GDPR Extortion Warning as Cyber-Criminals Get Smart in 2018

The forthcoming GDPR could offer cyber-criminals new opportunities to extort money from their victims, according to Trend Micro.

The security vendor claimed that we could see hackers breach a company and then threaten to go public unless paid off – first determining the possible GDPR penalty and then demanding a ransom slightly less, which bosses are more likely to pay.

The warning was made as part of the vendor’s 2017 roundup report, The Paradox of Cyberthreats, which claimed that hackers are increasingly abandoning exploit kits and spray-and-pray tactics in favor of more strategic attacks.

“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cyber-criminals increasingly finding they’re able to gain more – whether it’s money or data or reputation damage – by strategically targeting companies’ most valuable assets,” said Jon Clay, Trend Micro’s director of global threat communications.

“It confirms our view that there is no silver bullet when it comes to the sheer range of cyber-threats facing organizations.”

The report revealed a 32% increase in new ransomware families between 2016 and 2017, a doubling of BEC attempts between the first and second half of 2017 and a sharp increase in cryptocurrency mining malware, peaking at 100,000 detections in October.

Vulnerable IoT devices represented a major opportunity for crypto-currency mining last year.

Trend Micro observed more than 45.6 million mining events during 2017, representing nearly half (49%) of all IoT events it recorded.

As for 2018, the firm predicted that BEC losses will reach $8bn this year, IoT devices will increasingly be targeted for enterprise data rather than conduct outbound attacks and the impact of data breaches will be worse than ever before for companies processing EU data.

What’s Hot on Infosecurity Magazine?