Business email compromise (BEC) and business email spoofing (BES) accounted for $5 billion (£3.7 billion) in losses around the world between October 2013 and December 2016, a new report has revealed.
The 2017 State of Cybercrime report by security firm Secureworks found that these were some of the biggest cyber threats to businesses, with resulting losses increasing by a huge 2,370 per cent between January 2015 and December 2016. Secureworks said this was according to figures released by the FBI.
Ransomware is also a growing threat, found the report. It continues to prove cyber criminals with a high return on investment. Secureworks said that in 2016 alone, 200 new ransomware variants were seen, which was a 122 per cent increase from the year before.
A threat to both businesses and individuals is banking malware. The report revealed that this “can be bespoke, designed to target specific institutions with a specific purpose”. This malware is often capable of stealing all forms of personal information, as well as banking credentials from victims.
Organised cyber criminal groups facilitate large-scale fraud around the world using banking trojans and malware. The attacks can range from highly-targeted intrusion activities mounted against high-value targets to massive banking trojan botnets, which achieve mass distribution.
Mobile malware is another significant threat, according to the report. It is particularly concerning for businesses allowing their employees to use their own devices for work purposes. This form of cybercrime is expected to see continued growth, with information theft and spying capabilities becoming widely available.
The report explained that large-scale attacks could be completely devastating to individuals and corporate phone communications, while small-scale spyware infections could provide huge amounts of personal information to attackers.
Secureworks researchers said they “identified several instances of malware for sale that are advertised as being capable of spying on all functions of an Android phone, encrypting files on the device and demanding payment”.
The new report highlights the need for businesses to take their cybersecurity seriously and to invest in appropriate methods of protecting mobile devices connected to their networks, including mobile device management.