Tag Archives: cybercrime

The Zero Day Initiative: Working Hard to Secure the Connected World

by Jay Coley

Trend Micro’s Zero Day Initiative (ZDI) has for 15 years been promoting coordinated vulnerability disclosure through what is now the world’s largest vendor-agnostic bug bounty program. Much of this work goes on behind the scenes, with little fanfare. But it’s vital work nonetheless in helping to secure the connected world, whilst providing early protection for Trend Micro/TippingPoint customers.

A case in point was Microsoft’s silent patching of two ZDI-discovered bugs this week.

Behind the scenes
Discovered by ZDI’s Abdul-Aziz Hariri, the two vulnerabilities exist in the way that the Microsoft Windows Codecs Library handles objects in memory. If exploited, CVE-2020-1425 would allow an attacker to obtain information to further compromise a system, while CVE-2020-1457 could allow an attacker to execute arbitrary code.

It’s rare that patches are silently deployed by Microsoft like this to its customers, but that shouldn’t detract from the hard work of ZDI researchers here. In fact, ZDI was the number one external supplier of vulnerabilities to Microsoft last year, accounting for 38% of publicly discovered Microsoft flaws.

Why ZDI?
Why is this important? Because without programs like ZDI which advocate responsible disclosure, grey and black market trading of vulnerabilities would proliferate, resulting in less secure products and more exposed customers.

Vulnerability exploits are a vital pre-requisite of many cyber-attacks today. By galvanising the research community and incentivising responsible disclosure, the ZDI can help to make the digital world a safer place. Not only that, but we can also provide early protection for Trend Micro and TippingPoint customers. In this case, our customers were safe for over three months, before vendor patches were issued.

Charting the changes in cybercrime over the past five years

by Bharat Mistry

The cybercrime economy is one of the runaway success stories of the 21st century — at least, for those who participate in it. Estimates claim it could be worth over $1trillion annually, more than the GDP of many countries. Part of that success is due to its ability to evolve and shift as the threat landscape changes. Trend Micro has been profiling the underground cybercrime community for several years. And over the past five, we’ve seen a major shift to new platforms, communications channels, products and services, as trust on the dark web erodes and new market demands emerge.

Unfortunately, we expect the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities. 

Continue reading

Industry report points to major cloud security challenges

by Bharat Mistry

For the past 12 years, Verizon has been publishing its Data Breach Investigations Report (DBIR). Whilst not the final word on the threat landscape, it always offers some interesting insight into current trends — this year distilled from over 32,000 analysed “incidents” and nearly 4,000 breaches worldwide. That’s why it was interesting to note the uptick in cloud-based threats stemming from external malice and insider error revealed in this year’s report.

The good news is that Trend Micro helps global organisations mitigate both types of cyber-risk; providing peace-of-mind to support employee productivity in a current climate of mass remote working.

Continue reading

Introducing a new UK spokeswoman to offer customer-focused insight

Ask any successful CEO what their secret is and the answer will probably be the same: “listening to our customers.” The problem is that, too often, organisations lose that connection with the people and organisations that use their products. They end up giving end-users what they think they want instead of what they actually need. In cybersecurity, where the market moves at lightning speed in response to a rapidly evolving threat landscape, this is commonplace. It can also be fatal for a vendor.

That’s why we’re delighted to welcome our latest member of the Trend Micro UK team: Kiran Khokhar. We are looking forward to having Kiran join our team of spokespeople, as she understands exactly what customers are going through. This is because she used to be one.

Continue reading