Vulnerabilities / Threats

7/20/2017
12:00 PM
100%
0%

BEC Attacks Far More Lucrative than Ransomware over Past 3 Years

BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.

Despite all the recent attention paid to ransomware, cybercriminals walked away with $5.3 billion from business email compromise (BEC) attacks compared with $1 billion for ransomware over a three-year stretch, according to Cisco's 2017 Midyear Cybersecurity Report released today. 

Cybercriminals are increasingly taking a practical approach to their pilfering, going for the fastest method that they can steal a buck, or in this case, billions, says Steve Martino, Cisco's chief information security officer. "What we are looking at is the continual commercialization of cyberattacks," Martino says, pointing out that is a major theme in the report.

Ransomware exploits take time to develop before any financial gain is realized for cyberthieves, compared to crafting a phishing attack or blasting out spam of which 8% is found to be malicious, notes Martino. BEC attacks are less time-consuming to wage.

In addition, ransomware Bitcoin fees are often lower-dollar figures.

Spam volume peaked towards the end of the year and has since tapered off a bit this year, the report found.

Exploit kits have sharply declined, according to the report. In the February to March period last year, 5,799 exploit kits were blocked. But in May, that figure has since plummeted to under 1,000 exploit kits blocked.

 [Source: Cisco 2017 Midyear Cybersecurity Report]

 

Malware Evolution

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

Fileless malware is popping up, which lives in memory and deletes itself once a device restarts, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymized and decentralized infrastructures, such as Tor proxy services, to hid command and control activities.

Meanwhile, three families of spyware ran rampant, with Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker affecting more than 20% of the 300 companies in the sample for the report.

Ironically, however, many companies and organizations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Franc Artes, Cisco's Security Business Group architect. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

Schooling Users on BEC, Ransomware

Cisco's Martino says targeted cybersecurity education for employees can help prevent users from falling for BEC and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected, Martino says.

"I believe in educating the right people on the matters that mean the most to them. I don't believe in sitting everyone down for 45 minutes to run through the same cybersecurity awareness training," Martino says.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks similar to WannaCry surfaces, the impact can be minimized. "People focus on new technology, but forget about patching and maintaining the infrastructure," Martino observed.

And a balanced defensive and offensive posture, with not just firewalls and antivirus but also including measures to hunt down possible attacks through data collection and analysis, he adds.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6970
PUBLISHED: 2018-08-13
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privil...
CVE-2018-14781
PUBLISHED: 2018-08-13
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolu...
CVE-2018-15123
PUBLISHED: 2018-08-13
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
CVE-2018-15124
PUBLISHED: 2018-08-13
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-15125
PUBLISHED: 2018-08-13
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.