According to the Japanese IT security provider Trend Micro, the new variants include "business email compromise", which targets the business emails of important company employees. Business process compromise, i.e. the hijacking or modification of entire business processes, is also a trend. The experts' security predictions in detail:

Blackmail software

According to Trend Micro, last year was the year of cyber extortion. The security experts believe this is due to several factors: The attacks combine different distribution methods and unbreakable encryption with massive threats. "Ransomware-as-a-Service" - a business model in which operators rent out their infrastructure to cyber criminals - also brought non-technical people into the business. Last but not least, hackers were able to create their own versions of ransomware code after it was published. All of this led to an 851 percent increase in ransomware families between January and September 2016, according to Trend Micro. After peaking in 2016, a period of stabilization is now following: for 2017, the researchers expect a 25 percent increase, i.e. 15 new families per month.

They see the same trend for mobile devices as for desktops, as the number of mobile users is high enough to be a profitable target. ATMs, point-of-sale systems and other computing terminals will also be affected. The situation is different for smart devices: At present, it is not yet worth taking them "hostage", according to the security provider. The reason: it is cheaper for the affected party to replace a hacked smart light bulb than to pay a ransom.

Cyber criminals will cause greater damage with ransomware in industrial environments and attacks against the Industrial Internet of Things (IIoT). This is because more ransom money can be extorted by threatening to shut down a production line or manipulate the parameters of a system, such as the temperature.

IoT devices and DDoS attacks, IIoT systems and targeted attacks

In 2016, the "Mirai DDoS attack", which used thousands of unsecured webcams to disconnect large websites from the internet, caused a stir. According to Trend Micro, it was the harbinger of more cyberattacks on the Internet of Things and its central infrastructure. Security experts fear that cyber criminals could use individual networked vehicles for highly targeted attacks and open routers for massive DDoS attacks. IoT botnets could theoretically multiply DDoS attacks and cause greater damage. Trend Micro assumes that providers will not react to this in time.

Another prediction is that as the Internet of Things becomes more prevalent in manufacturing and other industrial environments, as well as the energy sector, attackers will increase the effectiveness of their "BlackEnergy"-like attacks. Combined with the sharp increase in system vulnerabilities in SCADA systems, the shift to the Industrial Internet of Things (IIoT) will bring unforeseeable threats and risks to businesses and consumers.

BEC attacks

The aim of so-called "Business Email Compromise" (BEC) is to hack an email account or trick an employee into transferring money to the hacker's account. Cyber criminals are targeting finance departments worldwide. Several aspects make the attacks "attractive". Firstly, there is the ease of use: there is nothing unusual about the attacks - except perhaps the fact that the best way to create a credible email for the victim has to be scouted out. However, this can often be accomplished with the help of a sophisticated search query. This type of attack is also cost-effective because it does not require a complicated infrastructure. Trend Micro puts the average earnings from a successful BEC attack at 140,000 US dollars, with the estimated total loss over the past two years amounting to 3 billion US dollars. By comparison, the average income from ransomware attacks is 722 US dollars and can rise to 30,000 US dollars if a company network is affected.

The specialists at Trend Micro assume that the quick profit will make this method of extortion popular, especially as it is difficult to detect - because no malicious code is included - and because the mills of cross-border jurisdiction grind slowly: For example, it took over two years for a Nigerian who had defrauded several companies since 2014 to be arrested.

BPC attacks

The attack on the Bangladesh Bank account at the U.S. Federal Reserve Bank of New York caused a loss of over 80 million US dollars. Unlike "Business Email Compromise", where the danger lies in human error, this heist was based on the criminals' deep understanding of how large financial transactions work. Trend Micro calls this category of attack "Business Process Compromise" (BPC). It will primarily affect finance departments, but not exclusively. Other possible scenarios include the hacking of order or payment systems. Cyber criminals can also hack into a delivery center and redirect valuable goods to other addresses. There has already been a similar case: in 2013, the delivery container system at the port of Antwerp was hacked. And why the effort? A comparison of the "earning opportunities" shows the reasons: Ransomware attacks on corporate networks 20,000 US dollars, BEC 140,000 US dollars and BPC 81 million US dollars.

Security vulnerabilities at Adobe and Apple

In 2016, Adobe overtook Microsoft for the first time in terms of the number of security vulnerabilities discovered. 135 of the published vulnerabilities affected 135 Adobe solutions and 76 affected 76 Microsoft solutions. For Apple, it was the year with the most security vulnerabilities: 50 were disclosed by November 2016 - up from 25 in 2015. According to Trend Micro, these developments have to do with the fact that Microsoft's PC sales have declined in recent years in favor of smartphones and tablets - but that Microsoft's improvements in terms of security have also driven cybercriminals to look for alternatives.

Targeted cyber propaganda

In 2016, almost half of the world's population (46%) has access to the internet, whether via traditional computers, smartphones or internet cafés. As a result, more and more people can access information quickly and easily - regardless of source and credibility - and influence public opinion. According to Trend Micro, the lack of verification of whether information is credible, together with overzealous users who want to convince others of their own beliefs, contributes to the widespread dissemination of fake content. This makes it even harder to distinguish between fact and fake.

Trend Micro illustrates the power of social media and online information sources when it comes to political decisions: WikiLeaks was used for propaganda during the 2016 US presidential election, when incriminating material was leaked a week before the election. While constantly monitoring the cybercriminal underground, the security researchers came across so-called script kiddies who advertised their income through fake election-related messages. They claimed to have earned around 20 US dollars a month by redirecting Internet traffic to prefabricated content about the presidential candidates. "Cyber agents" were even paid to post propaganda material on social media.

Additional workload due to EU General Data Protection Regulation

From May 25, 2018, the EU General Data Protection Regulation, which has already come into force, will be directly applicable. Companies that fail to comply will then have to pay fines of up to 4% of their turnover. Not only the EU member states are affected, but also organizations worldwide that collect, process and store personal data of EU citizens. According to Trend Micro, the associated changes in guidelines and business processes will lead to considerable additional administrative costs. Among other things, a "Data Protection Officer" (DPO) will be mandatory, which means that a new invoice item (for hiring, training and the position of an appropriately trained employee) will appear in the company's expenses.

In addition, users must be informed of their new rights - and companies must ensure that users are able to exercise their rights. The realization that EU citizens own their personal data and that collected data is at best only "on loan", which stems from the individual's fundamental right to informational self-determination, will influence all data-related work processes.

New tactics for targeted attacks

The first campaigns for targeted attacks were documented ten years ago. Since then, cybercriminals have become much more sophisticated, while network infrastructures have remained largely the same. According to Trend Micro, this learning curve is producing methods that are primarily designed to circumvent most of the modern security technologies of recent years.

Cybercriminals will increasingly look to sandbox detection to see if unknown files are being pushed into a sandbox. They will even attack and "flood" sandboxes. The term 'sandbox' refers to a technique for executing software within a special runtime environment, i.e. one that is isolated from other system resources. In principle, the technology can be compared to self-contained containers in which software can be executed without affecting other system resources.