Category Archives: Privacy

Sharing the latest in Global Threat Trends with CLOUDSEC

by Ross Baker

Over the past quarter of a century and more Trend Micro has been protecting individuals and organisations around the world from everything the black hats can throw at us. Over that time we’ve come to appreciate that the value we bring is not just in our global threat analyst teams; our award-winning products for endpoint, virtual, cloud and physical security; or our pioneering Smart Protection Network. It’s also in the alliances we form – from law enforcement to academia, to our peers in the security research community.

That’s why we’ve been hosting the CLOUDSEC security conference since 2011. It’s an event that brings together some of cyber security’s foremost practitioners and speakers to share best practices, and the latest industry trends. For the first time ever, it’s coming to London on the 17th September.

Threats, threats, threats
CLOUDSEC covers many of the hottest topics in cyber security today, including targeted attacks, data protection and privacy; Internet of Everything; cloud and virtual security; and critical national infrastructure threats. But cyber security is nothing without context, so attention is always paid to make sessions as relevant as possible.

Even just a cursory look at the IT security headlines over the past week or two will show you why CLOUDSEC is as relevant today as it was four years ago. There have been reports of major vulnerabilities in so-called “smart watches” – potentially increasing the cyber risk surface for organisations already struggling to manage BYOD. Then there was a damaging cyber attack against the US Census Bureau, for which activist group Anonymous claimed responsibility.

But perhaps the most widely reported breach of recent weeks was that hitting the parent company of infidelity site Ashley Madison. Reports are still emerging as to what happened, but attackers The Impact Group claim they have access to highly sensitive data on 37 million customers globally. If nothing else, the incident can tell us much about the limits of online data privacy in the 21st century, and the level of risk facing online businesses which store customer data.

What to expect
In fact, Communicating Cyber Risk to the Business is one of the sessions slated for CLOUDSEC in London in September, along with other presentations on cyber activism, organised crime, incident response and the Internet of Everything.

Expect a raft of world-renowned experts including Andy Archibald, head of the NCA’s National Cyber Crime Unit; PwC Legal’s global head of cyber security and data protection, Stewart Room; and FBI cyber task force supervisory special agent, Timothy Wallach. Also on hand, of course, will be our very own Trend Micro CTO Raimund Genes, and VP security research, Rik Ferguson.

We all know cyber security is a never-ending learning curve for IT professionals – so if you’re nearby on Thursday, 17 September, come down to CLOUDSEC in London to take another step on that journey.

More info:
Twitter: Follow @TrendMicroUK #CLOUDSEC2015



What we Can Learn from Yet Another Government Data Breach

by Ross Dyer

One of the curious side effects of working in the information security industry for any length of time is that, after a while, the same stories start coming round again and again. So it was last week when the government admitted that two discs full of data related to three highly sensitive police inquiries had got lost in the post. For those with long memories, the echoes of 2007 – when the personal details of 25 million Britons went missing in similar circumstances – are telling. So let’s remind ourselves again of the importance of good data handling practice and what we should all be doing to minimise the risk of a damaging breach. Continue reading

Minister Warns of Driverless Car Hacking? Let’s Address Legal Issues First

by Raimund Genes

Transport minister Claire Perry warned this week that hackers may look to disrupt driverless car systems in the future for political or economic ends. “The more we move to technologically assisted forms of transport, whether it’s smart motorways or driver assisted vehicles, there is also a risk of cyber hacking – so we are mindful of that,” she told the Commons transport committee. Continue reading

Who knows what Santa knows?

by Rik Ferguson

Screen Shot 2014-12-08 at 09.05.48Of course we all know that Father Christmas is out there, with his happy elves, keeping tabs on us throughout the year. In fact every year a considerable part of my time each day is spent going through my activities and making sure that nothing I have done will mean that I end up on Santa’s naughty list. I have to say, so far I appear to be doing quite well and each year, for all these years, there’s been a little something under the tree for me as well.

Unfortunately it’s not only Santa and his elves who are collecting your information there are plenty would use it for more nefarious ends. Maybe it’s worth clicking here to find out exactly what Santa knows about you…

There are several entry points available for cybercriminals into the interactive playground of social networking; fake or compromised profiles, malicious applications, malvertisements, cybersquatting, spam and phish masquerading as legitimate notifications from social networks, exploitation of vulnerabilities and direct messages just for starters. Victims are at risk of identity theft, fraud, infection or simply of becoming an attack platform to infect or defraud their own friends and colleagues.

The one thing that all of these attacks have in common though is the very thing that binds social networks together: trust. Because the attacks, messages and links come from friends or colleagues, they appear far more credible than the average Spam email from a stranger. Even the Koobface worm with its almost textbook standard Spam messages such as “You are veryy ggood at pposing to a spy cameera!” becomes that little bit more credible when it comes from someone you know.

Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks in some cases) of our personal lives in what is essentially a public forum, making the work of criminals such as carders and ID fraudsters far more simple. In fact I have seen social networking sites spoken about in underground carding forums as a “free date of birth look-up service” along with a wealth of tips on how best to exploit these kinds of platforms.

We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire “25 Things About Me” and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your “Porn Star Name” (first name = name of your first pet, family name = mother’s maiden name), isn’t that exactly the kind of information needed to reset your email account password, or access your financial data?

When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Scarlett Johansson, Jennifer Lawrence and many others.

  • Next time, before you hit “Post”, ask yourself this “If a stranger called me on the telephone asking for this information, would I tell them?” If the answer is “No”, then step away from the mouse.
  • Make sure you always pay attention to the permissions you grant to third party apps that you integrate into your social and mobile life.
  • Ensure that you are the only person who can answer your password reset questions and that those answers are never shared on social networks.
  • If you’re lucky enough to have kids of your own, then make sure you pass on the benefit of your online wisdom, after all, you wouldn’t send them out to cross the street alone without explaining the risks.

See what Santa knows about you here.Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.

Continue reading