by Bharat Mistry
One of the biggest factors in Trend Micro’s success over the past three decades has been our commitment to research and development. A global team of over 1,200 TrendLabs threat researchers and a cloud-based Smart Protection Network which analyses 100TB+ of data each day give us a major advantage in offering the best protection possible to our customers and ensuring we’re always anticipating the next evolution of the threat landscape. That’s why we were able to block over 20 billion threats in the first half of 2018.
But beyond the headline stats of our midyear security roundup report, there’s a more subtle change going on in the way attacks are being crafted, with cyber-criminals increasingly favouring covert over “spray-and-pay” campaigns. This is the kind of insight you can expect at our CLOUDSEC show in London next week.
Under the radar
That propensity to drive revenue by flying largely under the radar can be seen in one key stat: crypto-currency mining malware detections jumped a staggering 956% from 1H 2017 to the first half of this year. In many ways crypto-jacking is the perfect crime for financially motivated attackers. Unlike ransomware it’s all about staying hidden, with infected machines conscripted into botnets to make money for the criminals by mining for crypto-currency. If a user or corporate victim finds out, then all the botnet herder needs to do is go out and infect some more hosts. No interaction is needed to coerce payment from the victim.
On a similar theme, we observed a growth in the use of fileless threats, macros, and malware with small file sizes over the period. These techniques are being used to circumvent traditional security filters and stay hidden. One particular small file malware, TinyPOS, saw a 250% increase in detections since 2H 2017.
That’s not to say that attention-grabbing ransomware has completely lost its appeal. However, growth in new detections slowed massively to just 3% between 2H 2017 and the first half of the year, versus 88% growth over the previous 12 months. It seems like organisations are finally getting the message about multi-layered protection and “3-2-1 back-ups” and the hackers are changing their strategies accordingly.
Also of note is the increasing number of SCADA vulnerabilities disclosed via our Zero Day Initiative (ZDI) – 30% more than the previous half year and almost double the number published in the same period last year. With the NIS Directive mandating strict controls over such environments and bad actors increasingly probing industrial operations, it’s vital that security managers address any new vulnerabilities as soon as patches are available. Virtual patching can help in keeping systems protected in the meantime: this is especially important, as the average time for vendors in this space to resolve an issue is 150 days.
If you’re looking for more insight into these and the other trends shaping our industry, why not come along to Trend Micro’s annual CLOUDSEC event in London next week? CLOUDSEC brings together some of the leading lights in law enforcement, academia, and industry to debate the key issues of the day.
With this year’s theme “mind over machine” there will be plenty of discussion around the potential of AI to transform both the cybersecurity industry and the cybercrime economy. But there will also be insight from senior FBI, Europol and NCSC representatives, as well as others from AWS, Microsoft, Google, IBM, VMware, Capgemini, Accenture and, of course, Trend Micro.
If you want an opportunity to hear from these world-renowned experts and network with peers, do get in touch today as places are limited. After a record attendance last year we’re expecting another fantastic day next Tuesday.
What: CLOUDSEC 2018
When: Tuesday 4 September
Where: Park Plaza Westminster Bridge, London