The cyber threat landscape has evolved and businesses are lagging behind in efforts to face the challenge head on, according to research released by IT security specialists and strategists including Fortinet, Intel Security and CheckPoint South Africa.

Threat reports detail how innovations (including IoT and the cloud computing), a global shortage of cybersecurity talent and regulatory pressures, as well as the difficulty in identifying ransomware and malware, have heightened the cyber security threat to businesses.

Derek Manky, global security strategist at Fortinet, says "the expanding attack surface enabled by technology innovations such as cloud computing and IoT devices, a global shortage of cybersecurity talent, and regulatory pressures continue to be significant drivers of cyber threats."

He adds, "The pace of these changes is unprecedented, resulting in a critical tipping point as the impact of cyber attacks are felt well beyond their intended victims in personal, political, and business consequences. Going forward, the need for accountability at multiple levels is urgent and real affecting vendors, governments, and consumers alike. Without swift action, there is a real risk of disrupting the progress of the global digital economy."

Intel Security's McAfee Labs Threats Report: December 2016 details how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible.

The December report also details the growth of ransomware, mobile malware, macro malware, Mac OS malware, and other threats in Q3 2016.

"One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives," said Vincent Weafer, Vice President of Intel Security's McAfee Labs. "The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox aware, the need to conceal malicious activity is driving a trend toward 'Trojanising' legitimate applications. Such developments place an ever greater workload on an organisation's SOC—where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress."

2016: The Year of Ransomware?

According to McAfee Labs through the end of Q3, the number of new ransomware samples this year totalled 3,860,603, leading to an increase of 80% in total ransomware samples since the beginning of the year.

Beyond the leap in volume, ransomware exhibited notable technical advances in 2016, including partial or full disk encryption, encryption of websites used by legitimate applications, anti-sandboxing, more sophisticated exploit kits for ransomware delivery, and more ransomware-as-a-service developments, the company explains.

"Last year we predicted that the incredible growth in ransomware attacks in 2015 would continue into 2016," Weafer said.

South Africa targeted

Check Point has revealed that South Africa was among the countries impacted by a 10% increase in ransomware attacks in November, using Locky and Cryptowall.

As a result, South Africa moved up the list of 117 most attacked countries – to number 31 in November, from 58 in October, the company said.

In its monthly Global Threat Index, a ranking of the most prevalent malware families attacking organisations' networks, Check Point found both the number of active malware families and number of attacks remained close to an all-time high as the number of attacks on business networks continued to be relentless.

Continuing a trend first detected in October, Locky ransomware continued to increase in prevalence, with a further 10% increase in the number of attacks using this family – a pattern that was mirrored by the fifth most common malware, Cryptowall.

Locky, which started its distribution in February 2016, spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).

"The year 2016 may indeed be remembered as 'the year of ransomware,' with both a huge jump in the number of ransomware attacks, a number of high profile attacks that generated wide media interest, and significant technical advances in this type of attack. On the other side of the ransomware attacks, greater cooperation between the security industry and law enforcement, and constructive collaboration between industry rivals truly began to deliver results in taking the fight to the criminals. As a result we expect the growth of ransomware attacks to slow in 2017," the company continues.