The IT Nerd

Trend Micro Incorporated today announced that Canada accounted for 153,584 of total COVID-themed cyber-threat detections last year, placing it in the list of Top 20 countries at the eighteenth spot.

Globally, the Trend Micro Smart Protection Network (SPN) detected nearly 16.4 million threats, consisting of malicious URLs, spam, and malware, over the course of 2020. The vast majority of these (88%) were email-borne spam threats. Examples of this include phishing attempts using COVID-19 as a lure in an attempt to steal personal and financial information.

Canada ranked ahead of Croatia and Turkey on the list of Top 20 countries, and behind Uruguay. The United States has the highest amount of COVID-themed cyber-threat detections with over 6 million. 

In total, Trend Micro blocked over 62.6 billion cyber-threats in 2020, a 20% year-on-year increase. Attacks on home networks globally surged 209% to reach nearly 2.9 billion as cyber-criminals adapted quickly to the mass shift to distributed working caused by the pandemic.

Trend Micro’s 2020 Security Roundup report also revealed the detection of over 175 million phishing URLs during 2020 as attackers sought to target distracted home workers using potentially unsecured devices and networks.

To read the full report, please visit this link.

Trend Micro Incorporated combats security alert overload and resource constraints with an extensible platform that provides visibility and response from a single console. The new platform, Trend Micro Vision One^TM, has extended detection and response (XDR) at its core and raises the bar with new capabilities to helpsecurity teams to see more and respond faster.

Organizations are struggling with siloed tools, disjointed alerts and stealthy, sophisticated threats, whether they have a Security Operations Center (SOCs) or are relying on stretched IT security teams for SOC functions. Trend Micro has helped hundreds of organizations identify and reduce cyber risk by correlating alerts across the entire IT environment, with the industry-first XDR solution launched in 2019.  Now, with Vision One, Trend Micro is solving more complex security challenges with enhanced XDR, new risk visibility, new third-party integrations, and simplified response to threats across security layers.

With Trend Micro Vision One, organizations can maximize efficiency by making less sophisticated security resources operate at a more expert level. The new platform allows them to faster dissect security incidents, identify critical threat patterns and complex attacks and understand their overall security posture and trends, so organizations can proactively identify and assess potential security risks.

According to Gartner, Innovation Insight for Extended Detection and Response, March 2020, “Two of the biggest challenges for all security organizations are hiring and retaining technically savvy security operations staff, and building a security operations capability that can confidently configure and maintain a defensive posture as well as provide a rapid detection and response capacity. Mainstream organizations are often overwhelmed by the intersectionality of these two problems.”

The holistic threat defense platform is true to its name, offering:

• Visibility & threat intelligence: Cross-layer detection models, along with security risk visibility supported by Trend Micro Research insights, enable enterprises to see complex attacks and particular points of security risk that siloed solutions miss. In preview, are new insights into SaaS application usage, their risk levels and trends over time.
• Purpose-built sensors: Native integrations with Trend Micro security stack across critical security layers.
• Fit with existing infrastructure: Out-of-the-box, API integrations with existing third-party solutions already in use to compliment workflows.
• Simplified management: Ability to adjust security policies and drive response actions across security layers from a single console instead of swivel chair management

In addition to the layered security from Trend Micro, customers can easily connect this new platform into other security technologies such as third-party endpoint protection platforms and SIEM and SOARs, including new integrations with Fortinet,  Microsoft Sentinel and Splunk just to name a few. Early adopting customers are ready to act on the developing opportunity to integrate beyond SIEM and SOAR, with solutions like firewalls, ticketing solutions, identity and access management.

This new blog from IDC resulted from a briefing prior to launch and goes into further detail on the new Trend Micro platform. To find out more about Trend Micro Vision One, please visit TrendMicro.com. 

Trend Micro has found that healthcare organizations (HCOs) have accelerated their spending on cloud migration, but many may be over-estimating their ability to protect these environments.

Trend Micro commissioned Sapio Research to survey more than 2,500 IT decision makers in 28 countries, including Canada, across several industry sectors. For HCOs in particular, The results revealed that 88% have accelerated their cloud adoption because of the pandemic, on par with the global finding. Globally, remote working, cost savings and improved IT agility were three main reasons for the switch to cloud-based infrastructure.

According to the survey findings, rapid shifts to the cloud may leave organizations at higher risk of cyber threats. Here are four challenges HCOs in Canada are reportedly faced when moving to cloud-based environments:

• Skills shortages: Half (49% vs. 43% globally) revealed that skills gaps are a persistent barrier to migrating to cloud security solutions.
• Day-to-day operations: Setting and maintaining policies (32% vs. 34%), patching and vulnerability management (29% vs. 32%), and misconfigurations (35% vs 32%) were challenges of protecting cloud workloads.
• Increased costs: 43% (same as global result) have spent more on capital expenses and paying for contracted out services, while 43% (vs. 39% globally) have spent more on operational and training costs since migrating.
• Security responsibility: Over one-third (37% vs. 48%) are confident they understand their part of the Shared Responsibility Model.

While cloud migration isn’t simple, it can be enabled and improved using the right security tools.

The healthcare sector has been on the frontline in the struggle against COVID-19, and digital transformation can make a positive impact on productivity and patient care during this time of critical need. However, it is essential that the broader attack surface of an expanded digital infrastructure is given due consideration.

With the right cloud-ready solutions in place, HCOs can maximize cloud benefits without putting mission-critical systems or patient data at risk. Such tools can also minimize skills challenges by spotting misconfigurations, automating patching and policy management, and integrating security into DevOps, across both cloud and on-premise environments.

Trend Micro Incorporated today announced its advanced container security solution Cloud One – Container Security. Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimize application downtime across their Kubernetes environments, from a single tool.

This new service is an important addition to Trend Micro’s Cloud One services platform that was introduced last year. As IDC stated, “Trend Micro launched Cloud One, its integrated cloud security services (SaaS) platform that addresses customers’ security challenges around datacenter servers and virtual machines, IaaS workloads, containers and containers services, cloud security posture management, cloud file and object storage services, and serverless.” 

Global organizations are increasingly leveraging containers to accelerate cloud migration, rearchitect monolithic applications and build and integrate seamless cloud native applications. This can create security gaps that traditional network and endpoint tools are not capable of addressing.

Trend Micro Cloud One Container Security offers three main elements:

Container image scanning

This scans at build time for the earliest possible detection and lowest cost remediation. In addition, through partnership with Snyk there is a scan against the market leading open source vulnerability database. This provides early detection and mitigation of vulnerabilities in third-party code dependencies. Cloud One – Container Security will:

• Look for vulnerabilities in the packages included in the container
• Detect malware using signatures and advanced machine learning techniques
• Find embedded secrets such as passwords, API tokens, or license keys
• Sweep for IoCs using industry-standard Yara rules

Policy-based deployment control

Container security enables you to create policies that allow or block deployments based on set rules. Native integration with Kubernetes ensures that all deployments run in a production environment are safe.

Cloud-native runtime security

Once an image has been deemed safe and is deployed into production, Cloud One Container Security will protect the container in the runtime environment. This offers ongoing vulnerability detection for the containerized application and provides relevant feedback to security and DevOps teams in case further action is needed.

Trend Micro and Simon Fraser University have partnered to help train future cybersecurity professionals entering the workforce at a time in which specialized skills in cloud security is needed. This new partnership is another step Trend Micro is making this year to connect Canadian students with industry insights and networking opportunities while they are still in school.

Trend Micro is already providing course lectures, lab exercises and assessments in cloud security to the first cohort of SFU’s new Professional Master’s Program in Computer Science – Cybersecurity Concentration, which launched in September 2020. In the span of 16 to 20 months, the program educates students in a broad range of cybersecurity topics. Almost half of the curriculum consists of lab work providing students with hands-on experience necessary for a successful career path in the cybersecurity field. 

Students have the opportunity to explore cyber risks related to cloud infrastructure and cloud native applications. In addition, they are learning the necessary skills needed to secure these environments in an AWS lab environment using some of Trend Micro’s CloudOne solutions pertaining to cloud security posture management and runtime application self protection.

Trend Micro’s 2021 Predictions Report echoes this need for upskilling students and the current workforce. It also stresses the need for fostering user education and training while many employees continue to work from home and mix personal and professional information online.

The latest 2021 predictions report from Trend Micro found, a new wave of threats will emerge, and organizations will face new challenges brought on by shifts to both remote work and priorities of organizations and governments. The widespread reliance on the cloud to conduct business will also create new vectors for breaches and attacks by criminals, leaving security teams scrambling with decreased economic resources.

Some of the other predictions from Trend Micro include:

1. Threat actors will turn home offices into their new criminal hubs
2. The Covid-19 pandemic will upend cybersecurity priorities as it proves to be fertile ground for malicious campaigns
3. Teleworking setups will force organizations to confront hybrid environments and unsustainable security architectures
4. Governments will face a tug-of-war between upholding data privacy and ensuring public health
5. Attackers will quickly weaponize newly disclosed vulnerabilities, leaving users with a narrow window for patching
6. Exposed APIs will be the next favoured attack vector for enterprise breaches
7. Enterprise software and cloud applications used for remote work will be hounded with critical class bugs

All of that is going make 2021 a very “interesting” year for those in charge of defending companies against these sorts of things.

Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today released its annual mid-year roundup report, which reveals COVID-19 related threats as the single largest type of threat in the first half of the year. In just six months, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.

Cybercriminals shifted their focus from January through June to take advantage of global interest in the pandemic. The risk to businesses was compounded by security gaps created by a completely remote workforce.

In total, Trend Micro blocked 27.8 billion cyber threats in the first half of 2020, 93% of which were email-borne.

Business Email Compromise (BEC) detections increased by 19% from the second half of 2019, in part due to scammers trying to capitalize on home workers being more exposed to social engineering.

Among all the threats in the first half of the year, ransomware was a constant factor. Although the number of detected ransomware threats decreased, Trend Micro saw a 45% increase in new ransomware families compared to the same time last year. 

Global organizations have also been burdened by a significant spike in newly disclosed vulnerabilities. Trend Micro’s Zero Day Initiative (ZDI) published a total of 786 advisories, representing a 74% increase from the second half of 2019. Some of these came as part of Microsoft Patch Tuesday updates, which have fixed an average of 103 CVEs per month so far in 2020 — including the largest number of patches ever issued in a single month (129) in June.

Trend Micro also observed a 16% increase in vulnerabilities disclosed in industrial control systems (ICS), compared to the first half of 2019, which could create major challenges for smart factory owners and other organizations running IIoT environments.

To effectively protect dispersed corporate networks, Gartner recommends businesses “refine security monitoring capabilities to reflect an operating environment where network traffic patterns, data and system access vectors have changed due to increased remote and mobile operations.^[1]” Trend Micro XDR helps customers do exactly that by correlating security events across the entire IT environment, which is critical for holistic protection in the second half of 2020.

To learn more about the threat landscape in the first half of 2020 and how businesses can stay secure moving forward, read the full report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/securing-the-pandemic-disrupted-workplace-trend-micro-2020-midyear-cybersecurity-report.

Trend Micro today announced plans for a new, co-developed solution with Snyk, the leader in developer-first open source security. The joint solution will help security teams manage the risk of open source vulnerabilities from the moment open source code is introduced without interrupting the software delivery process. This marks the expansion of a strategic partnership that has already helped countless organizations enhance DevOps security without impacting product roadmaps.

The latest capabilities, delivered by combining the strengths of both companies, enables teams to find vulnerabilities in open source code automatically and immediately. It offers significant benefits for security and development teams, including helping to support compliance with ISO 27001, SOC 2 and other key frameworks and standards.

The joint solution will help create fundamental mind shifts in collaboration, driving closer alignment between security and developer teams. It will be available as part of the Trend Micro Cloud One platform, for additional details visit: www.trendmicro.com/cloudonehave. For an overview of the partnership visit: www.trendmicro.com/snyk.

Trend Micro Incorporated today announced new research highlighting design flaws in legacy languages and released new secure coding guidelines to help Industry 4.0 developers greatly reduce the software attack surface. And with this decrease business disruption in operational technology (OT) environments.

Conducted jointly with Politecnico di Milano, the research details how design flaws in legacy programming languages could lead to vulnerable automation programs. These insecurities could enable attackers to hijack industrial robots and automation machines to disrupt production lines or steal intellectual property. According to the research, the industrial automation world may be unprepared to detect and prevent the exploitation of the issues found. Therefore, it is imperative that the industry start embracing and establishing network-security best practices and secure-coding practices, which have been updated with industry leaders as a result of this research.

Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind. Developed decades ago, they are now essential to critical automation tasks on the factory floor, but can’t themselves be fixed easily.

Not only are vulnerabilities a concern in the automation programs written using these proprietary languages, but researchers demonstrate how a new kind of self-propagating malware could be created using one of the legacy programming languages as an example. 

Trend Micro Research has worked closely with The Robotic Operating System Industrial Consortium to establish recommendations to reduce the exploitability of the identified issues^[1].

As these new guidelines demonstrate, the task programs that rely on these languages and govern the automatic movements of industrial robots can be written in a more secure manner to mitigate Industry 4.0 risk. The essential checklist for writing secure task programs includes the following:

• Treat industrial machines as computers and task programs as powerful code
• Authenticate every communication
• Implement access control policies
• Always perform input validation
• Always perform output sanitization
• Implement proper error handling without exposing details
• Put proper configuration and deployment procedures in places

In addition, Trend Micro Research and Politecnico di Milano have also developed a patent-pending tool to detect vulnerable or malicious code in task programs, thus preventing damage at runtime.

As a result of this research, security-sensitive features were identified in the eight most popular industrial robotic programming platforms, and a total of 40 instances of vulnerable open source code have been found. One vendor has removed the automation program affected by a vulnerability from its application store for industrial software, and two more have been acknowledged by the maintainer, leading to fruitful discussion. Details of the vulnerability disclosures have also been shared by ICS-CERT in an alert to their community.

The results of this research will be presented at Black Hat USA on August 5, and at the ACM AsiaCCS conference in October in Taipei. 

To find out more, please find the complete research report here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming.

Trend Micro Incorporated today released survey results that show how remote workers address cybersecurity. Nearly three quarters (72%) of remote workers say they are more conscious of their organisation’s cybersecurity policies since lockdown began, but many are breaking the rules anyway due to limited understanding or resource constraints.

Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.

The results indicate a high level of security awareness, with 85% of respondents claiming they take instructions from their IT team seriously, and 81% agree that cybersecurity within their organisation is partly their responsibility. Additionally, 64% acknowledge that using non-work applications on a corporate device is a security risk.

However, just because most people understand the risks does not mean they stick to the rules.

For example:

• 56% of employees admit to using a non-work application on a corporate device, and 66% of them have actually uploaded corporate data to that application.
• 80% of respondents confess to using their work laptop for personal browsing, and only 36% of them fully restrict the sites they visit.
• 39% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
• 8% of respondents admit to watching / accessing porn on their work laptop, and 7% access the dark web.

Productivity still wins out over protection for many users. A third of respondents (34%) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 29% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’

The Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common information security “personas” with the aim of helping organizations tailor their cybersecurity strategy in the right way for the right employee.