The year in security started out with the discovery of serious vulnerabilities in the hardware level, a revelation that eroded the implicit trust the industry had on the bedrock of modern computing: microprocessors. In other parts of the security landscape, this might as well have been a signal of what was to come.
The traditional assumptions or indicators about what, where, and how security risks can enter the network have never been as unreliable as seen in recent concurrent developments: the shift from attention-getting ransomware to the more subtle but incrementally damaging cryptocurrency miners; the continued emergence of “fileless” threats; the escalation of financial losses suffered from deceptively simple business email compromise (BEC) scams; and even the realization that router attack payloads have progressed beyond distributed denialof-service
(DDoS) attacks. While the usual entry points of these threats — email, vulnerabilities, malicious websites — have been mostly taken for granted, the direct and subsequent repercussions from their successful exploitation are very real.
In this midyear report, TrendMicro has tracked the tendency of security risks to emerge from aspects of computing that are often overlooked and show how costly they can be especially for enterprises and SCADA/ICS systems.