Tag Archives: enterprise security

Latest Sextortion Campaign Highlights Impact of Poor Corporate Security

by Bharat Mistry

The UK’s national fraud and cybercrime reporting centre is warning UK netizens of a new sextortion campaign in which the attackers threaten to publish an intimate webcam video of their victims. They make the threat more realistic by including a genuine password that the victim has used in the past. While user education is the most effective way to counter this kind of opportunistic digital blackmail, the case highlights yet again the potential downstream impact of corporate breaches.

By improving enterprise security standards across the board and migrating away from password-based systems, organisations can not only reduce data breach costs but also the knock-on effects of PII compromise that may haunt customers for years.

A new take
Online extortion is nothing new, in fact it’s what has made ransomware such a popular money-maker for cyber-criminals. But this campaign is slightly different in that it includes the victim’s password in the subject line. Action Fraud claimed to have contacted several of the 110+ victims who reported the unsolicited scam email and they confirmed the credential to be recent. It’s more than likely that they were bought on a dark web site, after originally being stolen from an online provider.

Having grabbed the recipient’s attention by posting the valid password, the extorter then claims to have recorded a webcam video of the individual watching pornography, and to have used malware to harvest all of their social media contacts. Users are required to pay $2,900 in Bitcoin within 24 hours.

The email concludes:

“If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.”

What can we learn?
Action Fraud is quite rightly urging netizens not to panic, not to pay up and to always respond to any unsolicited message like this critically. It also pays to cover up your webcam, just in case. While this sextortion campaign is clearly a scam, previous ones have used malware to genuinely record individuals via their webcams. In fact, it was estimated in 2016 that thousands of Brits are likely caught out by such attacks each year, with at least four suicides linked to the trend.

But pulling back even further, this particular scam campaign is made possible in part via breached credentials. One could argue that if organisations worked harder to secure customer data in the first place, as the GDPR demands, there would be fewer opportunities for follow-on blackmail and fraud. That means choosing a trusted partner to provide security at every layer of your infrastructure, from endpoint to web/email gateway, network and server. Trend Micro’s cross-generational blend of cyber-defence tools is optimised to offer protection where you need it most from the huge range of modern threats.

Best practice security today also dictates moving away from static password-based systems for your employees and customers and towards multi-factor authentication. With no passwords to steal, breaches become harder to carry out and the resulting impact on users diminishes.

Scams like this one are just the tip of the iceberg and we could see an escalation in similar blackmail attempts using breached PII as a highly effective social engineering tactic. The GDPR should be your guide here. Only with improved security processes backed up with state-of-the-art technologies can organisations minimise opportunities for the cyber-criminals and reduce the risk of long-term post-breach brand damage.

A New EU Cyber Force Highlights the Power of Strategic Alliances

by Bharat Mistry

Several EU members states have just resolved to develop a new cyber-response force to help mitigate the threat posed by online attacks in the future. It’s another very promising step towards a more joined approach to cybersecurity at a trans-national level. But let’s not also forget the importance of public-private partnerships here, to ensure that those governments avail themselves of the best resources and intelligence available from leading private sector cybersecurity companies. Continue reading

Trend Micro a Leader in Forrester Wave Endpoint Security Report

The results are in from another independent analyst report and it’s great news for Trend Micro’s endpoint security. We achieved the highest score possible for the “strategy” category, were top ranked for “current offering” category, and among the second-highest scores in the market presence category, according to The Forrester Wave™: Endpoint Security Suites, Q2 2018[1] report. In our view, it’s yet more confirmation that we’re offering superior protection around: optimized security to decrease complexity on the endpoint and inspire confidence among our customers.

A market leader
Organizations today want to simplify their endpoint security by consolidating on vendors they trust — vendors that have the tools to tackle modern cyber-threats. That’s exactly what Trend Micro offers and what we believe the findings point to with consistent market leadership and the value of our XGen™ approach.

All in all, “Trend Micro continues to offer the most flexible and fully featured suite on the market.”1

Better than ‘next gen’
It’s especially gratifying to contrast our best-in-class capabilities with the marketing of many ‘next generation’ vendors, who try to convince customers they can only improve protection by adding their security tools to the endpoint. This is in direct contrast to what organizations actually want and need — greater simplicity and consolidation to improve performance.

In short, Trend Micro is offering enterprises just what they need today — as we believe is evidenced with our current offering score — and has the strategic vision to evolve these capabilities successfully over time.

In our view, the report is testament to the value of our XGen™ approach to security, which blends a cross-generational mix of techniques to offer the most comprehensive suite out there — way beyond what’s on offer from next generation and legacy AV vendors. Per Forrester, “Customers give the product high marks for its malware and exploit prevention efficacy, with a low negative impact on endpoint user experience.”1 This is another beneficial impact of XGen™, which allows us to apply the right protection technique at the right time to minimize user disruption.

Coming just a few months after the company named a Leader in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms (EPP), we’re delighted at yet more independent confirmation of our status as a leader, which we believe demonstrates Trend Micro can deliver results over next-gen vendors and legacy AV solution vendors alike.

[1] The Forrester Wave™: Endpoint Security Suites, Q2 2018, Forrester Research, Inc., June 21, 2018.

Global BEC Disruption is Welcome, But Don’t Forget Email Security

by Bharat Mistry

This week the FBI announced a major international law enforcement operation spanning six months which resulted in scores of arrests and serious disruption to several Business Email Compromise (BEC) campaigns. At Trend Micro we welcome any efforts designed to make it harder for the black hats to make money from their illicit schemes. But we can’t rely on law enforcement alone.

Organisations must also get proactive by improving staff training and education and ensuring they have the kind of email protection capabilities which can spot and block BEC scams. Continue reading