The IT Nerd

By: Myla Pilao, Director for Technology Marketing, Trend Micro

In today’s ever-connected world, data breaches and cyberattacks have become increasingly common.  While ransomware attacks, specifically, may not be making headlines as often they should be, these attacks continue to be a persistent threat in the global cyber landscape indicating evolving approaches and brewing underground activity– known the silent evolution.

Dating back to 2007, when ransomware was just introduced, cybercriminals began with targeting end users. Over the years, however, as their techniques have become more sophisticated, there has been a transition towards highly targeted attacks with the most significantly impacted victims being enterprise and critical infrastructure industries. These include transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.

Beyond leveraging more sophisticated techniques, cybercriminals have developed the confidence to execute deep-surface campaigns. Instead of individual targets, attackers are now aiming at the main controller of network systems, including access to servers, exchange, active directory and so on, to create a bigger and deeper impact. This results in access to commands across the network. Recent examples such as LockerGoga, Ryuk, MegaCortex and Clop, show that as opposed to targeting one or two key areas, cybercriminals are now targeting the entire system. Recent examples have also significantly affected local governments in the United States, highlighting the impact of ransomware on smaller organizations that may lack the resources for proper IT hygiene practices.

As Canada continues to improve its systems and IT hygiene, it is creating a more equipped nation to tackle cyber crime. Although Canada stacks up well compared to other countries globally and is seeing a trend of decreasing ransomware infections, it has a large presence of critical infrastructure and therefore remains susceptible to threats.

In order for businesses to combat the silent evolution of ransomware, below are five best practices:

• Back up business data and company files regularly.To ensure the most efficient protection, back up files and data following the 3-2-1 rule, that is 3 different copies stored in 3 different places, in 2 different formats, with at least 1 copy stored offsite. In addition, businesses must test and verify these backups to ensure that they are intact and can be restored from in a reasonable amount of time, should they be needed.
• Update software and operating systems.Operating the latest versions can help prevent cybercriminals from abusing vulnerabilities in older software to spread ransomware.
  • The most noteworthy example is WannaCry, which made headlines in May 2017 after impacting a number of companies across the globe. Although the actual exploits that WannaCry abused were patched in March 2017, its widespread impact showed that many businesses were either unable to apply the patch on time or were using unsupported operating systems (which MS later patched).
• Implement network segmentation. Protecting the network against ransomware is very important, since infected networks are used to communicate with the cybercriminal’s servers and also used to spread ransomware within the network itself. Network segmentation can improve security by allocating user-specific resources which minimizes the ways that attackers can move within the network.
• Use multilayered security. Businesses now have workloads that spread across multiple environments ranging from physical servers to hybrid cloud and beyond), so using multilayered security should be a priority for companies that want to “cover all the bases.”
• Build a culture of security within the workplace. Organizations need to foster security awareness within their workforce. This goes beyond just regulatory compliance and should extend to employee education and remediation strategies.
  • For example, spam and phishing are two of the most common methods used to spread ransomware, making it important for businesses to teach their employees how to spot social engineering techniques.

Trend Micro Incorporated today announced the availability of its leading cloud solution, Deep Security as a Service, on the Microsoft Azure Marketplace. Launching at Microsoft’s Inspire 2019 event, this Trend Micro offering enables organizations to combine the benefits of security software-as-a-service (SaaS) with the convenience of consolidated cloud billing and usage-based, metered pricing.

Trend Micro’s Deep Security as a Service will provide Microsoft Azure customers a fully hosted security management experience with rapid delivery of innovations.

Trend Micro Deep Security delivers a multi-layered automated approach to protect hybrid cloud workloads and container environments against known and unknown threats including malware and vulnerabilities, helping to secure business data and applications all from within one solution. Deep Security consolidates security tools to help lower costs, decrease complexity, and simplify security and compliance.

To learn more about Trend Micro Deep Security as a Service, please visit:https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html.

Trend Micro Incorporated today announced results from a recent survey that shows despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must improve greatly to achieve success.

Led by independent research specialist Vanson Bourne, the company surveyed the attitudes toward DevOps held by 1,310 IT decision makers from within both enterprise and SMB organizations across the globe. Those surveyed are at various stages of the DevOps implementation as they integrate their teams, application development, information technology operations and security, to shorten and secure the development lifecycle.

While three-quarters (74%) claimed such initiatives had become more important over the past year, an even higher percentage argued that communication within the IT department needed to improve.

Some 89% said software development and IT security teams needed to be in closer contact, while 77% said the same for developers, security and operations. A third (34%) claimed that these siloes are making it harder to create a DevOps culture in the organisation.

Respondents indicated the best ways to drive this cultural change include: fostering greater integration between teams (61%); setting common goals (58%); and sharing learning experiences across teams (50%). Yet over 78% of IT decision makers said improvement is needed in these areas.

Only a third (33%) of respondents said DevOps is a shared responsibility between software development and IT operations, which is another indication of the current communication breakdown between teams. It appears that each department feels responsibility or ownership to lead these projects.

Part of the challenge is believed to be — despite enthusiasm for DevOps, which has seen 81% of organisations already implement or currently work on projects — nearly half of respondents (46%) have only partially developed their DevOps strategy. IT leaders polled confirmed that enhancing IT security is more of a priority (46%) in DevOps than any other factor.

To learn more about Trend Micro’s approach and solutions for securing DevOps, please click here.

Trend Micro announced that they uncovered a cyberespionage campaign targeting Middle Eastern countries. Now referred to as “Bouncing Golf” based on the malware’s code in the package named “golf”, the malware involved is notable for its wide range of cyberespionage capabilities.

Monitoring the command and control (C&C) servers used by Bouncing Golf, Trend Micro has so far observed more than 660 Android devices infected with GolfSpy. Much of the information being stolen appear to be military related.

What started out as a threat to Middle Eastern countries is likely to increase and diversify. To deep dive into what this means for the mobile threat landscape worldwide, learn best practices to protect users and understand how organizations should ensure that they balance mobility and security, please read the full report here.

Trend Micro Incorporated today announced the availability of the industry’s most complete security from a single solution protecting across cloud and container workloads. This leadership has been achieved through newly launched container security capabilities added to Trend Micro Deep Security to elevate protection across the entire DevOps lifecycle and runtime stack.

From virtual servers and data centers to public and private cloud workloads, containers are increasingly used and demand protection. Leading enterprises are bringing together their application development teams, IT operations and their security team to help the business deliver automated, secured applications to market quicker. Trend Micro connects teams with technology tools that bake security into the process while meeting compliance needs and reducing risk.

The new features available now in Trend Micro’s container security solution include:

Securing across the complete DevOps lifecycle 

 Within the software build-pipeline, Trend Micro has extended its container image scanning to include pre-registry scanning, providing earlier detection of vulnerabilities and malware over and above scanning the trusted registry for any future threats. Deep Security will now also scan for embedded secrets such as passwords and private keys and provide compliance and configuration validation checks, along with image assertion for digitally signed images.

Securing across the entire stack

At runtime of the container, Trend Micro has boosted container platform protection across Docker and Kubernetes. Deep Security has long ensured protection for the host and containers at runtime. This includes intrusion prevention system (IPS) rules, integrity monitoring to detect compromised instances of the platform, as well as log inspection.

To ensure complete protection, Trend Micro inspects all lateral and horizontal traffic movement (east, west, north, south) between containers and platform layers like Kubernetes and Docker.

Securing while granting full control

To increase automation and decrease manual tasks, security and operations teams using Trend Micro can now use any command shell to execute the application program interfaces (APIs). This additional option ensures full control of deploying policies, automation of monitoring, reporting and more. This completely new set of representational state transfer APIs have been written to automate security for application development and operations teams across the container orchestration tools and runtime environments.

To learn more on the Trend Micro container security solution, visit https://www.trendmicro.com/containers.

Trend Micro Incorporated has announced enhancements to its Deep Security and Cloud App Security products designed to extend protection to virtual machines on the Google Cloud Platform, Kubernetes platform protection, container image scanning integration with the  Google Kubernetes Engine (GKE) and Gmail on the G Suite.

To address this need, Trend Micro has created a Google Cloud Platform (GCP) Connector that enables automated discovery, visibility and protection of GCP virtual machine instances. This eases the management by giving an instant view of all GCP workloads while also showing any virtual machines that might have been deployed outside of security purview or under shadow IT projects. This feature of Trend Micro Deep Security has the ability to automatically deploy policy via automated workflows, combat advanced malware, enhance network and system security and capture workload telemetry for threat investigations.

Container users can benefit from Kubernetes platform protection at runtime with Deep Security intrusion prevention systems (IPS) rules, integrity monitoring and log inspection. Our IPS approach allows you to inspect both east-west and north-south traffic between containers and platform layers like Kubernetes. Additionally, Trend Micro’s Deep Security provides container image scanning in the build pipeline for vulnerabilities, malware, embedded secrets / keys and compliance checks. Deployed as a Kubernetes Helm Chart, this container image scanning simplifies security deployment on popular services like Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS) and Amazon Elastic Container Service for Kubernetes (Amazon EKS).

Research continues to show that email remains one of the most popular threat vectors which drove Trend Micro to expand its popular Cloud App Security platform to support Gmail users within G Suite. Organizations are increasingly looking to cloud email services to boost productivity and agility. Trend Micro has the most comprehensive email security coverage, with both Office 365 and now Gmail, to ensure malicious threats have no place to hide.

Collectively these innovations demonstrate Trend Micro’s commitment to the Google community. The company will be previewing these innovations in booth #1615 at this week’s Google Cloud Next in San Francisco, California.

In order to provide adequate food for the ever-increasing population without laying pressure on farmable land, high-tech tools and systems are being used by food production industries. Food production involves a gamut of functions – production of food items, storage, processing, waste management, and other tasks. IoT is used in most of these activities through connected devices for activities such as managing large tracts of land, track and feed large herds of animals, maintain specific storage environments, etc.

As we all know, new technology brings with itself new challenges and risks. Cybersecurity is one of the biggest threats of this decade and while IoT in food production is beneficial, there are critical security concerns. IoT is fairly new to the industry, so many are not prepared for or even aware of the industry-specific risks.

To help combat this threat and offer unique insights and solutions, Trend Micro has issued a study identifying the cybersecurity threats among the food production industry.Major threats discovered include:

• Exposed internet-connected systems
• Exposed records for food safety compliance
• Unsecured RTK base stations
• Online farm management platforms
• Other exposed supply chain operations

The study can be found here and is very much worth reading as security in general and specifically related to IoT should be top of mind