Tag Archives: malware

Black Hat: Traditional AV is Dead, Long Live XGen Machine Learning

Today’s IT security bosses are assailed from all sides by a huge variety of online threats. They’re designed to exploit known and unknown vulnerabilities across cloud, mobile, virtual and hybrid environments. And increasingly, they’re developed to outwit traditional signature-based tools. Yet the impact of these threats has never been greater. Data breaches and service outages can lead to heavy industry fines, damage to the brand, lost customers, remediation and clean-up costs, and even heft legal bills.

That’s why we have developed a new statistical-based approach designed to learn as it goes to detect modern unknown threats. This XGen approach was revealed at Black Hat today by senior researcher, Marco Balduzzi. Continue reading

FBI Ransomware Warning Should Be a Wake-up Call for UK CISOs

by Simon Edwards

Late last week the FBI was forced to make yet another public service announcement on the growing ransomware epidemic. In it, the Bureau pleaded with businesses to report infections, so that the authorities can get a better idea of the scale of the problem they’re facing. It also warned that cybercriminals are increasingly targeting business servers in the hope of infecting more machines and extracting a greater ransom from their victims.

This tells us two things: that the authorities still haven’t got a handle on the problem facing citizens and businesses, and that organisations are failing to put in place layered security to lock down risk across multiple threat vectors. We address both in a new report out this week. Continue reading

With Ransomware and BEC Soaring, it’s Time to Take Control of Email Security

by Bharat Mistry

Sometimes being right is a double-edged sword when it comes to cybersecurity. Trend Micro predicted late last year that 2016 would be the year of online extortion. And lo and behold, over halfway into 2016, ransomware is breaking all records: we discovered 79 new families in the first six months of this year alone; a 172% year-on-year increase. That’s no comfort, of course, to the countless organisations around the world that have suffered at the hands of the online extortionists. Meanwhile, Business Email Compromise (BEC) scams have already netted cybercriminals an estimated $3 billion in profits.

The latest figures from Trend Micro tell us organisations in EMEA are most at risk globally from ransomware. Together with whaling (BEC) attacks, they represent a major challenge for IT security leaders and one that needs to be addressed with urgency. For those looking for some inspiration, the upcoming CLOUDSEC conference in London will offer the perfect opportunity to learn best practice in this space. Continue reading

Promoting the Layered Defence Response to Ransomware at the Cyber Security Summit

by Simon Edwards

It’s hard to avoid stories warning of the growing ransomware epidemic these days. Yet some IT security leaders are still being caught off-guard. It emerged last week, for example, that an astonishing 30% of councils in England had been hit by a ransomware attack last year. And one suffered an incredible 13 attacks in just 12 months. There’s clearly a need for industry leaders both to raise awareness of the issue and promote a strategy to mitigate the worst effects of this near-ubiquitous threat.

That’s why Trend Micro will be promoting its layered protection message at the Cyber Security Summit in London tomorrow, Wednesday 22nd June 2016. While it can lead to serious repercussions, ransomware can be stopped if organisations follow some basic security best practices and a policy of defence-in-depth.

A bad start to 2016
Ransomware has snowballed in popularity over the past 12-24 months, mainly because cybercriminals have realised it’s a relatively cheap and easy way of making money. Why bother investing time and money in more complex scams if you can force organisations into paying up by simply encrypting their most important data, so it is effectively unusable? It’s a strategy that has reaped huge financial rewards. The FBI reckons ransomware netted the black hats $209 million in the first three months of 2016 alone.

Once infected, many organisations feel they have little choice but to pay up – although there are decryption tools available for some variants, from Trend Micro and other providers. With mission critical data made unavailable, staff productivity grinds to a halt and essential services are disrupted. There’s not only the financial hit of the ‘fee’ for the decryption key to consider, but the money lost in downtime, damaged reputation and even potential legal costs down the line.

Fighting back
The best way to hit back against ransomware is to take preventative steps to avoid ever getting infected. The key to this is a layered approach to security which stops the malware at every possible infection point. This is important as cybercriminals increasingly look beyond targeting users via web and email channels to other parts of the IT infrastructure including the network and servers. We’re also starting to see ransomware bundled with other capabilities – for example, CryptXXX was updated to include data stealing functionality.

Trend Micro recommends IT security managers look at installing security at these layers:

Web and email gateway: Lock down 99% of ransomware threats with protection at this layer to prevent your employees ever being exposed to malicious attachments, URLs etc…

Endpoint: Combine the above with endpoint security with vulnerability shielding, behavioural monitoring, app whitelisting and more

Network: Visibility is key to protecting against ransomware, and could even help stop a broader attack where ransomware is only one element. Ensure you can scan across all network traffic, ports and protocols, and implement advanced sandbox analysis

Server: Virtual patching at this layer will shield server from exploits of software flaws that could be used to inject ransomware

Trend Micro Global CTO Raimund Genes will be on hand at the Cyber Security Summit in London on Wednesday to share these and more tips on how to stay safe from one of 2016’s biggest security threats.

He’ll also explain how basics steps like network segmentation, regular data back-ups, user education, effective patch management and more can help to lock risk down even further. There’ll be other Trend Micro experts at the show on hand to discuss how we can help insulate your organisation from attack by offering industry-leading solutions at every layer of the security stack.

So come down to the show and look out for our stand.

Where: Cyber Security Summit, ETC Venues, 43/44 Crutched Friars, London
When: 22/06/2016; Raimund’s speaking slot at 11.40-12.20