Category Archives: Cybercrime

Protecting the UK’s universities during the COVID crisis and beyond

by Lee Carass

The UK’s higher education sector is one of the country’s most prized assets. Its universities are among the world’s leading academic institutions and also play a major role in creating the skills, research and IP needed to drive the economy forward. But as major hubs of people and sensitive data, universities also represent a major target for attackers. 

Whether they’re aimed at causing damaging ransomware-related outages, tricking finance teams into wiring funds abroad, stealing staff and student data, or lifting sensitive research, these cyber-threats represent a serious financial and reputational risk to the sector. In a new era of COVID-19, where many universities will be expecting significantly reduced student numbers and income, there’s more pressure than ever to keep such threats at bay.

Continue reading

The Zero Day Initiative: Working Hard to Secure the Connected World

by Jay Coley

Trend Micro’s Zero Day Initiative (ZDI) has for 15 years been promoting coordinated vulnerability disclosure through what is now the world’s largest vendor-agnostic bug bounty program. Much of this work goes on behind the scenes, with little fanfare. But it’s vital work nonetheless in helping to secure the connected world, whilst providing early protection for Trend Micro/TippingPoint customers.

A case in point was Microsoft’s silent patching of two ZDI-discovered bugs this week.

Behind the scenes
Discovered by ZDI’s Abdul-Aziz Hariri, the two vulnerabilities exist in the way that the Microsoft Windows Codecs Library handles objects in memory. If exploited, CVE-2020-1425 would allow an attacker to obtain information to further compromise a system, while CVE-2020-1457 could allow an attacker to execute arbitrary code.

It’s rare that patches are silently deployed by Microsoft like this to its customers, but that shouldn’t detract from the hard work of ZDI researchers here. In fact, ZDI was the number one external supplier of vulnerabilities to Microsoft last year, accounting for 38% of publicly discovered Microsoft flaws.

Why ZDI?
Why is this important? Because without programs like ZDI which advocate responsible disclosure, grey and black market trading of vulnerabilities would proliferate, resulting in less secure products and more exposed customers.

Vulnerability exploits are a vital pre-requisite of many cyber-attacks today. By galvanising the research community and incentivising responsible disclosure, the ZDI can help to make the digital world a safer place. Not only that, but we can also provide early protection for Trend Micro and TippingPoint customers. In this case, our customers were safe for over three months, before vendor patches were issued.

Charting the changes in cybercrime over the past five years

by Bharat Mistry

The cybercrime economy is one of the runaway success stories of the 21st century — at least, for those who participate in it. Estimates claim it could be worth over $1trillion annually, more than the GDP of many countries. Part of that success is due to its ability to evolve and shift as the threat landscape changes. Trend Micro has been profiling the underground cybercrime community for several years. And over the past five, we’ve seen a major shift to new platforms, communications channels, products and services, as trust on the dark web erodes and new market demands emerge.

Unfortunately, we expect the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities. 

Continue reading

Supporting secure remote working for UK businesses during lockdown

By Joe Ashton

For organisations up and down the country, the past month has been a steep learning curve. The IT and security functions have never been more vital to ensuring business-as-usual, as hundreds or thousands of employees transition to remote working. Cyber-criminals have also been quick to adapt to the rapidly changing situation, making it crucial that CIOs and CISOs have the right tools, processes and policies in place to support productivity whilst managing risk effectively.

This is where Trend Micro has been able to offer its unique expertise as a trusted security partner.

Continue reading