6%), although the vast majority (57%) came from various unnamed roles, presumably lower down the rung.
Trend Micro claimed cyber-criminals are also using keylogger malware and HTML pages in phishing emails to try and improve their chances of success.
The Trend Micro Zero Day Initiative (ZDI) publicly disclosed 382 vulnerabilities in the first half of the year.
Although the number present in products from Adobe (92) and PDF software firm Foxit (50) were higher than during the second half of 2016, Microsoft, Apple and Google all saw a decrease.
However, Trend Micro warned that even old bugs could come back to bite organizations if they’re not patched; as happened during the WannaCry campaign, which exploited a patched Microsoft Windows SMB flaw.
Trend Micro principal security strategist, Bharat Mistry, explained that regular patching, backing up and keeping AV up-to-date are classic best practices that can still have a significant impact in making firms more secure.
“The other aspect to focus on is the human element and by their very nature humans are not perfect. People we can’t patch, but here education does help, although you can only go so far to upskill your staff to defend against a trained professional whose only job it is to get in,” he told Infosecurity.
“So, you should think about a layered defence approach that covers both human and technology factors and be comfortable that they are substantially reducing your risk.”