Tag Archives: Smart Protection Network

Trend Micro Named a Leader in 2016 Gartner Endpoint Protection Platforms Magic Quadrant

by Andrew Stevens

Today’s threat landscape has never been more volatile or dangerous. Given what’s at stake, it can be difficult for IT buyers to know which provider to turn to keep critical corporate data secure, their users’ endpoints and servers up and running, and compliance officers happy.

That’s where Gartner’s Magic Quadrant reports can help out – providing cyber security executives with info they can use to see some vendors with offerings in any given field. At Trend Micro, we’re delighted to have been recognized once again as a Leader in Endpoint Protection Platforms – and to have been positioned the furthest for completeness of vision in the leaders’ quadrant. Continue reading

Trend Micro to Acquire HP TippingPoint: What next-generation IPS and breach detection mean to you

by Bob Corson

Cyber adversaries aren’t paid to bypass the network. Instead, they want to obtain the “pot of gold” by finding, copying and monetising the data, intellectual property and sensitive communications that reside within your network. They accomplish this by researching, designing and executing purpose-built attacks that bypass traditional controls, repurposing internal networks to laterally move throughout an organisation. Continue reading

The Fightback Starts Here: Trend Micro and NCA Sign Crime-Busting MoU

by Raimund Genes

We’ve been protecting our customers around the world now for over 26 years – and doing it pretty well I think. But this is only one piece of the jigsaw. Unless we co-operate with law enforcement to disrupt cyber crime operations and put the ringleaders behind bars, we’re failing to get at the root cause of the problem. That’s why we’ve always been an active participant in any initiatives designed to foster greater collaboration of this sort.

And this is why we are delighted to announce the signing of a landmark Memorandum of Understanding (MoU) with the UK’s National Crime Agency (NCA) which will see us share information and work on entire cases together. Continue reading

Macro Malware: An Old Threat Returns to Deluge Enterprise Inboxes

by Bharat Mistry

The threat landscape moves so fast sometimes that if you blink you might miss it. It seems like only a few years ago we were worrying about how to keep spam off enterprise Exchange servers, and deflect mass mailer worms. Yet while it’s tempting for IT leaders to focus most of their efforts on the latest breaking trends in the information security world – specifically advanced persistent threats and targeted attacks today – there’s much more to the threat landscape than that.

We have noted a recent significant upsurge in macro malware. It’s an old technique but is threatening to cause a lot of new problems for UK organisations today.

What’s macro malware?
Macro attacks were big in the early 2000s. Similar to spear phishing seen as the first stage in a targeted attack, they usually arrive in the form of a malicious email attachment which the user is tricked into opening by social engineering techniques. Thus, the email is often spoofed so it appears to contain a sales invoice, wire transfer, received fax message or other content which might pique the victim’s curiosity. Unlike targeted attacks, where the hackers spend time crafting malware to exploit specific vulnerabilities or even zero day flaws, macro-based campaigns use more traditional malware.

After opening the document, the user is usually asked to enable macros on their machine in order to view it properly – and in so doing runs the macro malware. This in turn acts as a kind of gateway to download a final malicious payload.

How is it being used?
Trend Micro’s cloud based threat prevention system the Smart Protection Network has observed a sizeable uptick in macro-based attacks. Although we’ve seen macro malware beginning to appear again since last year, the volume really picked up in the first quarter of 2015. The most popular types spotted include W97M_MARKER, W2KM_DLOADR, W2KM_DOXMAL, W2KM_MONALIS and W2KM_BARTALEX.

An attack campaign using the latter recently featured a malicious Dropbox link in the spam email instead of an attachment. If the user enables macros as suggested by a fake pop-up they will end up running BARTALEX and that in turn will lead to a download of a variant of the DYRE banking malware. Other payloads spotted in recent campaigns include DRIDEX and VAWTRACK banking malware and backdoor/password stealer ROVNIX.

In the first quarter of this year we  spotted over one million macro malware detections targeted mainly at enterprise inboxes, and it’s still going strong. Microsoft has observed the same, noting in a recent blog post that over 500,000 machines have been infected thus far – mainly in the US and UK. What’s more, the majority of infections we observed (91%) came on computers running newer versions of Windows (Windows 7/Windows Server 2008 R2).

How to stop it
The rising number of global infections spotted thus far should be a timely reminder to IT managers that even older threats remain a risk to enterprise machines if not addressed properly. Obviously these malicious email threats require the user to enable macros in order to deliver their payload. So it’s increasingly important that IT leaders revisit enterprise security awareness and education programmes to ensure staff know what to look out for and how to deal safely with any unsolicited messages.

Security teams should also think about:

  • Turning off Windows Scripting Host on user systems if it serves no major purpose, and reducing your attack surface by disabling any other applications/services that aren’t needed
  • Revisiting and re-evaluating existing security policies
  • Ensuring all current anti-malware tools are up to date