Thousands of security threats happen every five minutes: Trend Micro VP
In just five minutes, files on a company's network can be encrypted and beyond its reach, according to Rik Ferguson, vice president of Security Research at Trend Micro.
Trend Micro has seen a lot of development around ransomware capabilities targeting businesses rather than consumers, Ferguson said during his keynote speech at Cloudsec Australia 2016 in Sydney on Thursday, with 1,800 new threats released out into the wild every five minutes.
Latest Australian news
Additionally, he said that more than 800,000 people are exposed to malicious URLs, exploit kits, phishing websites, malware, spam, and threats every five minutes, with almost 7,000 records on average being exposed in the same timeframe.
"Just so we can measure the speed of things, the fastest trains today ... can reach top speed of about 450km/h. That means in five minutes, you can travel close to 40 kilometres. That's an incredible distance to be able to go in a very, very short period of time," Ferguson pointed out.
"It gives you an idea of really how short that time is. In five minutes, [aside from] propelling you across the surface of the earth, it can also result in a number of other things.
"If you were hit by a crypto ransomware attack, within five minutes, all of the files on your computer or the files, god forbid, on all of the computers on your network ... can be encrypted and beyond your reach unless you paid criminals some money."
Ferguson said that universities, corporations, individuals, and healthcare organisations are all being targeted by ransomware that is being developed with specific capabilities to target enterprise.
"Ransomware used to be a consumer thing that would go after your computer, your things, and encrypt all that knowing that if you wanted to get all the files back, you were going to pay the ransom," he said.
"Over the course of the last calendar year, we saw 29 new families of ransomware, which was already a huge jump on the 13 in the year before that. In the first half of this year, we've already seen 79 new families of ransomware, which is a massive increase."
He said that criminals are investing time, money, and expertise into creating new tools, tool kits, and delivery mechanisms to get ransomware out there, because "this stuff pays dividends".
"One of the Trend Micro competitors out there, a startup, is offering a ransomware guarantee -- but their guarantee is not you'll never get hit by it; it's that if you do get hit by it, they'll pay the ransom for you. That's a cybersecurity company offering to give money to criminals," he said.
Over the last few years, Trend Micro has also seen an uptake in what Ferguson called business email compromise, or CEO fraud, which he said is a basic scam that pays criminals a lot of money.
"It's really simple. It's a criminal doing the research upfront, identifying the target organisation, looking at who fulfills which role, and then sending a fake email into that company or compromising a mailbox that belongs to an employee of that company," he said.
"[The criminals] target an email of the right victim, quite often the CFO or someone responsible in the finance department of the business, with requests from a known colleague to pay outstanding money or wire transfer money to a third-party supplier, often abroad, who is fictitious."
He said this practice has been hugely successful, with $2.3 billion lost to CEO compromise or fraud between 2013 and 2015, with an estimated 79 different countries being affected.
"A certain Australian government department, local council, lost over AU$200,000 to this scam by paying fake invoices. That's AU$200,000 of your money, I guess, at the end of the day," he said.
"Australia is not immune. You have the -- I don't know if it's the good fortune or the misfortune -- to speak one of the most simplest and widespread languages on the planet, and it's the most-targeted language when it comes to cybercrime globally."
Aside from being a VP with Trend Micro, Ferguson is also special adviser to Europol, project lead with the International Cyber Security Prevention Alliance, vice chair of the Centre for Strategic Cyber Security and Security Science, and an advisor to various UK government technology forums.
Also speaking at Cloudsec Australia 2016, Timothy Wallach, Supervisory Special Agent Cyber Taskforce with the FBI, said the two most significant increases the FBI has seen over the last couple of years has been ransonware or extortion, and business email compromise.
"This is probably the reason why we are seeing a decrease in the number of records stolen, because these schemes are much easier to monetise than compromising a network, stealing information, getting it to the dark web, and eventually on an online market," he said.
When it comes to consumer ransomware, Wallach said the requested amount is somewhat affordable, at around $450 to $500. However, this is a lot different in an enterprise environment, as the ransom is usually based on the number of endpoints or the servers that are compromised.
"If an organisation has 30,000 endpoints in its network and potentially that many endpoints have been struck with ransomware, it's generally 30,000 times one bitcoin," he said.
"The FBI does not recommend paying your ransom. That's a business decision an organisation has to make.
"When organisations pay ransom, they're involved in the criminal activity. It's encouraging the scheme to continue."
Additionally, Wallach highlighted that paying a ransom does not always mean that you are left with a clean system, or that everything an organisation had initially lost has been recovered.
"Whatever infected your organisation in the first place is still there," he said. "What we do recommend is prevention, business continuity, and remediation."