Category Archives: Research

Layered Defence To Combat a ‘Brotherhood’ of Cyber-Criminals

by Bharat Mistry

Over the past 28 years, Trend Micro has led the industry in trying to better understand those who seek to do us and our customers harm. After all, how can we begin to build effective threat prevention if we don’t know what we’re trying to protect against? The latest of our in-depth reports into regional cybercrime underground markets focuses on the Middle East North Africa (MENA) region, and reveals some surprising findings. This is a cybercrime underground united in its goals with members keen to share and help each other; making it particularly dangerous for targets in the West.

That’s bad news for all of us as local MENA players move beyond DDoS and web defacement activity to more nefarious attacks. Against this backdrop, layered security becomes an essential mitigation strategy. Continue reading

An Elaborate ATM Threat Crops Up: Network-based ATM Malware Attacks

by David Sancho and Numaan Huq (Trend Micro Forward-Looking Threat Research Team), Massimiliano Michenzi (Europol EC3)

Infecting automated teller machines (ATMs) with malware is nothing new. It’s concerning, yes. But new? Not really. We’ve been seeing physical attacks against ATMs since 2009. By physical, we mean opening the target machine’s casing, accessing the motherboard and connecting USB drives or CD-ROMs in order to infect the operating system. Once infected, the ATM is at the attackers’ mercy, which normally means that they are able to empty the money cassettes and walk away with fully loaded wallets. In 2016, we released a joint paper with Europol’s European Cybercrime Centre (EC3) that discussed the shift from physical to digital means of emptying an ATM and described the different ATM malware families that had been seen in the wild by then. Continue reading

Why Defence in Depth Should be Key for All CISOs Heading into 2017

by Bharat Mistry

The evolution of the threat landscape is a tricky thing to predict. After all, the nation states, cybercrime gangs and lone hacktivists we track always have the advantage of surprise. Just a few days ago we learnt of yet another new ransomware threat, for example. This one, dubbed “Popcorn Time”, even tries to lure victims into spreading the malware themselves, in return for a decryption key. It’s yet another example of the kind of black hat ingenuity we outline in our new 2017 predictions report, The Next Tier.

As attackers continue to evolve and hone their skills, the UK’s IT leaders must look towards a multi-layered combination of security tools to effectively mitigate risk on the endpoint.

Tip of the iceberg
Popcorn Time is just the tip of the iceberg. As Trend Micro predicts in the new report, new varieties of ransomware are likely to grow by 25% next year as cybercriminals look to target their wares at new systems and sectors. Those in heavy industry might find themselves particularly exposed as attackers realise they’re more likely to pay a significant sum to get mission critical production equipment back online. Even ATM and POS systems could be a target for similar reasons.

There will certainly be no shortage of vulnerabilities to exploit. But you may be surprised at their origin. As PC shipments decline and Microsoft gets better at securing its software, expect Apple and Adobe vulnerabilities to accelerate faster than newly discovered bugs in the Redmond giant’s systems. In fact, 2016 saw Adobe already outpace Microsoft on this front, while Apple had its biggest year to date in terms of the number of bugs found in its products. Vulnerability shielding as part of multi-layered protection is the best way to guard against zero day and unpatched flaws..

There’s also likely to be a great deal of innovation next year right at the top of the black hat evolutionary ladder – targeted attacks. New and unexpected techniques could stretch organisations to the limit unless they plan carefully. Hackers will scan for sandbox use in a bid to circumvent these next generation filters, and virtual machine (VM) escape bugs will become highly prized on the cybercrime underground for similar reasons.

Defence in depth
The key is not to rely on one or even a small handful of technologies. There isn’t a product on the planet that can stop everything the black hats can throw at us. That’s why it pays to invest in multiple layers of defence. These should range from web and email gateway protection, web reputation and app whitelisting to behaviour and integrity monitoring. The beauty of this approach is that if a threat manages to slip past one layer of protection it should eventually be blocked by another.

That’s what our XGen approach is all about – combining multiple layers of cross-generational threat protection to provide the best possible chance of deflecting attack. Sitting right at the top is high fidelity machine learning designed to extract and analyse a file’s characteristics before and during its execution. This helps to reduce false positives and improve accuracy.

As we head into 2017, this is the best chance organisations have of effectively managing cybersecurity risk.

 

 

With Ransomware and BEC Soaring, it’s Time to Take Control of Email Security

by Bharat Mistry

Sometimes being right is a double-edged sword when it comes to cybersecurity. Trend Micro predicted late last year that 2016 would be the year of online extortion. And lo and behold, over halfway into 2016, ransomware is breaking all records: we discovered 79 new families in the first six months of this year alone; a 172% year-on-year increase. That’s no comfort, of course, to the countless organisations around the world that have suffered at the hands of the online extortionists. Meanwhile, Business Email Compromise (BEC) scams have already netted cybercriminals an estimated $3 billion in profits.

The latest figures from Trend Micro tell us organisations in EMEA are most at risk globally from ransomware. Together with whaling (BEC) attacks, they represent a major challenge for IT security leaders and one that needs to be addressed with urgency. For those looking for some inspiration, the upcoming CLOUDSEC conference in London will offer the perfect opportunity to learn best practice in this space. Continue reading