The IT Nerd

Trend Micro Incorporated today announced new research highlighting design flaws in legacy languages and released new secure coding guidelines to help Industry 4.0 developers greatly reduce the software attack surface. And with this decrease business disruption in operational technology (OT) environments.

Conducted jointly with Politecnico di Milano, the research details how design flaws in legacy programming languages could lead to vulnerable automation programs. These insecurities could enable attackers to hijack industrial robots and automation machines to disrupt production lines or steal intellectual property. According to the research, the industrial automation world may be unprepared to detect and prevent the exploitation of the issues found. Therefore, it is imperative that the industry start embracing and establishing network-security best practices and secure-coding practices, which have been updated with industry leaders as a result of this research.

Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind. Developed decades ago, they are now essential to critical automation tasks on the factory floor, but can’t themselves be fixed easily.

Not only are vulnerabilities a concern in the automation programs written using these proprietary languages, but researchers demonstrate how a new kind of self-propagating malware could be created using one of the legacy programming languages as an example. 

Trend Micro Research has worked closely with The Robotic Operating System Industrial Consortium to establish recommendations to reduce the exploitability of the identified issues^[1].

As these new guidelines demonstrate, the task programs that rely on these languages and govern the automatic movements of industrial robots can be written in a more secure manner to mitigate Industry 4.0 risk. The essential checklist for writing secure task programs includes the following:

• Treat industrial machines as computers and task programs as powerful code
• Authenticate every communication
• Implement access control policies
• Always perform input validation
• Always perform output sanitization
• Implement proper error handling without exposing details
• Put proper configuration and deployment procedures in places

In addition, Trend Micro Research and Politecnico di Milano have also developed a patent-pending tool to detect vulnerable or malicious code in task programs, thus preventing damage at runtime.

As a result of this research, security-sensitive features were identified in the eight most popular industrial robotic programming platforms, and a total of 40 instances of vulnerable open source code have been found. One vendor has removed the automation program affected by a vulnerability from its application store for industrial software, and two more have been acknowledged by the maintainer, leading to fruitful discussion. Details of the vulnerability disclosures have also been shared by ICS-CERT in an alert to their community.

The results of this research will be presented at Black Hat USA on August 5, and at the ACM AsiaCCS conference in October in Taipei. 

To find out more, please find the complete research report here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming.

Trend Micro Incorporated today released survey results that show how remote workers address cybersecurity. Nearly three quarters (72%) of remote workers say they are more conscious of their organisation’s cybersecurity policies since lockdown began, but many are breaking the rules anyway due to limited understanding or resource constraints.

Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.

The results indicate a high level of security awareness, with 85% of respondents claiming they take instructions from their IT team seriously, and 81% agree that cybersecurity within their organisation is partly their responsibility. Additionally, 64% acknowledge that using non-work applications on a corporate device is a security risk.

However, just because most people understand the risks does not mean they stick to the rules.

For example:

• 56% of employees admit to using a non-work application on a corporate device, and 66% of them have actually uploaded corporate data to that application.
• 80% of respondents confess to using their work laptop for personal browsing, and only 36% of them fully restrict the sites they visit.
• 39% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
• 8% of respondents admit to watching / accessing porn on their work laptop, and 7% access the dark web.

Productivity still wins out over protection for many users. A third of respondents (34%) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 29% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’

The Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common information security “personas” with the aim of helping organizations tailor their cybersecurity strategy in the right way for the right employee.

Trend Micro today released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments. 

For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.

Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.

Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.

The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.

The report offers a detailed set of defense and mitigation measures, including:

• Deep packet inspection that supports OT protocols to identify anomalous payloads at the network level
• Integrity checks run regularly on endpoints to identify any altered software components
• Code-signing on IIoT devices to include dependencies such as third-party libraries
• Risk analysis to extend beyond physical safety to automation software
• Full chain of trust for data and software in smart manufacturing environments
• Detection tools to recognize vulnerable/malicious logic for complex manufacturing machines
• Sandboxing and privilege separation for software on industrial machines

To find out more and read the full report, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems

Across industries and geographies, companies are implementing work from home policies to prevent the spread of COVID-19, resulting in a spike in the number of teleworkers. At such times, it’s imperative for devices to be secure.

Below are best practices from Trend Micro that organizations can undertake, in order to mitigate potential risks of a cyberbreach:

• Enable the firewall for added security in devices, or use a virtual network especially when remotely accessing assets.
• Update the firmware of wi-fi enabled devices, routers, and other hardware as soon as updates are available.
• Change default wi-fi network names and passwords to complex credentials to deter unauthorized access.

Also, in an effort to help reduce the security risks of computers connecting to corporate networks, Trend Micro is also offering businesses a 6-month free trial of their Maximum Security product to be installed on home computers so employees can work securely during this unfortunate crisis.

Trend Micro Incorporated has released its 2019 Cloud App Security Roundup report. The report highlights changes in messaging-specific threats detected last year, the use of more sophisticated malware, and the potential abuse of emerging technologies in artificial intelligence to inform future business protection strategies.

In 2019, Trend Micro blocked 12.7 million high-risk email threats for customers leveraging cloud-based email services from Microsoft and Google. This second layer of defense caught threats beyond those detected by the cloud email services’ built-in security.

More than 11 million of the high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails. Of these, Trend Micro detected 35% more credential phishing attempts than in 2018. Additionally, the number of unknown phishing links in such attacks jumped from just 9% of the total to more than 44% in 2019. This may demonstrate that scammers are registering new sites to avoid detection.

The report also shows that criminals are getting better at tricking the first layer of defense against Business Email Compromise (BEC) attacks, which typically look at attacker behaviors and intention analysis of the email content. The percentage of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019.

Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts. This enables malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware, launch convincing BEC attacks and more. To this end, Trend Micro blocked nearly 400,000 attempted BEC attacks, which is 271% more than in 2018.

In the face of such threats, Trend Micro recommends the organizations take the following mitigation steps:

• Move away from a single gateway to a multi-layered cloud app security solution
• Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents
• Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps
• Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions
• Develop comprehensive end user awareness and training programs

The report’s findings were based on data generated by Trend Micro Cloud App Security™, an API-based solution that protects a range of cloud-based applications and services, including Microsoft® Office 365™ Exchange™ Online, OneDrive® for Business, SharePoint® Online, Gmail, and Google Drive.

To find out more, please read the complete report here:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-report-2019

Trend Micro today announced the results of a six-month honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits.

The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

To better understand the attacks targeting ICS environments, Trend Micro Research created a highly realistic, industrial prototyping company. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.

Trend Micro urges smart factory owners to minimize the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices. In addition, implementing cybersecurity solutions designed for factories, like those offered by Trend Micro, can help further mitigate the risk of attack.

To read more about the research, including the design and deployment of the honeypot itself, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot.

Recently I had the chance to tour Trend Micro’s Threat Research Centre in Toronto which  has been around for about a year in the Liberty Village district in Toronto.

Fun fact: The location that Trend Micro occupies used to be a pool hall where I used to spend a lot time in when I turned 19 back when dinosaurs roamed the earth.

Trend Micro has occupied this 22,000 square-foot space for one purpose: To get ahead of the next wave of cyber threats and to work with others to protect everyone from what’s out there today. The latter is important because Trend Micro is willing to work with governments, law enforcement, and others to keep you safe.

This slideshow requires JavaScript.

In addition to research, this facility serves as a centralized space for the company’s partners and customers. It is a nice open space that allows people to work with each other with ease. And if you look at the pictures above, you’ll note that there a couple of pinball machines. This is in memory of Trend Micro’s chief technology officer and pinball fan Raimund Genes who suddenly passed away last year.

They day that I was there, I got the opportunity to meet Myla Pilao, Director and Research Centre Lead who talked about the threat landscape and toured me through the facility. We talked about a number of things, but the main thing that I walked away from was this:

Assume that the bad guys are in.

If you assume that, you can build your defenses around that.

As for the discussion with Ms. Pilao, she notes that ransomware continues to be a popular avenue for attackers to earn money, but cryptojacking is rapidly rising in popularity. That’s got to make your blood run cold. IoT is also a very popular attack vector which is a big deal seeing that IoT is growing thing in businesses and homes. But not only is Trend Micro working to stop those threats. Via this research center they are looking at other ways to protect you from threats. For example I spent 15 minutes with a threat researcher who was looking into recent Windows “Patch Tuesday” updates and what they fixed. That way they can reverse engineer what the vulnerabilities were and provide countermeasures for those who have not yet installed those updates. That’s forward thinking.

Trend Micro is serious about protecting their users from emerging threats and this research centre is proof of that. You can expect good things to come out of this place that will benefit computer users everywhere. Thanks very much to Trend Micro for having the opportunity to tour this place and see the good work that is being done here.

Trend Micro Incorporated today announced that it received the highest score in the current offering and strategy categories, and among the second highest scores in the market presence category, in The Forrester Wave™: Cloud Workload Security, Q4 2019. Trend Micro believes that this recognition underscores the leadership of its cloud offerings and strategy as the peak of the cloud security market.

Forrester rigorously evaluated 13 competitive security vendors across 30 criterion and in three distinct areas: current offering, strategy and market presence.

In addition to its comprehensiveness, Forrester recognized Trend Micro’s cloud security offering in multiple areas including:

• “The solution is ideal for large firms with broad Cloud Workload Security (CWS) needs across workloads, hypervisors and containers.”
• “The OS level, agent-based protections are very strong and include malware and memory protection, file integrity monitoring, host-based firewall, intrusion detection/intrusion prevention, log inspection and application binary control,” the report noted.
• “Role-based access control (RBAC) is very flexible for administrators. Container runtime and pre-runtime checks are comprehensive, and the solution exposes a broad API for Deep Security policy control.”

Trend Micro provides optimized protection for workloads running on Amazon Web Services, Microsoft Azure, Google Cloud, VMware and Docker, allowing customers to automate deployment for streamlined compliance and seamlessly secure DevOps.

To download a complimentary copy of the full report, click here.

Trend Micro believes that this report complements another recently published recognition by another top analyst firm. The company was named the #1 vendor in Software-Defined Compute (SDC) workload protection by IDC in their new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 (DOC #US45638919, NOVEMBER 2019). This report revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.

Trend Micro Incorporated has announced its 2020 predictions report, which states that organizations will face a growing risk from their cloud and the supply chain. The growing popularity of cloud and DevOps environments will continue to drive business agility while exposing organizations, from enterprises to manufacturers, to third-party risk.

Attackers will increasingly go after corporate data stored in the cloud via code injection attacks such as deserialization bugs, cross-site scripting and SQL injection. They will either target cloud providers directly or compromise third-party libraries to do this.

In fact, the increasing use of third-party code by organizations employing a DevOps culture will increase business risk in 2020 and beyond. Compromised container components and libraries used in serverless and microservices architectures will further broaden the enterprise attack surface, as traditional security practices struggle to keep up.

Managed service providers (MSPs) will be targeted in 2020 as an avenue for compromising multiple organizations via a single target. They will not only be looking to steal valuable corporate and customer data, but also install malware to sabotage smart factories and extort money via ransomware.

The new year will also see a relatively new kind of supply chain risk, as remote workers introduce threats to the corporate network via weak Wi-Fi security. Additionally, vulnerabilities in connected home devices can serve as a point of entry into the corporate network.

Amidst this ever-volatile threat landscape, Trend Micro recommends organizations:

• Improve due diligence of cloud providers and MSPs
• Conduct regular vulnerability and risk assessments on third parties
• Invest in security tools to scan for vulnerabilities and malware in third-party components
• Consider Cloud Security Posture Management (CSPM) tools to help minimize the risk of misconfigurations
• Revisit security policies regarding home and remote workers

To read the full report, The New Norm: Trend Micro Security Predictions for 2020, please visit:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020.

Today, more than ever before, organizations are keen on taking advantage of the speed, automation, and global reach of 5G technology. The challenge is that the majority have little to no direct experience in telecommunication technology.

Trend Micro has released a report, Securing 5G Through Cyber-Telecom Identity Federation highlighting the major gaps in handling identities in IT and Telecommunications along with solutions to better equip businesses as they transition to using new technology to carry out various functions.

The report forces businesses to reconsider their approach to cybersecurity by listing out the security strategies, technical skills, and additional technologies needed to successfully adopt 5G and fully reap its benefits.