Archive for March, 2020

« Older Entries
Newer Entries »

IAITAM Says More Data Breaches Are Likely As Unprepared Companies, Agencies Face “Nightmare” Data Risks

Posted in Commentary on March 17, 2020 by itnerd

Many companies and government agencies have already sent employees home to work remotely in response to concerns about the coronavirus.  This week, thousands of additional employers will likely follow suit until concerns about the contagion ease.  The International Association of IT Asset Managers (IAITAM) is warning that most employers may have rushed into making their decision without thinking through how to secure their most sensitive data.

As an example a 2015 IAITAM report that found 17 percent of U.S. Securities and Exchange Commission (SEC) laptops were not where they were supposed to be and 22 percent had incorrect user information.  The Washington, D.C. office of the SEC sent all employees home to work last week due to the discovery of a coronavirus case in the agency’s headquarters.  Under the circumstances cited in the IAITAM report, the SEC would have little confidence that it knows who is working remotely on which machines and under what circumstances.

In the best-case scenario right now, a company or agency has a Business Continuity plan that incorporates ITAM and one that can send employees home with IT assets that are accounted for and working properly.  Under this approach some employees using high-end, expensive computers and other equipment may not be able to work from home, while others requiring only a laptop and word-processing software will be able to operate offsite with ease.
If your company is sending home people with equipment, IAITAM has this advice:

  1. Sign out and track all IT assets that are being taken home.  No IT assets should be allowed to leave a company site for the first time without formally accounting for each movement.
  2. Make sure solid firewall and passcode protections are in place for accessing company systems.  Companies and agencies that plan properly will “scale up” to accommodate a shift in traffic from the workplace to remote access.
  3. Consider requiring employees to sign a Non-Disclosure Agreement (NDA) about the data they will have access to outside the office.  The data is often significantly more valuable than the IT assets in which it is contained.  Vital company information may be at stake and an NDA sends a message to employees that they have serious responsibilities that must be honored and respected.
  4. Provide education and training to employees about how to responsibly manage their equipment and the company’s data.  For example, parents who are accustomed to allowing a child or spouse to use a personal smartphone or computer must be coached to avoid doing so with company IT assets.  Companies may also elect to forbid the use of company IT assets on public Wi-Fi networks, such as coffee shops and fast-food restaurants.
  5. Monitor employee data use and other remote practices. It would be nice to assume everyone will follow the rules and be a team player, but that doesn’t always happen. Any potential for mischief or data abuse may be heightened in a work-from-home environment.  Remember that most data breaches are caused by insiders, not outside hackers.
  6. Tighten up the reins on Bring Your Own Device (BYOD) practices.  The reality is that the longer someone is out of the office, the more likely it is that they will do company business on their personal smartphone, computer, tablet or other Bring Your Own Device (BYOD) asset. A device that is BYOD could simply be a personal phone that receives work emails. If the employee’s contract or policy language does not give the data rights to the organization, the IT Asset Manager will need to make an addendum giving the rights to the organization. The employee may own the device, but the work-related data is 100 percent owned by the company.

What about companies and government agencies that did not invoke their BC plans with ITAM protections built in, and are now sending employees home to work things out as best one can on their own personal devices?  (This could also apply to companies and agencies that have such plans in place, and ITAM, but rushed ahead out of coronavirus fears and did not call on the protective provisions.)  For those companies and agencies, the list of potential problems is long:

  1. Companies and agencies will have little or no information about the devices being used to conduct company business.  In the absence of the most basic mobile device management (MDM) system, companies will be almost completely blind as to who is accessing their data.
  2. Companies and agencies that do not require their workers to operate remotely through a virtual private network (VPN) will be relying on personal Wi-Fi systems that may be entirely insecure and/or already corrupted. Unprepared companies may also find that their VPNs are unprepared for a tidal wave of outside access.  Companies that allow employees to use BYOD devices to do business on public Wi-Fi systems may be even more vulnerable to attack.
  3. The longer employees are working remotely in a vulnerable state, the bigger a target they may become for phishing and other attacks.  Already, there have been countless coronavirus-related attacks. Those working at major companies and government agencies may find themselves in the crosshairs of such sophisticated schemes.  In the absence of training and ongoing guidance from their company, the sensitive data on personal devices could be at considerable risk.
  4. Data on personal devices (outside the reach of a company or government agency) likely will remain there when the employee returns to work.  This creates a huge risk if the personal device is “handed down,” sold to a third-party or improperly disposed of.  In these scenarios, the exposure of sensitive company data may be entirely unintentional and end up becoming public.

1 Comment »

Infographic: How to Prevent Data Center Downtime

Posted in Commentary on March 17, 2020 by itnerd

Data centers have become central to the global economy, the environment and human welfare. Thus, the cost of data center downtime, while enormously expensive in monetary terms, is enormously greater when you consider the total impact.

And speaking of enormity, data center downtime prevention faces enormous challenges in itself. Threats come from every direction: hackers, extreme weather, accidents, operator errors, equipment failures and facility-related issues.

To help clarify priorities and actions, the infographic below, Data Center Downtime: Causes and Prevention, should prove to be most helpful. It first lays out the scope of the problem, and then defines major risk areas and provides various means of addressing them. Some suggestions are as simple as the proper labeling of equipment; others, such as preventing cybercrime, require multiple actions on a very wide front. With so much to do, an infographic such as this one is a very useful tool in establishing context.

While many reviews of data center downtime focus exclusively on the business revenue costs, the infographic takes notice of the human costs, which should always be top of mind. Arc flashes are a serious event, producing extreme temperatures and potentially chain reactions that can (and often are) life-threatening. To learn how to address this and other issues relating to data center outages and prevention, continue reading.

Data Center Downtime from Pro Access Floors

Leave a comment »

ServiceNow Releases Four Emergency Response Apps to Help Customers Navigate COVID-19 Crisis Management

Posted in Commentary with tags on March 17, 2020 by itnerd

ServiceNow today announced a customer care plan to support its public and private sector customers in managing the COVID‑19 pandemic.

As part of this effort, the company has announced four new community apps to help its customers, including government agencies and enterprises, manage complex emergency response workflows. These apps are now available at servicenow.com/crisisresponse for customers to access free of charge through September 30, 2020.

Emergency Response Operations app for government agencies

Washington State’s Department of Health, a ServiceNow customer, initially created the Emergency Response Operations app on the Now Platform to manage their own response to COVID‑19. Working with ServiceNow, the Department of Health is making the app available to all government entities at no charge.

Customer care plan

ServiceNow has launched a customer care plan to support its customers as they focus on maintaining business operations during the COVID‑19 pandemic. This includes a commitment to maintaining virtually 100% uptime for ServiceNow instances; and launching a Now Community forum where customers and partners can interact with other customers, as well as an Apps Suggestions portal, where customers and partners can provide their ideas for COVID‑19 related apps or features.

In addition to the State of Washington’s Emergency Response Operations app, ServiceNow has developed and introduced three, free of charge community apps to benefit all customers. The additional apps include:

  • Emergency Outreach: during a crisis, this workflow leverages the Now Platform to help companies connect with employees to assess the impact. Employers can reach out by email to provide information and safety measures and request a response to confirm if employees are safe and where they are located. Employers can also leverage the ServiceNow Now Mobile App to send push notifications to employees via mobile to get response.
  • Emergency Self Report: this workflow helps an employee notify their employer that they are self‑quarantined and when the employee will return to work, and provides workflow support for the employer.
  • Emergency Exposure Managementwhen a company becomes aware that its employee is diagnosed with an illness, this workflow helps the employer identify other people who might have been exposed based on the employee’s meetings history and job location.

More information about ServiceNow’s customer care plan, including accessing the community apps, can be found at servicenow.com/crisisresponse.

Customer support

As a global company, ServiceNow has critical business functions, including technical support and cloud operations, distributed in regions around the world. This model will help ensure consistent, world‑class customer support and service levels for its customers.

The company is committed to maintaining virtually 100% uptime for ServiceNow instances to ensure that customers have all of the capabilities available to them to continue their operations. ServiceNow maintains an Advanced High Availability Architecture with the ability to run a customer’s production application from a pair of data centers located in geographically different regions.

ServiceNow’s business continuity plan covers the ability for our cloud operations and technical support teams to work remotely in a safe and secure manner so they can continue to serve the company’s customers. All remote access happens using secure connections and multifactor authentication.

ServiceNow’s Knowledge 2020 customer event goes digital

In order to protect the health and safety of its customers, partners and extended community, ServiceNow’s Knowledge 2020 event will become a digital community experience. This digital event, which starts on May 5, replaces the in‑person event scheduled May 3‑7 in Orlando, FL. The Knowledge 2020 digital experience will showcase all the ways to unlock productivity through modern digital workflows, highlight the latest customer and platform innovations, and inspire the ServiceNow community to continue to create great experiences and unlock productivity for businesses.

Protecting our employees

ServiceNow has taken action to maximize the well‑being and safety of its 10,000‑plus global employees, office staff and communities. As part of its efforts, the company:

  • Has asked all employees globally to work from home, effective March 11th, in an effort to encourage social distancing;
  • Is continuing to compensate all full‑time and part‑time workers, contractors and support staff during this work‑from‑home period; and
  • Is requiring that employees avoid business travel unless it’s deemed business‑critical, and is within their own country.

Community giving

Across ServiceNow’s global community, we recognize that healthcare workers on the frontlines of COVID‑19 are in need of support. These workers are in need of supplies, such as masks, protection suits, goggles and medical testing equipment, as well as basic necessities, such as food, lodging, training and support. ServiceNow is making donations to the International Medical Corps and the CDC Foundation totaling $100,000 to support these efforts.

 

1 Comment »

The US is fighting COVID-19 with 83% of healthcare systems running on outdated software

Posted in Commentary on March 17, 2020 by itnerd

According to data gathered by Atlas VPN, the US is fighting COVID-19 while having 83% of their healthcare systems run on outdated software.

Newest reports show, 83% of devices of 1.2 million IoT in the US healthcare run on outdated software: 56% of devices operating on Windows 7, and 27% are running Windows XP or decommissioned versions of Linux OS. The situation leaves multiple security vulnerabilities to be exploited by hackers.

At the moment, there is a 26% chance that 14% of patient monitoring tools will get attacked. Although the numbers may not seem as big, it is extremely concerning, considering every COVID-19 patient is being monitored in hospitals.

On March 15, the US Health and Human Services Department experienced a cyber attack on their computer. It happened right after the National Security Council posting a tweet to warn people about a fake text message claiming Trump will be ordering a two-week quarantine. It is believed the attack and the text message are somewhat related.

To read the full report, head over to: https://atlasvpn.com/blog/us-is-fighting-covid-19-with-83-of-healthcare-systems-running-on-outdated-software/

Leave a comment »

The Extortion Phishing Email Scam Is Back…. Here’s How You Can Avoid Being A Victim

Posted in Commentary with tags on March 16, 2020 by itnerd

Over the last few days, I have been getting one of those extortion phishing emails that I have written about in the past. In short it claims to know one of my passwords, and it claims to have embarrassing videos of me that were gained via a hack of my computer that will get sent to friends and family if I don’t pay the scammers in Bitcoin. In other words, it’s the usual scam that has been around for a while now. Here”s the email with some info changed to protect my privacy:

 

Subject: <My Name> <One of my Passwords>

Yοur ρasswοrd ιs <One of my Passwords>. Ι knοw a lοτ mοre thngs abοut yοu τhaη thατ.

How?

I ρlαced a malwαre oη τhe pοrη websiτe αηd guess what, yοu νisιted thιs web siτe το hανe fuη (you kηοw whaτ I meaη). While yοu were waτchιηg τhe νιdeο, your web browser αcted αs αη RDP (Remοte Deskτορ) αnd α keylogger, whιch ρroided me access tο yοur displαy screen αηd webcam. Rιght αfter τhατ, my sοfτware gathered αll yοur conτacτs from yοur Messenger, Faceboοk αccοunt, αηd email αccοuητ.

Whaτ exacτly did Ι dο?

I mαde a spliτ-screeη νιdeο. The fιrst ρart recοrded τhe νιdeo you were vιewiηg (yοu’e got αn exceρτional ταsτe haha), αnd τhe next parτ recorded yοur webcαm (Yeρ! t’s yοu \ dοiηg nαsτy τhings!).

What should you dο?

Well, Ι belιeνe, $2000 is α faιr prιce for our lιτtle secreτ. Yοu’ll maκe τhe paymeηt νιa βιτcoin τo the belοw αddress (if yοu dοη’τ know this, search “hοw το buy Βιtcοin” in Goοgle).

Βιtcoin Address:

REDACTED Bitcoin Address
(It is cAsE seηsiτινe, sο cοpy αηd ρaste ιt)

Ιmpοrτaητ:

You haνe 24 hours to mαke τhe paymenτ. (Ι hαve α uηique pιxel wιthiη thιs emαil message, aηd rιght now I know τhat yοu have read this emαιl). Ιf I don’t get τhe ρaymeηt, Ι wιll seηd your νιdeο το all of your cοnτacts, includiηg relaτιves, cowοrκers, aηd so forτh. Noηetheless, ιf I do get pαid, I wιll erase τhe video immediaτely. If you wαnt eνιdeηce, reρly wιτh “Yes!” αnd Ι will send your νιdeο recordιηg τo yοur fινe frieηds. This is α nοη-negotιable offer, so don’t wasτe my τιme and yοurs by reρlyiηg to this emαil.

<Alleged Name Of Hacker>

 

Now the email shows up in your inbox under multiple names with multiple email addresses and different bitcoin wallet addresses. And they may show up in your inbox four or five time a day. But the content is always the same. Including the weird letters in the text that you might have noticed. Now the password that they reference is likely to be one of your passwords. And they likely got it from a data breach that comprised email names, email addresses and passwords. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. But that’s all they know about you. The hope of the losers behind this scam is that this will be enough to get you to pay up.

The problem for the scammers is that this version of the extortion phishing scam will likely be ineffective.  I say that because they will literally spam you to the point that these emails will go straight to your junk filter after a while. By that I mean you may get five or six of these a day. With that sort of volume a corporate or ISP email filter will eventually catch on and filter these out. Or your email application may do the same thing, assuming that you don’t mark the first one that you get as junk, which means that every one of these emails after that one will just get tossed into your junk or spam email folder. The net result is that you’ll never see these emails. Thus making their scam ineffective. But if  you do see one or more of these emails pop up in your inbox, do yourself a favor and delete them. Something that I wish that I could do to the losers behind this scam and in the process make the world a better place.

Having said all of that, if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

Only about 1% of people who get an email like this pay up Thus these losers want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t fall for this. Never respond to an email like this. Never pay up. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are losers and don’t deserve your attention or more importantly your money.

 

Leave a comment »

TekSavvy Temporarily Removes Internet Caps For All Customers

Posted in Commentary with tags on March 14, 2020 by itnerd

TekSavvy has put out a statement regarding billing for overages on capped packages. Marc Gaudrault, TekSavvy’s CEO had this to say:

As Canadians will work from home and families stay home during the COVID-19 pandemic, TekSavvy is suspending billing for overages for current TekSavvy customers on capped packages, effective immediately until April 5, 2020. This change has been automatically implemented and customers are not required to take any action. We hope that this will help TekSavvy customers during this public health situation.

Leave a comment »

My Experience Registering And Using eID

Posted in Commentary with tags on March 13, 2020 by itnerd

Earlier this week, Ottawa-based Bluink has launched its mobile ID app in Ontario called eID. This app allows you to upload the following pieces of ID to your phone:

  • Drivers License
  • Passport
  • Health Card

On top of that, the app allows you to add the following:

  • Addresses
  • Email Address
  • Phone Number
  • Medical Information
  • Emergency Contacts
  • Credit Cards
  • Employment Info
  • Account Logins

Basically it’s billed as a secure one stop shop for all your personal info. I was intrigued by this so when it became available, I tested it out. You’ll need the following to set up your eID as they call it:

  • Drivers License
  • Passport

On top of that, as part of the registration process, you must be in your primary residence as the app uses location services to verify your location. The setup process goes like this:

  • The first thing you need to do is take a selfie. It’s done in a similar manner as registering your face on an iPhone with FaceID. I strongly recommend that you do so by having your phone at 90 degrees and looking straight at your phone. I found that out the hard way when the registration process failed because I had not done that. This is important as the company apparently uses this selfie to compare against the pictures on your Drivers License and Passport.
  • The next thing that you need to do is to add your Drivers License and Passport. Those are done using the rear facing camera and using an on screen template to line up your info so that the app can capture it. I strongly recommend placing your Drivers License on a dark surface as that makes it way easier to read. As for your Passport, the only Passports that are supported are Canadian ePassports which have an electronic chip that is encoded with the same information found on page 2 of the passport (surname, given name, date of birth and sex). It also has a digital picture of the bearer’s face. It will ask you to place about half your phone on the passport and for best results, I would remove the phone from its case if you use a case on your phone. I say this because the app had trouble reading the info from the chip on the ePassport while the phone had my UAG case on it. That’s curious because Apple Pay has always worked with this case on the phone, and ePassports work in a similar manner. Thus I am puzzled as to why this was an issue during this process.
  • Once that’s done you can add additional info. I added my Health Card and added my wife as an emergency contact. I didn’t add anything else as my health info is stored in Apple Health and passwords and the like are stored in eWallet.
  • Once I did that, it was time to create my eID by uploading and verifying all this info. My first attempt failed because it didn’t like selfie. My second and third attempts failed because it didn’t like the capture of my drivers license. But I had to do some trial and error to figure that out as the error message that it displayed was not at all helpful.

Now one thing to note is that you only get 5 tries to do this. According to the FAQ it is done to stop a fraudster from doing a brute force attack to get info onto the server. Speaking of the FAQ, they need to update it as it references 3 tries. But I only needed the three tries to get my info uploaded and verified. The net results are digital representations of your ID and a QR code that can be used by (presumably) government agencies and others to access your info. That’s kind of cool.

But there’s a catch.

This digital ID card can’t replace a physical card in law enforcement situations. That’s stated in the FAQ that I linked to above. The company does mention that various government bodies are working on digitizing ID card laws.  So someday in the future, this app might be much more useful than it is right now. Also, I will point out that eID doesn’t seem to be “fully baked” as transferring your eID from one phone to another isn’t possible right now. But that functionality is apparently coming soon.

You can download the app on iOS and Android for free. If you live in the province of Ontario, I’d have a look at it as this (hopefully) is going to be the future.

Leave a comment »

Dell Study Finds Data Is At Risk Despite Investments In Data Protection

Posted in Commentary with tags on March 12, 2020 by itnerd

The Dell Technologies Global Data Protection Index 2020 Snapshot reveals that organizations on average are managing almost 40% more data than they were a year ago. With this surge in data comes inherent challenges. The vast majority (81%) of respondents reported their current data protection solutions will not meet all of their future business needs. The Snapshot, a follow-on to the biennial Global Data Protection Index, surveyed 1,000 IT decision makers across 15 countries at public and private organizations with 250+ employees about the impact these challenges and advanced technologies have on data protection readiness. The findings also show positive progress as an increasing number of organizations – 80% in 2019, up from 74% in 2018 – see their data as valuable and are currently extracting value or plan to in the future.

Costly disruptions rise at alarming rates

According to the study, organizations are now managing 13.53 petabytes (PB) of data, nearly a 40% increase since the average 9.70PB in 2018, and an 831% increase since organizations were managing 1.45PB in 2016. The largest threat to all this data seems to be the growing number of disruptive events, from cyber-attacks to data loss to systems downtime. The majority of organizations (82% in 2019 compared to 76% in 2018) suffered a disruptive event in the last 12 months. And, an additional 68% fear their organization will experience a disruptive event in the next 12 months.

Even more concerning is the finding that organizations using more than one data protection vendor are approximately two times more vulnerable to a cyber incident that prevents access to their data (39% of those using two or more vendors versus 20% of those using only one vendor). But, the use of multiple data protection vendors is on the rise with 80% of organizations choosing to deploy data protection solutions from two or more providers, up 20 percentage points since 2016.

The cost of disruption is also increasing at an alarming rate. The average cost of downtime surged by 54% from 2018 to 2019, resulting in an estimated total cost of $810,018 in 2019, up from $526,845 in 2018. The estimated cost of data loss also increased from $995,613 in 2018 to $1,013,075 in 2019. These costs are significantly higher for those organizations using more than one data protection vendor – nearly two times higher downtime-related costs and almost five times higher data loss costs, on average.

Emerging technologies challenge data protection solutions

As emerging technologies continue to advance and shape the digital landscape, organizations are learning how to use these technologies for better business outcomes. The study reports that almost all organizations are making some level of investment in newer or emerging technologies, with the top five being: cloud-native applications (58%); artificial intelligence (AI) and machine learning (ML) (53%); software-as-a-service (SaaS) applications (51%); 5G and cloud edge infrastructure (49%); and Internet of Things/end point (36%).

Yet, nearly three-quarters (71%) of respondents believe these emerging technologies create more data protection complexity while 61% state that emerging technologies pose a risk to data protection. More than half of those using newer or emerging technologies are struggling to find adequate data protection solutions for these technologies, including:

  • 5G and cloud edge infrastructure (67%)
  • AI and ML platforms (64%)
  • Cloud-native applications (60%)
  • IoT and end point (59%)
  • Robotic process automation (56%)

The study also found that 81% of respondents believe their organizations’ existing data protection solutions will not be able to meet all future business challenges. Respondents shared a lack of confidence in the following areas:

  • Recovering data from cyber-attacks (69%)
  • Recovering data from a data loss incident (64%)
  • Meeting compliance with regional data governance regulations (62%)
  • Meeting backup and recovery service level objectives (62%)

Data protection joins forces with cloud

Businesses are taking a combination of cloud approaches when deploying new business applications and protecting workloads such as containers and cloud-native and SaaS applications. The findings show that organizations prefer public cloud/SaaS (43%), hybrid cloud (42%) and private cloud (39%) as deployment environments for newer applications such as these. Also, 85% of organizations surveyed say it is mandatory or extremely important for data protection providers to protect cloud-native applications.

As more data moves to, through and around edge environments, many respondents say cloud-based backups are preferred, with 62% citing private cloud and 49% citing public cloud as their approach for managing and protecting data created in edge locations.

Additional resources

  • Visit the Global Data Protection Index 2020 Snapshot for an infographic and links to the previous year’s findings.
  • Read the blog from Dell Technologies Data Protection President Beth Phalen for her perspective on the findings.

About the Dell Technologies Global Data Protection Index 2020 Snapshot

Dell Technologies commissioned Vanson Bourne for the Global Data Protection Index 2020 Snapshot, a follow-on to the biennial Global Data Protection Index conducted in 2014, 2016 and 2018. The Snapshot surveyed 1,000 IT decision makers across 15 countries and 14 industries with 250+ employees to understand the impact of cloud and the complexities of advanced technologies on data protection readiness. Vanson Bourne conducted the survey between November and December 2019. The countries surveyed include US, UK, France, Germany and China with 100 respondents each, and Mexico, Brazil, South Africa, UAE, Italy, Australia, Japan, South Korea, India and Singapore with 50 respondents each.

 

Leave a comment »

Lego & Nintendo Team Up To Bring Super Mario To The Physical World

Posted in Commentary with tags on March 12, 2020 by itnerd

The LEGO Group announced a partnership with Nintendo that will change the way people interact with Super Mario in the physical world and engage in LEGO® experiences.

Both companies share a passion for innovation and play and their collaboration has led to a reimagination of the LEGO building experience, enabling an entirely new way to play inspired by the beloved video game icon, Super Mario.

Neither a video game nor a traditional LEGO brick-based set, LEGO® Super Mario™ is a new product line that features an interactive LEGO Mario figure who collects coins in real-life game levels created with LEGO bricks. The new line will let kids experience the playful world of Super Mario like never before. Super Mario will be brought to life in the physical LEGO world and new levels of challenge and styles of play will be part of the iconic LEGO experience enjoyed by generations.

LEGO® Super Mario™ will launch later this year, and more information will be made available in the future. 

Bookmark this website for more info: www.LEGO.com/supermario

 

Leave a comment »

Trend Micro Blocked 13 Million High-Risk Email Threats in 2019

Posted in Commentary with tags on March 12, 2020 by itnerd

Trend Micro Incorporated has released its 2019 Cloud App Security Roundup report. The report highlights changes in messaging-specific threats detected last year, the use of more sophisticated malware, and the potential abuse of emerging technologies in artificial intelligence to inform future business protection strategies.

In 2019, Trend Micro blocked 12.7 million high-risk email threats for customers leveraging cloud-based email services from Microsoft and Google. This second layer of defense caught threats beyond those detected by the cloud email services’ built-in security.

More than 11 million of the high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails. Of these, Trend Micro detected 35% more credential phishing attempts than in 2018. Additionally, the number of unknown phishing links in such attacks jumped from just 9% of the total to more than 44% in 2019. This may demonstrate that scammers are registering new sites to avoid detection.

The report also shows that criminals are getting better at tricking the first layer of defense against Business Email Compromise (BEC) attacks, which typically look at attacker behaviors and intention analysis of the email content. The percentage of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019.

Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts. This enables malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware, launch convincing BEC attacks and more. To this end, Trend Micro blocked nearly 400,000 attempted BEC attacks, which is 271% more than in 2018.

In the face of such threats, Trend Micro recommends the organizations take the following mitigation steps:

  • Move away from a single gateway to a multi-layered cloud app security solution
  • Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents
  • Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps
  • Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions
  • Develop comprehensive end user awareness and training programs

The report’s findings were based on data generated by Trend Micro Cloud App Security™, an API-based solution that protects a range of cloud-based applications and services, including Microsoft® Office 365™ Exchange™ Online, OneDrive® for Business, SharePoint® Online, Gmail, and Google Drive.

To find out more, please read the complete report here:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-report-2019

 

Leave a comment »

« Older Entries
Newer Entries »