The IT Nerd

Trend Micro Incorporated a global leader in cybersecurity solutions, today released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. The report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights the growing threats faced by consumers and organizations that are exacerbated by the increasingly connected world.

The role of social engineering in successful attacks against businesses and individuals will continue to increase throughout the year. Since 2015, the number of phishing URLs blocked by Trend Micro has increased by nearly 3,800 percent. This offsets the lessening reliance on exploit kits, which has decreased by 98 percent in the same time. Additionally, attackers will continue to rely on known vulnerabilities that remain unpatched in corporate networks for 99.99 percent of exploits, as this remains a successful tactic.

Trend Micro also predicts attackers will leverage these proven methods against growing cloud adoption. More vulnerabilities will be found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining. This will lead to more damaging breaches due to misconfigured systems.

Attackers will also implement emerging technologies like AI to better anticipate the movements of executives. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.

SIM swapping and SIM-jacking will be a growing threat to take advantage of remote employees and everyday users. This attack method allows criminals to hijack a cell phone without the user’s knowledge, making it difficult for consumers to regain control of their devices. Additionally, the smart home will be an increasingly attractive target for attacks that leverage home routers and connected devices.

To find out more on these and many more 2019 predictions, read the full reporthere.

Trend Micro Incorporated has revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC). Despite a high incidence of these types of attacks, 50 percent of management teams still don’t know what these attacks are or how their business would be impacted if they were victimized.

In a BPC attack, criminals look for loopholes in business processes, vulnerable systems and susceptible practices. Once a weakness has been identified, a part of the process is altered to benefit the attacker, without the enterprise or its client detecting the change. If victimized by this type of attack, 85 percent of businesses would be limited from offering at least one of their business lines.

Global security teams are not ignoring this risk, with 72 percent of respondents stating that BPC is a priority when developing and implementing their organization’s cybersecurity strategy. However, the lack of management awareness around this problem creates a cybersecurity knowledge gap that could leave organizations vulnerable to attack as businesses strive to transform and automate core processes to increase efficiency and competitivenessⁱ.

The most common way for cybercriminals to infiltrate corporate networks is through a Business Email Compromise (BEC). This is a type of scam that targets email accounts of high-level employees related to finance or involved with wire transfer payments, either spoofing or compromising them through keyloggers or phishing attacks.

In Trend Micro’s survey, 61 percent of organizations said they could not afford to lose money from a BEC attack. However, according to the FBI, global losses due to BEC attacks continue to rise, reaching $12 billion earlier this year.

For more information on BPC and BEC attacks, read this Trend Micro Research report.

It’s no surprise that Canadians are preparing for the biggest holiday shopping event of the year. With Black Friday and Cyber Monday quickly approaching and online shopping at an all time high, it also means that cybercriminals are expected to be out in full force.

Canadians are no strangers to a great online deal, and so Trend Micro is shedding light on what online shoppers can do to protect their personal information. Below are the top 7 tips for avoiding cyber threats this shopping season.

Tips for Safe Online Shopping:

1. Check any email coming from banks that request verification.
2. Enable multi-factor authentication (2FA) for your online accounts and enable your credit card’s one-time password (OTP) feature.
3. Keep your e-receipts and compare them with your credit card statements.
4. Avoid connecting mobile devices to unsecure public networks.
5. Choose retailer sites with buyer protection.
6. When using voice-enabled assistants, monitor your publicly posted Personally identifiable Information (PII), these can be used as credentials to access IoT devices.
7. Look for the verifier symbols of brands and shops, especially when visiting “so-called” business pages on social media, before interacting, shopping, or providing information.

There is also a blog post available called When Cybercriminals Hitch On Your Holiday Spending: Online Shopping Trends and Threats that you should have a look at.

Well, Trend Micro has finally decided to respond to the firestorm that erupted on Sunday when it was discovered that some of their macOS apps were stealing the browser histories of users. And then the apps in question were promptly banned by Apple. Via a blog post, Trend Micro denied this…. Sort of:

Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false.

Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation (see, for example, the Dr Cleaner data collection disclosure here:  https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119854.aspx). The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

Well, that’s a crappy response which I am sure didn’t exactly win hearts and minds. Because sometime later they updated the blog post with this:

We apologize to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised.

We have taken action and have 3 updates to share with all of you.

First, we have completed the removal of browser collection features across our consumer products in question. Second, we have permanently dumped all legacy logs, which were stored on US-based AWS servers. This includes the one-time 24 hour log of browser history held for 3 months and permitted by users upon install. Third, we believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.

So I guess that the accusations weren’t completely false if Trend Micro backpedaled like this. I guess the optics just didn’t look too good. But they didn’t really answer the questions that need answering. Such as how pervasive was this practise? Were they doing this on their corporate line of products? How can we trust Trend Micro given all that is gone on? If Trend Micro really wants to address this, they need to be a transparent as possible. Otherwise, people will simply take their money elsewere.