Cybercriminals set to extort money as firms comply with new EU laws

Bengaluru, Feb 21: As businesses try to comply with new European Union privacy laws that come into force this year, they are set to face increased ransomware, cryptocurrency mining and business email compromise (BEC) extortion attacks, a report said on Wednesday.

Cybercriminals will try to extort money from enterprises by first determining the General Data Protection Regulation (GDPR) penalty that could result from an attack, and then demanding a ransom of slightly less than that fine, which CEOs might opt to pay, said the report from global cybersecurity leader Trend Micro.

ATM attacks, BEC and targeted attacks were some of the stealthier security challenges faced by enterprises in 2017.

"With more people using online transactions, there has been a growth in the number of hackers. We have seen an increase in those vulnerabilities being announced and lot of them getting compromised," Nilesh Jain, Vice President, South East Asia and India, Trend Micro, said in a statement.

"Major outbreaks that caused global infections made headlines well into the year, proving that ransomware was still a burdensome threat for individuals and enterprises," he added.

The GDPR regulation by the European Parliament comes into force on May 25 this year.

The new report, titled "The Paradox of Cyberthreats", revealed a 32 per cent increase in new ransomware families from 2016 to 2017.

It also highlighted a doubling of BEC attempts between the first and second half of 2017 and soaring rates of cryptocurrency mining malware, peaking at 100,000 detections in October last year.

"The report reveals a threat landscape, with cybercriminals increasingly finding they're able to gain more -- whether it's money or data or reputation damage -- by strategically targeting companies' most valuable assets," added Jon Clay, Director of Global Threat Communications for Trend Micro.

"Businesses need a cross-generational security solution that uses a blend of proven security protections with the best new defences to mitigate risk effectively," he added.

Vulnerable IoT devices are also a major security risk across several trending threats.

Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed.