752% Increase in Ransomware
Growth of Ransomware – Throughout the course of 12 months, the number of ransomware families grew from 29 to 247. One leading factor to explain this increase is the profitability of ransomware. Although individuals and organizations are encouraged not to pay the ransom, cybercriminals still managed to rake in roughly $1 billion last year.
BEC Scams on the Rise – Much like ransomware, BEC scams proved to be incredibly lucrative for cybercriminals, resulting in an average of $140,000 in losses for companies around the globe. These scams also highlighted the effectiveness of social engineering techniques for threat actors targeting enterprises.
A Variety of Vulnerabilities – Trend Micro and the Zero Day Initiative (ZDI) discovered a record high number of vulnerabilities in 2016, most of which were found in Adobe Acrobat Reader DC and Advantech’s WebAccess. Both applications are widely used throughout enterprise and Supervisory Control and Data Acquisition (SCADA) systems.
Angler Exploit’s Exit – Following the arrest of 50 cybercriminals, the once dominant Angler exploit kit slowly faded out of the spotlight until it ceased to exist. While it didn’t take long for new exploit kits to burst onto the scene in Angler’s absence, by the end of 2016, the amount of vulnerabilities included in exploit kits had decreased by 71 percent.
Banking Trojans and ATM Malware – Cybercriminals have been using ATM malware, skimming cards and banking Trojans for a while now. However, the attacks have diversified in recent years, giving threat actors access to personally identifiable information (PII) and credentials, which can also be used to gain a foothold inside enterprise networks.
Mirai’s Massive Attack – In October 2016, attackers took advantage of poorly secured IoT devices to issue a distributed denial-of-service (DDoS) attack that hijacked approximately 100,000 IoT devices and forced websites such as Twitter, Reddit and Spotify to go offline for several hours.
Yahoo’s History Making Data Breach – Yahoo experienced the largest data breach in history in August 2013, compromising 1 billion account users’ information. However, the incident was not disclosed until three months after reports of a separate data breach in September 2016, which involved 500 million more accounts. These events stirred up the responsible disclosure conversation and the accountability companies have to their customers regarding the security of user data.