Trend Micro midyear 2017 security report reveals Australia received third highest number of malware detections globally

Security review highlights the need for Australian organisations to increase security investment

Trend Micro has released its 2017 Midyear Security Roundup: The Cost of Compromise report, highlighting that in addition to facing increased ransomware, Business Email Compromise (BEC) scams and Internet of Things (IoT) attacks, businesses now also need to contend with the threat of cyberpropaganda.

Trend Micro detected more than 82 million ransomware threats in the first half of the year, of which APAC received over a third (33.77 per cent) of total attacks. The first half of 2017 also demonstrates that business email compromise (BEC) is still one of the top threats that enterprises should look out for, particularly in Australia, claiming more than a quarter (27.4 per cent) of all BEC attacks in the first half of 2017. The Federal Bureau of Investigation[1] reports that global losses attributed to BEC scams have reached US$5.3 billion since 2013.

“The first half of 2017 undeniably saw cyberattacks becoming more diverse and sophisticated, with as many as 28 new ransomware families identified each month. Although businesses are more aware of the economic and reputational impact, cybercriminals are continuously evolving to outsmart enterprise,” said Dr. Jon Oliver, senior security architect, Trend Micro.

“The Internet of Things (IoT) ecosystem continues to develop, with cybercriminals taking over routers to launch attacks on smart devices. The attacks on IoT devices can have real world consequences. For example, earlier this year we saw the WannaCry ransomware disable speed and red-light cameras,” said Dr. Oliver.

Furthermore, Trend Micro’s recent CLOUDSEC Sydney 2017 survey also revealed there may be a discrepancy in how businesses perceive IoT, with more than one third (35 per cent) of respondents believing that their business is not impacted and/or IoT is hyped and the risks are being exaggerated.

The Security Roundup Report highlights for Australia include:

  • Australia received the third highest number of malware detections in the first half of 2017 (behind US and Japan)
  • More than 16M malicious URLs exposed to in Australia
  • More than a quarter of all BEC attacks occurred in Australia

Despite the rising percentage of security spending in IT budgets, a recent analyst report by Forrester[2] notes that funds are not properly being allocated to address the growing threats facing enterprises today.

“Enterprises need to prioritise funds for effective security upfront, as the cost of a breach is frequently more than a company’s budget can sustain,” said Max Cheng, chief information officer of Trend Micro. “Major cyberattacks against enterprises globally have continued to be a hot-button topic this year, and this trend is likely to continue through the remainder of 2017. It’s integral to the continued success of organisations to stop thinking of digital security as merely protecting information, but instead as an investment in the company’s future, brand and reputation.”

In April and June, the WannaCry and Petya ransomware attacks disrupted thousands of companies across multiple industries world-wide, with major infections in Australia, Russia, Ukraine and Taiwan and the United States. The global losses from the attack, including the resultant reduction in productivity and cost of damage control, could amount to as much as US$4 billion. In addition, BEC scams raised the total of global losses to US$5.3 billion during the first half of 2017, according to the Federal Bureau of Investigation (FBI).

As predicted, January through June experienced a rise in IoT attacks, as well as the spread of cyberpropaganda. In collaboration with Politecnico di Milano (POLIMI), Trend Micro showed it is possible for industrial robots to be compromised, that could amount to massive financial damage and productivity loss, proving that smart factories can ill-afford to dismiss the importance of securing these connected devices. There was also an increased abuse of social media with the rise of cyberpropaganda.

Given the tools available in underground markets, the spread of Fake News, or bad publicity, will cause serious financial ramifications for businesses whose reputation and brand equity is damaged by cyberpropaganda.

Trend Micro XGen security provides proactive protection and guidance for companies facing these pressing and growing threats with a cross-generational approach to threat defense. The threats that have manifested throughout the beginning of 2017 are only a fraction of what is likely to come. Cybercriminals are getting smarter with their attacks every day and companies should be prepared by having the appropriate budgets and solutions in place.

To read the complete report, please visit: https://www.trendmicro.com/vinfo/au/security/research-and-analysis/threat-reports/roundup/the-cost-of-compromise

About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centres, cloud environments, networks and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralised visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organisations to secure their journey to the cloud.  For more information, visit www.trendmicro.com.au

[1] Federal Bureau of Investigation Internet Crime Complaint Center (IC3). (4 May 2017). Public Service Announcement – Federal Bureau of Investigation. “Business E-mail Compromise E-mail Account Compromise The 5 Billion Dollar Scam.” Last accessed on 3 August 2017 at https://www.ic3.gov/media/2017/170504.aspx.

[2] Jeff Pollard, Security Budgets 2017: Increases Help But Remain Reactionary, Benchmarks: The S&R Practice Playbook (Forrester, 2016).