The IT Nerd

Trend Micro Incorporated today announced a strategic partnership with Snyk, the leader in developer-first open source security. The partnership will focus on solving the unrelenting challenge that open source vulnerabilities create for developers, stemming from code-reuse, public repositories and open source.

Together, Trend Micro and Snyk will help businesses manage the risk of vulnerabilities without interrupting the software delivery process. The combination of open source vulnerability intelligence from Snyk and Trend Micro will result in the most comprehensive ability to detect vulnerabilities for teams operating in a DevOps environment. Once vulnerabilities in containers are identified, Trend Micro is the shield and Snyk is the fix that combine for streamlined remediation and risk mitigation.

One of the key challenges for enterprise customers today is the need for speed in developing applications. Speed and efficiency is gained by leveraging open source code. Gartner reports,¹ “Open-source software is used within mission-critical IT workloads by over 95% of the IT organizations worldwide, whether they are aware of it or not.” Research from Snyk also found that those vulnerabilities in open source libraries are growing rapidly, nearly doubling in two years.²

[1] Gartner, Inc.; What Innovation Leaders Must Know About Open-Source Software; 26 August 2019 | G00441577

[2] Snyk, Inc.; 2019 State of Open Source Security https://snyk.io/blog/88-increase-in-application-library-vulnerabilities-over-two-years/

Additional terms of the ongoing partnership and product integration will be announced in November, 2019. For more information on the current partnership, please visit: https://www.trendmicro.com/snyk.

Trend Micro Incorporated today released research demonstrating that major new European banking rules could greatly increase the cyberattack surface for financial services firms and their customers.

The new research details the impact of the EU’s Revised Payment Services Directive (PSD2), which is designed to give users greater control over their financial data and the option of sharing it with a new breed of innovative Financial Technology (FinTech) firms. The same ideas are spreading globally under the term “Open Banking.”

The report highlights several possible attack scenarios under the new regulatory regime:

• Attacks on APIs: Public APIs are at the heart of Open Banking, allowing approved third parties to access users’ banking data to provide innovative new financial services. Implementation flaws in these APIs will allow attackers to exploit back-end servers to steal data.
• Attacks on FinTech companies: Users will be forced into a new trust relationship with providers that may have fewer resources than their banks and no track record on data protection. In a quick survey of Open Banking FinTechs, Trend Micro found them to have an average of 20 employees and no dedicated security professional. This makes them ideal targets for attackers and raises concerns over security gaps in their mobile apps, APIs, data sharing techniques and security modules that could be incorrectly implemented.
• Attacks on the apps or mobile platforms: Most Open Banking services will be deployed as mobile apps, making these a prime target for attackers. Finding the username, password, or encryption keys within the app would allow a criminal to retrieve banking data and pose as the user. Even if the apps don’t have permission to make payments, they could contain transaction data, allowing an attacker to build a highly accurate profile of their victims.
• Attacks against the user: Because new Open Banking apps will become the primary means for users to access financial data and services, phishing attacks could reap major rewards for attackers.

To prepare for the changing landscape, Trend Micro details how financial institutions can improve their cyber resilience. These include ensuring sensitive information is never contained in URL paths, prioritizing secure protocols, and eliminating risky practices.

Meanwhile, Open Banking app developers and owners must adopt a secure-by-design approach, including regular software audits.

To find out more about the cyberrisks associated with new Open Banking rules, read our report,Ready or Not for PSD2: The Risks of Open Banking, here: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-risks-of-open-banking-are-banks-and-their-customers-ready-for-psd2.

Trend Micro Incorporated today released new research detailing a fast-growing market for IoT attacks. Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes.

Trend Micro Research analyzed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetizing connected devices. The results reveal that the most advanced criminal markets are Russian- and Portuguese-speaking forums, in which financially driven attacks are most prominent. In these forums, cybercriminal activity is focused on selling access to compromised devices – mainly routers, webcams and printers – so they can be leveraged for attacks.

According to Trend Micro’s findings, most conversations and active monetization schemes are focused on consumer devices. However, discussions on how to discover and compromise connected industrial machinery are also occurring, especially the vital programmable logic controllers (PLCs) used to control large-scale manufacturing equipment. The most likely business plan to monetize attacks against these industrial devices involves digital extortion attacks that threaten production downtime.

Additionally, the report predicts an increase in IoT attack toolkits targeting a broader range of consumer devices, such as virtual reality devices. The opportunities for attackers will also multiply as more devices are connected to the internet, driven by 5G implementations.

Trend Micro urges manufacturers to partner with IoT security experts to mitigate cyber-related risks from the design phase. End users and integrators should also gain visibility and control over connected devices to be aware of and curb their cyber risk.

The full report, The Internet of Things in the Criminal Underground, can be found here:https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-internet-of-things-in-the-cybercrime-underground.

Trend Micro Incorporated today published its roundup report for the first half of 2019, revealing a surge in fileless attacks designed to disguise malicious activity. Detections of this threat alone were up 265% compared to the first half of 2018.

The findings in 2019 so far confirm many of the predictions Trend Micro made last year. Namely, attackers are working smarter to target businesses and environments that will produce the greatest return on investment.

Along with the growth in fileless threats in the first half of the year, attackers are increasingly deploying threats that aren’t visible to traditional security filters, as they can be executed in a system’s memory, reside in the registry, or abuse legitimate tools. Exploit kits have also made a comeback, with a 136% increase compared to the same time in 2018.

Cryptomining malware remained the most detected threat in the first half of 2019, with attackers increasingly deploying these threats on servers and in cloud environments. Substantiating another prediction, the number of routers involved in possible inbound attacks jumped 64% compared to the first half of 2018, with more Mirai variants searching for exposed devices.

Additionally, digital extortion schemes soared by 319% from the second half of 2018, which aligns with previous projections. Business email compromise (BEC) remains a major threat, with detections jumping 52% compared to the past six months. Ransomware-related files, emails and URLs also grew 77% over the same period.

In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, over 6 billion more than the same period last year. Of note, 91% of these threats entered the corporate network via email. Mitigating these advanced threats requires smart defense-in-depth that can correlate data from across gateways, networks, servers and endpoints to best identify and stop attacks.

To read the complete report, Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/evasive-threats-pervasive-effects.

By: Myla Pilao, Director for Technology Marketing, Trend Micro

In today’s ever-connected world, data breaches and cyberattacks have become increasingly common.  While ransomware attacks, specifically, may not be making headlines as often they should be, these attacks continue to be a persistent threat in the global cyber landscape indicating evolving approaches and brewing underground activity– known the silent evolution.

Dating back to 2007, when ransomware was just introduced, cybercriminals began with targeting end users. Over the years, however, as their techniques have become more sophisticated, there has been a transition towards highly targeted attacks with the most significantly impacted victims being enterprise and critical infrastructure industries. These include transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.

Beyond leveraging more sophisticated techniques, cybercriminals have developed the confidence to execute deep-surface campaigns. Instead of individual targets, attackers are now aiming at the main controller of network systems, including access to servers, exchange, active directory and so on, to create a bigger and deeper impact. This results in access to commands across the network. Recent examples such as LockerGoga, Ryuk, MegaCortex and Clop, show that as opposed to targeting one or two key areas, cybercriminals are now targeting the entire system. Recent examples have also significantly affected local governments in the United States, highlighting the impact of ransomware on smaller organizations that may lack the resources for proper IT hygiene practices.

As Canada continues to improve its systems and IT hygiene, it is creating a more equipped nation to tackle cyber crime. Although Canada stacks up well compared to other countries globally and is seeing a trend of decreasing ransomware infections, it has a large presence of critical infrastructure and therefore remains susceptible to threats.

In order for businesses to combat the silent evolution of ransomware, below are five best practices:

• Back up business data and company files regularly.To ensure the most efficient protection, back up files and data following the 3-2-1 rule, that is 3 different copies stored in 3 different places, in 2 different formats, with at least 1 copy stored offsite. In addition, businesses must test and verify these backups to ensure that they are intact and can be restored from in a reasonable amount of time, should they be needed.
• Update software and operating systems.Operating the latest versions can help prevent cybercriminals from abusing vulnerabilities in older software to spread ransomware.
  • The most noteworthy example is WannaCry, which made headlines in May 2017 after impacting a number of companies across the globe. Although the actual exploits that WannaCry abused were patched in March 2017, its widespread impact showed that many businesses were either unable to apply the patch on time or were using unsupported operating systems (which MS later patched).
• Implement network segmentation. Protecting the network against ransomware is very important, since infected networks are used to communicate with the cybercriminal’s servers and also used to spread ransomware within the network itself. Network segmentation can improve security by allocating user-specific resources which minimizes the ways that attackers can move within the network.
• Use multilayered security. Businesses now have workloads that spread across multiple environments ranging from physical servers to hybrid cloud and beyond), so using multilayered security should be a priority for companies that want to “cover all the bases.”
• Build a culture of security within the workplace. Organizations need to foster security awareness within their workforce. This goes beyond just regulatory compliance and should extend to employee education and remediation strategies.
  • For example, spam and phishing are two of the most common methods used to spread ransomware, making it important for businesses to teach their employees how to spot social engineering techniques.

Trend Micro Incorporated today announced the availability of its leading cloud solution, Deep Security as a Service, on the Microsoft Azure Marketplace. Launching at Microsoft’s Inspire 2019 event, this Trend Micro offering enables organizations to combine the benefits of security software-as-a-service (SaaS) with the convenience of consolidated cloud billing and usage-based, metered pricing.

Trend Micro’s Deep Security as a Service will provide Microsoft Azure customers a fully hosted security management experience with rapid delivery of innovations.

Trend Micro Deep Security delivers a multi-layered automated approach to protect hybrid cloud workloads and container environments against known and unknown threats including malware and vulnerabilities, helping to secure business data and applications all from within one solution. Deep Security consolidates security tools to help lower costs, decrease complexity, and simplify security and compliance.

To learn more about Trend Micro Deep Security as a Service, please visit:https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html.

Trend Micro Incorporated today announced results from a recent survey that shows despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must improve greatly to achieve success.

Led by independent research specialist Vanson Bourne, the company surveyed the attitudes toward DevOps held by 1,310 IT decision makers from within both enterprise and SMB organizations across the globe. Those surveyed are at various stages of the DevOps implementation as they integrate their teams, application development, information technology operations and security, to shorten and secure the development lifecycle.

While three-quarters (74%) claimed such initiatives had become more important over the past year, an even higher percentage argued that communication within the IT department needed to improve.

Some 89% said software development and IT security teams needed to be in closer contact, while 77% said the same for developers, security and operations. A third (34%) claimed that these siloes are making it harder to create a DevOps culture in the organisation.

Respondents indicated the best ways to drive this cultural change include: fostering greater integration between teams (61%); setting common goals (58%); and sharing learning experiences across teams (50%). Yet over 78% of IT decision makers said improvement is needed in these areas.

Only a third (33%) of respondents said DevOps is a shared responsibility between software development and IT operations, which is another indication of the current communication breakdown between teams. It appears that each department feels responsibility or ownership to lead these projects.

Part of the challenge is believed to be — despite enthusiasm for DevOps, which has seen 81% of organisations already implement or currently work on projects — nearly half of respondents (46%) have only partially developed their DevOps strategy. IT leaders polled confirmed that enhancing IT security is more of a priority (46%) in DevOps than any other factor.

To learn more about Trend Micro’s approach and solutions for securing DevOps, please click here.