Fighting Back Against State-Sponsored Hacking of AV Tools

by Raimund Genes

It’s never been easy taking the fight to the cybercriminals. Over the past few years we’ve seen our online adversaries become ever more determined, better resourced and adept at sidestepping whatever roadblocks we try to put in their path. But even given the soaring volume and increasing sophistication of threats today we’ve become pretty good at protecting our customers. Unfortunately, recent revelations over state-sponsored attempts to hack security companies have shown that we’re now also facing another foe much closer to home.

That’s’ why Trend Micro has signed up to a new voluntary performance standard for IT security products. In these turbulent times, it’ll hopefully give our European customers that extra reassurance they need that Trend Micro products have not been hacked or tampered with, and continue to provide the highest levels of protection.

Undermining the industry
We all know the threat landscape is shifting and evolving all the time – bringing with it new risks which IT managers must continually appraise and mitigate to the best of their ability. But few would have believed even a few years ago that intelligence agencies in the UK and US were prepared to reverse engineer security products in order to prevent the detection of their own cyber espionage activities.

Yet that’s what’s happened, if yet more documents released by NSA whistleblower Edward Snowden are to be believed. Not only this, but agents also appear to have been trying to monitor, identify and possible attack customers via the security software they use, and monitor AV employees’ emails for mention of new vulnerabilities they could exploit.

It doesn’t take a genius to work out the effect of such revelations on the AV industry as a whole, and the countless individuals and organisations out there that rely on our products to keep them safe.

Rebuilding trust
So today, the fight back begins. The non-profit European Group for Independent Computer Anti Virus Research (EICAR) this week launched a new Minimum Standard for Anti-Malware Products. Trend Micro was at the event and fully supports EICAR’s efforts to enhance consumer trust in security products through this voluntary standard. Starting with the anti-malware category, they’ll help to establish those basic requirements which customers should expect from the products they buy.

At the bare minimum all EICAR-compliant products and services should :

  • Comply with data protection regulations
  • Offer product and feature transparency to users
  • Provide assurance that they have not been manipulated

Trend Micro is proud to be a part of this initiative, and signed up – along with several of our counterparts – with the declaration that there are no backdoors in our products. There’s a long way to go still before we fully develop and implement standardised testing and compliance requirements, but it’s a start.

As the threat landscape becomes ever more crowded and opaque, EICAR provides a great opportunity for those like Trend Micro who’ve signed up to offer reassurance to customers that they’re safe with us.

Leave a Reply

Your email address will not be published. Required fields are marked *