Author Archives: Trend Micro UK

Trend Micro Predictions are on the Money with New Attack Group

by Bharat Mistry

Cyber-attacks are happening all the time. In fact, the one certainty CISOs should have today is that their organisation has either already been compromised, or it will be breached at some point in the future. But many of the most dangerous attacks are the ones designed to slip under the radar unnoticed — in many ways the opposite of your typical ransomware outage. This week, one of these sophisticated attack campaigns was revealed: a gang targeting US and Russian banks as well as a UK financial software provider. It’s already netted $10m (£7.5m) for the hackers, who are still at large. Continue reading

The Biggest Cyber Attacks of 2018 Will Come from Known Vulnerabilities

by Bharat Mistry

It’s that time of year again. As we bid farewell to 2017 and look forward to the next 12 months, it’s only right that we share our predictions for 2018 to help IT security bosses prepare for the inevitable cyber-assault on their systems. Our report, Paradigm Shifts: Security Predictions for 2018, features a range of trends to watch out for during the coming year, including: a continued growth in cyber-propaganda; BEC losses to exceed $9m; new IoT threats; and an uptick in digital extortion campaigns.

But to pull back a little and look at the bigger picture, one trend in particular will dominate: known vulnerabilities are set to cause havoc in 2018 as the primary cause of most of the year’s biggest attacks. The good news is that mitigating this risk should not require a major additional investment of time and resources — but it needs to start now.

The problem with vulnerabilities
Anyone with an eye on the past 12 months will understand why known software flaws could be so disruptive in 2018. After all, they caused the biggest security events of the past year. Exhibit A is undoubtedly WannaCry: the infamous ransomware-worm attack which spread around the world in just hours, infecting hundreds of thousands of computers. In this case those behind it used alleged NSA exploit information leaked by the Shadow Brokers group, which it is claimed is backed by the Russian state.

It’s proof if any were needed that even nation states can’t keep research on offensive cyber-tools a secret. Eventually they will find their way onto the cybercrime underground, putting innocent consumers and organisations around the world in danger. In the case of WannaCry it was the NSA’s EternalBlue Windows SMB exploit that was used to make the threat so prolific. It had been patched months earlier by Microsoft, but still managed to spread to a huge range of unprotected endpoints, highlighting organisations’ continued negligence when it comes to security best practices.

There are many potential repercussions. We can expect nation state groups like Pawn Storm to continue their exploitation of known vulnerabilities — as well as more sophisticated zero days — to infiltrate targets. Data theft is usually the outcome in these instances, while among financially motivated cybercrime gangs we can expect software flaws to be exploited in ransomware attacks as well as info-stealing raids.

Who knows what vulnerabilities may be exposed and used over the coming 12 months. All we know is that once flaws become public knowledge, the clock starts ticking: from then it’s just a matter of “when” not “if” it will hit users. The signs aren’t looking good: Trend Micro’s Zero Day Initiative uncovered 382 new vulnerabilities in the first half of 2017 alone, according to our Midyear Security Roundup.

Taking action
The bottom line is that if you have known and unpatched vulnerabilities in your IT environment, they will be targeted — it’s just a matter of time. Yet many IT leaders managing legacy systems either can’t patch — because none are available — or are reluctant to apply fixes in case they break mission critical installations. But there are solutions:

  • Consider reducing the attack surface by minimising the number of unpatched flaws in your environment. Virtual patching is a great way of keeping even legacy and “end-of-life” systems secure
  • Revisit patch management policies and invest in automated tools to ease the burden
  • Be prepared for a worst-case scenario. Ensure you have a comprehensive and thoroughly tested incident response plan in place. This should ideally include key stakeholders from all over the organisation (HR, Legal, IT etc). The quicker you get on top of an incident, the better your chances of minimising the financial and reputational fall-out.

Read our full list of predictions for 2018 in the report. Have any predictions of your own for 2018? Share them with us on Twitter @TrendMicroUK.

 

Western Europe Exposed: Raising Awareness About Potentially Vulnerable Cyber Assets

by Bharat Mistry

If effective cybersecurity is all about minimizing risk, one of the first things you should check is whether your IT assets are exposed to the public internet. If they are — and have insufficient security controls safeguarding them — your organization could be at risk of data theft, system compromise, fraud, privacy leaks and much more. That’s why Trend Micro has followed up on its popular US Cities Exposed report earlier this year with a new study of Western Europe.

Unfortunately, the results were not dissimilar: we found millions of devices in the region’s 10 major cities were potentially exposed to hackers. That’s bad news, especially with strict new EU data protection laws set to land in May 2018. Continue reading

You Can’t Outsource Accountability: Uber Breach Highlights Firms’ Cloud Security Responsibilities

by Bharat Mistry

Consumers and cybersecurity professionals around the world have been stunned by Uber’s revelation that it paid hackers $100,000 to delete data on 57 million users stolen last year. There are many strands to the case, and more details are likely to emerge over time. But fundamentally it highlights the need for firms to secure their cloud environments as rigorously as anything on premise.

With the EU GDPR promising huge fines for firms that fail to suitably protect customer data, companies must realise that when it comes to the cloud, you simply can’t outsource accountability. Continue reading