Ransomware detections dropped by almost half, but the threat is only getting worse, says Trend Micro
Rather than indicating ransomware was a passing fad, the decrease in attack volume shows that attackers are starting to become more opportunistic and smarter about picking targets.
Trend Micro has released a midyear cybersecurity report that makes two interesting claims: First, that ransomware numbers decreased by almost half in H1 2021 compared to H1 2020; and second, that the number of newly reported vulnerabilities decreased, with a particularly large dip in the number of critical flaws being reported.
Don’t let that fool you into complacency: Unlike the 1H 2021 drop in COVID-themed phishing attacks that Trend Micro noticed, the dips mentioned above don’t indicate that anything has run its course; instead, it indicates changing tactics.
SEE: Security incident response policy (TechRepublic Premium)
In the case of vulnerabilities, the drop in reports showed a disconnect with the number of vulnerabilities being exploited in the wild. The first six months of 2021, Trend Micro said, “were marked with significant vulnerability exploitation incidents, such as the ProxyLogon attacks,” which was the key exploit behind the Microsoft Exchange server attacks. In addition, Trend Micro noted, Windows and Linux both continue to be plagued by known and new vulnerabilities.
Exploit news isn’t the biggest scare to come out of the midyear report: Ransomware news should be the big concern, and precisely because the number of attacks are decreasing. That decrease, Trend Micro said, is because “attackers are moving from the opportunistic and quantity-focused model to more targeted modern ransomware methods and big-game hunting.”
Trend Micro divides ransomware into two varieties in the report: Premodern and modern ransomware, both of which it said were among the top 10 most detected threats in the first half of 2021. Premodern ransomware is the type that drops the malicious code directly from an email or bad URL, while modern ransomware uses phishing and other exploits to drop ransomware directly onto a machine or network that has been compromised. As an example, Trend Micro cites WannaCry as premodern and ransomware like DarkSide, REvil and Nefilim as modern variants.
Popular ransomware targets in the first half of 2021 included banking, government, manufacturing, healthcare, food and beverage, education, tech, finance, telecom and retail sectors.
Ransomware: Still not the most-detected threat
If ransomware actors are to be feared because they’re beginning to get smarter about targeting, then cryptocurrency mining malware is the threat because of its sheer volume. In the first half of 2021, cryptomining malware, which mines cryptocurrency using computing resources it has infected without notifying the user, replaced WannaCry as the most prevalent threat family on the internet.
“Cybercriminals continue to raise the stakes for the enterprises and organizations that they target, as they launch attacks from all angles,” Trend Micro said. How does an organization protect itself from attacks coming from all angles?
“Considering the different types of malicious threats and the number of active cybercriminal groups, it is vital that organizations establish a robust and multilayered security system. Now more than ever, siloed tools and single layers of protection that only cover parts of the overall infrastructure are not a sufficient defense against the advanced cybercriminal campaigns being launched,” Trend Micro concluded in the report.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
For IT, “optimal security solutions should provide indicators and analytics that give IT security teams a comprehensive view of risks to their organization’s system without inundating them with mountains of alerts and unnecessary data,” the report said.
Don’t forget to include employees on security training either, Trend Micro warns. “Ordinary users are critical parts of the security posture, as they are often used to gain deeper access into organizations. [They] should be educated on current social engineering tactics, as staying informed and alert on the latest threats will help close that entry point for attackers.”