2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises. A 752 percent increase in new ransomware families ultimately resulted in $1 billion in losses for enterprises worldwide, according to Trend Micro.
Monthly number of ransomware families added
Trend Micro and the Zero Day Initiative (ZDI) discovered 765 vulnerabilities in 2016. Of these, 678 were brought to ZDI through their bug bounty program, then ZDI verifies and discloses the issue to the affected vendor. Compared to vulnerabilities discovered by Trend Micro and ZDI in 2015, Apple saw a 145 percent increase in vulnerabilities, while Microsoft bugs decreased by 47 percent.
The use of new vulnerabilities in exploit kits dropped by 71 percent, which is partially due to the arrest of the threat actors behind Angler that took place in June 2016.
Trend Micro and ZDI discovered vulnerabilities 2015 versus 2016
“As threats have diversified and grown in sophistication, cybercriminals have moved on from primarily targeting individuals to focusing on where the money is: enterprises,” said Ed Cabrera, chief cybersecurity officer for Trend Micro. “Throughout 2016 we witnessed threat actors extort companies and organizations for the sake of profitability and we don’t anticipate this trend slowing down. This research aims to educate enterprises on the threat tactics actively being used to compromise their data, and help companies adopt strategies to stay one step ahead and protect against potential attacks.”
In 2016, the Trend Micro Smart Protection Network blocked more than 81 billion threats for the entire year, which is a 56 percent increase from 2015. In the second half of 2016, more than 3,000 attacks per second were blocked for customers. During this time, 75 billion of blocked attempts were email based, illustrating that email remains the top entry point for threats.