The IT Nerd

In 2023, fraud cost U.S. consumers more than $8 billion. With tax season underway, so are tax phishing scams. Recently, global cybersecurity firm, Trend Micro, published a blog on the Top Four IRS Tax Scams in 2024. These include:  

1. IRS Tax Refund Scams 
2. IRS “Offer in Compromise” Scam 
3. Fake Tax Assistance Program 
4. Fake 2023 Unpaid Taxes Notification 

With AI enabling more and more sophisticated tax and financial scams, consumers need to be leery of divulging personal information to avoid financial loss and potential identity theft. Once your personal information is in the hands of bad actors, your risk of identity theft is increased. A whopping 47% of Americans have experienced financial identity theft. 

This blog is very worth reading so that you can protect yourself.

Pax8, the leading cloud commerce marketplace, today announced Trend Micro, a global cybersecurity leader, is now available on the Pax8 Marketplace in North America and Europe. Trend Micro’s proven product and program align with Pax8’s goal of increasing accessibility to market-leading cybersecurity solutions for managed service providers (MSPs).

Trend Micro is consistently recognized as a “Leader” by Forrester, Gartner, CRN, and G2, reinforcing its dedication to delivering top-notch security solutions. Its advanced platform, encompassing Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and Managed Detection and Response (MDR), delivers multi-layered protection and heightened visibility across endpoints, mobile devices, emails, cloud applications, and browsers. With AI-powered machine learning and automatic data correlation, the co-managed offering ensures 24/7 monitoring, detection, incident investigation, and response services.

To learn more about Pax8 and Trend Micro, please visit www.pax8.com.

Trend Micro Incorporated today warned of the transformative role of generative AI (GenAI) in the cyber threat landscape and a coming tsunami of sophisticated social engineering tactics and identity theft powered GenAI tools.

To read more about Trend Micro’s 2024 cybersecurity predictions, please visit:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/critical-scalability-trend-micro-security-predictions-for-2024

Eric Skinner, VP of market strategy at Trend: “Advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing such as odd formatting or grammatical errors, making them exceedingly difficult to detect. Businesses must transition beyond conventional phishing training and prioritize the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics.”

The widespread availability and improved quality of GenAI, coupled with the use of Generative Adversarial Networks (GANs), are expected to disrupt the phishing market in 2024. This transformation will enable cost-effective creation of hyper-realistic audio and video content—driving a new wave of business email compromise (BEC), virtual kidnapping, and other scams, Trend predicts.

Given the potentially lucrative gains* that threat actors might achieve through malicious activities, threat actors will be incentivized to develop nefarious GenAI tools for these campaigns or to use legitimate ones with stolen credentials and VPNs to hide their identities.

AI models themselves may also come under attack in 2024. While GenAI and LLM datasets are difficult for threat actors to influence, specialized cloud-based machine learning models are a far more attractive target. The more focused datasets they are trained on will be singled out for data poisoning attacks with various outcomes in mind—from exfiltrating sensitive data to disrupting fraud filters and even connected vehicles. Such attacks already cost less than $100 to carry out.

These trends may, in turn, lead to increased regulatory scrutiny and a push from the cybersecurity sector to take matters into its own hands.

“In the coming year, the cyber industry will begin to outpace the government when it comes to developing cybersecurity-specific AI policy or regulations,” said Greg Young, VP of cybersecurity at Trend. “The industry is moving quickly to self-regulate on an opt-in basis.”

Elsewhere, Trend’s 2024 predictions report highlighted:

A surge in cloud-native worm attacks, targeting vulnerabilities and misconfigurations and using a high degree of automation to impact multiple containers, accounts and services with minimal effort.

Cloud security will be crucial for organizations to address security gaps in cloud environments, highlighting the vulnerability of cloud-native applications to automated attacks. Proactive measures, including robust defense mechanisms and thorough security audits, are essential to mitigate risks.

More supply chain attacks will target not only upstream open-source software components but also inventory identity management tools, such as telco SIMs, which are crucial for fleet and inventory systems. Cybercriminals will also likely exploit vendors’ software supply chains through CI/CD systems, with a specific focus on third-party components.

Attacks on private blockchains will increase as a result of vulnerabilities in the implementation of a number of private blockchains. Threat actors could use these rights to modify, override, or erase entries and then demand a ransom. Alternatively, they could try to encrypt the entire blockchain if it’s possible to seize control of enough nodes.

*BEC cost victims over $2.7bn in 2022, according to the FBI.

Trend Micro made a pair of announcements today:

1. Trend Micro announced the launch of its new generative AI tool, Trend Companion, designed to empower security analysts by driving streamlined workflows and enhanced productivity. Trend Companioncould potentially reduce analyst time spent on manual risk assessments and threat investigations by 50% or more. Read the press release here. 
2. Trend Micro also announced the latest evolution in generative AI: the integration of its leading global threat intelligence and millions of diverse sensor types to enhance outcomes for its flagship Trend Vision One™ cybersecurity. In 2022, Trend handled over six trillion threat queries from customers across 65+ countries. Using AI trained on this data, Trend blocked more than 146 billion threats, three billion of which were ransomware. Read the press release here. 

With the ever-evolving cyber landscape, security teams need more than just AI to work well. They also need strong data. Trend Micro’s global threat research and work in communities through its Zero Day Initiative, is helping to accelerate incident response times by 30 per cent, reduce incident reporting by up to two hours per report, and drive more complete attack containment – providing valuable insights to security teams.

 Trend Micro today announced the next evolution of its cloud container security capabilities for its flagship platform. The latest addition to the platform delivers end-to-end protection, detection, and response to drive secure digital transformation.  

The new capabilities simplify investigations by enabling analysts to prioritize incidents faster and with greater accuracy—reducing the time spent on each container security incident by up to two weeks.

The Trend Vision One platform is designed to deliver comprehensive, cross-layer capabilities that eliminate the cost, security gaps, and administrative overhead associated with point solutions. Trend’s latest innovation in container security brings unparalleled visibility to the security operations center (SOC) to accelerate threat detection, response, and containment. Specialized cloud security teams will benefit from a tailored approach that protects containerized applications and enables organizations to leverage the full potential of cloud environments securely. 

According to independent analyst firm Gartner, “Integrating previously isolated security capabilities simplifies security workflows and reduces the complexity associated with managing multiple tools, thus providing better visibility into the security landscape. A centralized platform allows for better coordination and communication between security and development teams, fostering collaboration and enabling incidents to be handled more efficiently.”** 

Trend Vision One – Container Security benefits include: 

• Consolidated security: Centralizing container security within a unified platform streamlines security management while delivering unprecedented visibility through deep, correlated telemetry across more native security layers—including endpoint, server, workload, identity, email, and network. This consolidated approach enables security teams to identify threats earlier in the attack lifecycle leading to rapid and effective containment. A platform approach ensures security policies are consistently monitored and applied across the organization.  
• Optimized operational efficiency: Drastically reduces the time spent by SOC teams on container security operations, saving up to two weeks per incident. This efficiency improvement can free up resources for other critical tasks, enabling organizations to operate in the cloud with less risk. 
• Consistency across all cloud environments: Ensures seamless security management is in place across both Kubernetes clusters (multi-cloud and on-premises) and Amazon ECS by simplifying the management of security policies and minimizing the risk of potential security vulnerabilities. 
• Enhanced security: Proactively mitigates risk by searching for bugs in Amazon ECS and Kubernetes. Supports end-to-end protection that secures containers from build to termination, ensuring seamless security across the container lifecycle. 

To find out more about Trend Vision One – Container Security, please visit: https://www.trendmicro.com/en_in/business/products/one-platform.html  

Akira is rapidly rising as one of the fastest-growing ransomware groups due to its utilization of double extortion strategies, a ransomware-as-a-service (RaaS) distribution approach and distinctive payment methods. According to Trend Micro, Akira’s ties can be traced back to the now-defunct Conti ransomware family.

Canada is the top 3rd country affected by successful RaaS and extortion attacks in the first and second quarters of 2023, just behind U.S. and the U.K. As ransomware actors continue to advance their tactics, creating more sophisticated strains and causing financial and reputational damage to businesses, organizations must enhance their cybersecurity defenses to effectively combat these evolving threats.

Recent Akira activities:

• June 2023: a mere three months following the initial discovery of Akira, the ransomware group encompasses Linux systems within its list of targeted systems.
• August 2023: Akira focuses on Cisco VPN accounts lacking multifactor authentication (MFA)
• September 2023:  An analysis of Akira variant Megazord is released.
  • This variant encrypts files with the “POWERRANGES” file extension and shares a ransom note, titled “powerranges.txt,” directing victims to get in touch with the ransomware actor through the TOX messenger.
• September 6^th 2023: Akira ransomware operators take advantage of CVE-2023-20269, a previously undisclosed security flaw, in two of their product offerings, specifically targeting the remote access VPN feature within the Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software.

Trend Micro has a report on Akira that you can read to gain further insight.

Trend Micro Incorporated has announced a complete redesign to the company’s worldwide partner program. This re-design will accelerate business growth for partners and allow them to further deliver exceptional value to end customers.

The program is built around the Trend Vision One™ platform, creating opportunities for partners to deliver services and assessments for both enterprise and SMB-focused partners.

Customers are facing increased risks as threat actors derive greater monetary value from criminal activities. As cybersecurity demand grows, the need for in-house skills to protect data, companies, brands, industries and governments grows as well. Partners can close this gap by delivering value via crucial services: MSSP, MSP, SOCaaS, XDR, Incident Response, and much more. To address this need, Trend is improving the ability for partners to offer assessments to customers, including Cyber Risk Assessments, new additions of External Attack Surface, Cloud Posture, and Azure AD Assessments. Over 800 partners have already leveraged Cyber Risk Assessment Services to complete 1,400+ customer assessments—and more new services are on the way.

As Trend and its partners have evolved together, so has another critical component: artificial intelligence, which enables partner analysts to understand the next threat alert, and the next opportunity for growth within customer accounts, further deepening a partner’s value to their end customers. 

The Trend Partner Program will enable channel partners to:

• Embrace AI with Trend Vision One generative AI capabilities, empowering SOC teams to accelerate daily workflows, enhancing their performance and productivity
• Increase profitability with stacked benefits; from capabilities, deal participation and co-selling, marketplace competitive private offers and recognized partners’ influenced revenue in services and consulting
• Expand services with new competencies for partners to earn their technical and service validations in cloud security, professional services, managed security services, SOC, IR, and more
• Co-sell and generate more leads with multiple lead gen tools and customer workshops, including co-branded risk assessments, cloud security for AWS and Azure workshops, online demo environments, marketplace incentive campaigns, and numerous co-sell and co-branded sales tools
• Experience immersive learning with Trend Campus, which supports hybrid learning across three progressive tracks as well as in-depth 1:1 consultation for competency partners
• Leverage an integrated digital experience across partner locator, partner portal, mobile app, leads dashboard and cloud marketplaces

The Trend Partner Program is built on the foundation of a thriving channel business comprising 147,000 profiled partners, more than half of whom took broader cybersecurity training in the past year. Deal registration has seen a significant increase, especially by co-selling partners, with 42% YoY growth in AWS CPPO partners and a 46% YoY increase in MSP partners selling XDR.

Trend continues to evolve and grow alongside partners, ensuring that joint customers remain protected while remaining profitable and extending partner opportunities.

To read more about the new partner program, visit https://www.trendmicro.com/partner

Learn more about Trend partner success stories at https://www.trendmicro.com/en_us/partners/partner-stories.html

Today, Trend Micro released its ransomware report for 1H which found that Canada is the top 3^rd country affected by successful RaaS and extortion attacks in the first and second quarters of 2023, just behind U.S. and the U.K.

The report* revealed that many ransomware threat actors are no longer going after “big game” targets, instead focusing on SMBs they presume to be less well-defended. In Canada, while ransomware file detection at enterprise organizations decreased by 69.13% in the second quarter of the year, data shows  a 214.29% increase in file detections  for SMBs. Findings also revealed that globally, small businesses accounted for the majority (57%) of LockBit victims and almost half (45%) of Black Cat victims in the first half of this year.

Further, healthcare, education and technology emerged as the top three industries in ransomware file detection in Canada in the first half of the year.

Additional Canadian survey findings:

• Canada is included in the top 5 countries in terms of ransomware file detections in machines in March 2023. The top ransomware was BlackBasta and Trend had predicted it would continue to be of significance in Canada.
• Canada was fourth in terms of LockBit’s successful attacks of victim organizations in the second quarters of 2023.
• Canada was 3^rd then rose to 2^nd when it came to BlackCat’s successful attacks in terms of victim organizations in the first and second quarters of 2023.
• Canada was the top 3^rd country for Clop’s successful attacks in terms of victim organizations in the first and second quarters of 2023.

As ransomware attacks become more evolved and complex, it’s not just ransom demands that will increase through the years: recovery times are also expected to be longer. And while SMBs are surely a target, enterprise and consumer aren’t far behind. 

Learn more about the ransomware threats in the first half of the year here.

A new hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign has been targeting the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US.

Trend Micro discovered the Earth Estries campaign earlier this year and say the operation is working with “high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities.“

• Uses multiple backdoors and hacking tools to enhance intrusion vectors
• Observed using PowerShell downgrade attacks to avoid detection from Windows Antimalware Scan Interface’s (AMSI) logging mechanism
• Uses public services such as Github, Gmail, AnonFiles, and File.io to exchange or transfer commands and stolen data
• Regularly cleans and redeploys its backdoors on the infected host to reduce the risk of detection

“By compromising internal servers and valid accounts, the threat actors can perform lateral movement within the victim’s network and carry out their malicious activities covertly,” the researchers said.

“Through the Server Message Block (SMB) and WMI command line (WMIC), the threat actors propagated backdoors and hacking tools in other machines in the victim’s environment. At the end of each round of operations in a series of deployments, they archived the collected data from a specified folder. “

David Mitchell, Chief Technical Officer, HYAS had this comment:

   “Earth Estries is just another in a long line of advanced espionage groups. They appear to fully understand the network defenses and utilize living off the land (LOL) of their targets in order to go undetected. These techniques highlight the critical need to tie together endpoint and network telemetry to provide a more 360 degree view of what is happening on your infrastructure — advanced attackers know that most enterprises are blind to lateral network movement and are capitalizing on it, with ease.”

Threat actors are not just about grabbing data and holding it for ransom. They’re often about grabbing data and selling it. Or giving it to a nation state. Organizations need to factor that in when crafting how they would stop attacks like this from happening.