Archive for Trend Micro

Ransomware Groups Will Increasingly Target Linux Servers And Embedded Systems Over The Coming Years: Trend Micro

Posted in Commentary with tags on September 9, 2022 by itnerd

Trend Micro Incorporated yesterday predicted that ransomware groups will increasingly target Linux servers and embedded systems over the coming years. It recorded a double-digit year-on-year (YoY) increase in attacks on these systems in 1H 2022.

To read a full copy of the Trend Micro 2022 Midyear Roundup Report, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report   

According to Trend Micro data:

  • 63 billion threats blocked by Trend Micro in 1H 2022
  • 52% more threats in the first half of the year than the same period in 2021
  • Government, manufacturing and healthcare are the top three sectors targeted with malware

Detection of attacks from ransomware-as-a-service surged in the first half of 2022. Major players like LockBit and Conti were detected with a 500% YoY increase and nearly doubled the number of detections in six months, respectively. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

New ransomware groups are emerging all the time. The most notable one in the first half of 2022 is Black Basta. The group hit 50 organizations in just two months. Many persist with the “big game-hunting” of large enterprises, although SMBs are an increasingly popular target.

One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% YoY increase. The number of critical bug advisories published soared by 400% YoY.

APT groups continue to evolve their methods by employing expansive infrastructure and combining multiple malware tools. The ten-fold increase in the number of detections is another proof point that threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations.

The concern is that threat actors are able to weaponize these flaws faster than vendors can release patch updates and/or customers can patch them.

Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is “spiraling out of control.”

Cloud visibility is particularly important given the continued threat of third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling. The latter is frequently abused by threat actors to route malware traffic or host phishing websites.

Trend Micro Warns of 75% Surge in Ransomware Attacks on Linux as Systems Adoptions Soared

Posted in Commentary with tags on August 31, 2022 by itnerd

Trend Micro today predicted that ransomware groups will increasingly target Linux servers and embedded systems over the coming years. It recorded a double-digit year-on-year (YoY) increase in attacks on these systems in 1H 2022.

To read a full copy of the Trend Micro 2022 Midyear Roundup Report, please visit: 

https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report   

According to Trend Micro data:

  • 63 billion threats blocked by Trend Micro in 1H 2022
  • 52% more threats in the first half of the year than the same period in 2021
  • Government, manufacturing and healthcare are the top three sectors targeted with malware

Detection of attacks from ransomware-as-a-service surged in the first half of 2022. Major players like LockBit and Conti were detected with a 500% YoY increase and nearly doubled the number of detections in six months, respectively. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

New ransomware groups are emerging all the time. The most notable one in the first half of 2022 is Black Basta. The group hit 50 organizations in just two months. Many persist with the “big game-hunting” of large enterprises, although SMBs are an increasingly popular target.

One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% YoY increase. The number of critical bug advisories published soared by 400% YoY.

APT groups continue to evolve their methods by employing expansive infrastructure and combining multiple malware tools. The ten-fold increase in the number of detections is another proof point that threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations.

The concern is that threat actors are able to weaponize these flaws faster than vendors can release patch updates and/or customers can patch them.

Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is “spiraling out of control.”

Cloud visibility is particularly important given the continued threat of third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling. The latter is frequently abused by threat actors to route malware traffic or host phishing websites.

Back to school reminder: Cyber hygiene for kids by Trend Micro

Posted in Commentary with tags on August 23, 2022 by itnerd

With the end of summer fast approaching, children of all ages will soon be returning to school. With increase in daily use of digital technology, it is critical for parents to integrate digital literacy and cyber hygiene in their child’s learning process. 

A recent survey found that two-thirds of parents allow their kids to use the internet on their own, with over 70 percent admitting that their children had engaged in risky behavior online.

To help improve kids’ safety and awareness online, Trend Micro has launched the Cyber Academy, which will offer 7–10-year-olds, a series of video-based lessons and learning materials designed to upgrade children’s digital literacy skills in a way that’s meaningful and engaging. The Cyber Academy consists of internet safety lessons that focus on passwords, two-factor authentication, security, and privacy among others. The lessons can be delivered on-demand by a teacher in the classroom or a guardian at home in just 10–15 minutes and are offered completely free of charge.

To learn more about Trend Micro’s Cyber Academy and tips for guardians and teachers click here.

Beware The Darkverse And The Cyber-Physical Threats It Will Enable: Trend Micro

Posted in Commentary with tags on August 9, 2022 by itnerd

 Trend Micro Incorporated, today released a new report warning of a “darkverse” of criminality hidden from law enforcement, which could quickly evolve to fuel a new industry of metaverse-related cybercrime.

The top five metaverse threats outlined in the report are:

  • NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
  • The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before police catch up.
  • Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
  • Social engineering, propaganda and fake news will have a profound impact in a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
  • Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially when using their worlds, there will be zero privacy as we know it.

As imagined by Trend Micro, the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity. 

Underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities.

This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors.

Cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators, for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions. 

Although a fully-fledged metaverse is still some years away, metaverse-like spaces will be commonplace much sooner. Trend Micro’s report seeks to start an urgent dialog about what cyber threats to expect and how they could be mitigated.

Questions to start asking include:

  • How will we moderate user activity and speech in the metaverse? And who will be responsible?
  • How will copyright infringements be policed and enforced?
  • How will users know whether they’re interacting with a real person or a bot? Will there be a Turing Test to validate AI/humans?
  • Is there a way to safeguard privacy by preventing the metaverse from becoming dominated by a few large tech companies?
  • How can law enforcement overcome the high costs of intercepting metaverse crimes at scale, and solve issues around jurisdiction?

To read a full copy of the report, Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/metaworse-the-trouble-with-the-metaverse.

Over Half of Canadian Organizations Feel Somewhat Exposed to Cyber Risks such as Phishing, Ransomware and IoT Attacks: Trend Micro

Posted in Commentary with tags on August 4, 2022 by itnerd

New research from global cybersecurity firm Trend Micro has revealed that 58 per cent of Canadian organizations feel they currently have a moderate risk exposure. However, over half (53 per cent) feel their organization is exposed to cyber risk threats such as phishing (59 per cent), ransomware attacks (55 per cent), supply chain (55 per cent) and IoT attacks (52 per cent).  Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.

On average, Canadian organizations estimated having 57 per cent visibility of their overall attack surface, and more than a quarter of respondents still approach their attack surface by mapping their systems manually (27 per cent). This may explain why only around 37 per cent are able to fully and accurately detail any one of the following based on risk assessments:

  • Risk levels for individual assets
  • Attack attempt frequency
  • Attack attempt trends
  • Impact of a breach on any particular area
  • Industry benchmarks
  • Preventative action plans for specific vulnerabilities

About 43 per cent of the IT and business decision makers Trend Micro interviewed say that keeping up-to-date with the ever-evolving attack surface is the main area they struggle with. In addition, nearly half (44 per cent) consider phishing or email attacks as the primary way of a cyber-attack starting against their organization.

The inability of organizations to accurately assess attack surface risk also keeps business leaders in the dark. According to Trend Micro’s insights, 11 per cent of Canadian organizations do not have a well-defined way to assess the risk exposure of its digital attack surface, and 69 per cent of respondents think the C-Suite should play a more active role in promoting good cybersecurity practices. 

A quarter (24 per cent) of those surveyed believe that increasing cybersecurity training or education would have the greatest impact in enabling leadership to better understand cyber risk.

There’s a clear opportunity here for organizations to leverage third-party expertise.

Only one-third (36 per cent) of Canadian respondents are already invested in a platform-based approach to attack surface management, while nearly half (47 per cent) of respondents say they’d like to do the same. Of those who’ve already made the move, improved visibility (42 per cent), reduced costs (40 per cent) and faster breach detection (35 per cent) are the most cited advantages.

Among those not planning to switch to a platform model, 37 per cent Canadian organizations consider time to move as the biggest disadvantage to using a platform model. 

Trend Micro commissioned Sapio Research to interview 6297 IT and business decision makers across 29 countries to compile the study.

For more information on Trend Micro’s global risk research, click here: https://www.trendmicro.com/explore/trend_global_risk_research_2

Trend Micro Announces New Updates to Cloud Security Platform

Posted in Commentary with tags on July 26, 2022 by itnerd

After years of leadership in the fast-growing global market for cloud security, Trend Micro has announced its new deployment models and services to improve customer experience.

Throughout two years of the global crisis, enterprise leaders invested in cloud infrastructure and services to streamline business processes, lower costs and drive innovation. This also means that business-critical cloud-native applications increased in complexity and broadened their corporate cyber-attack surface.

Two new features for the cloud security platform include:

  • Simplified deployment and management of cloud intrusion prevention system infrastructure, removing burdens and reducing friction for running cloud-based network security.
  • Container security free from infrastructure deployment to scan container images faster with no impact to speed. This update extends the company’s existing container offering, which was the first offered by a cybersecurity provider.

It is also worth noting: 

  • Trend Micro was the first dedicated security provider to offer cloud protection in 2010. Since then, the company has built the most comprehensive cloud security platform, protecting all types of cloud environments and assets.
  • Last year, Trend Micro the launched its Cloud One regional data centre in Canada to uphold data residency, safeguard data privacy and reduce the risk of a security breach for Canadian organizations.
  • In 2022, Trend Micro has also added to its more than 15 AWS competencies to now include Healthcare and DevSecOps.
  • Trend Micro has been crowned no. 1 in cloud workload security for the fourth consecutive year and furthers its market leadership with ongoing innovations based on customer feedback.

It has also achieved the updated Amazon Web Services (AWS) Security Competency, which demonstrates that Trend Micro continues to be a key AWS Partner Network (APN) member in helping secure joint customers’ cloud environments.

Email Threats Spike 101% Year Over Year Says Trend Micro

Posted in Commentary with tags on June 21, 2022 by itnerd

Trend Micro announced today that it has blocked over 33.6 million cloud email threats in 2021, a 101% increase on the previous year. This stark increase in attacks proves that email remains a top point of entry for cyber attacks.

The data was collected over the course of 2021 from products that supplement native protection in collaboration platforms such as Microsoft 365 and Google Workspace. 

Other key findings include:

  • 16.5 million detected and blocked phishing attacks, a 138% increase as the hybrid workforce continued to be targeted
  • 6.3 million credential phishing attacks, a 15% increase as phishing remains a primary means of compromise
  • 3.3 million malicious files detected, including a 134% surge in known threats and a 221% increase in unknown malware

More positively, ransomware detections continued to decline by 43% year-over-year. This could be because attacks are becoming more targeted, along with Trend Micro’s successful blocking of ransomware affiliate tools such as Trickbot and BazarLoader.

Business email compromise (BEC) detections also fell by 11%. However, there was an 83% increase in BEC threats detected using Trend Micro’s AI-powered writing style analysis feature, indicating that these scams may be getting more sophisticated.

To read a full copy of the Cloud App Security Threat Report, please visit: https://www.trendmicro.com/vinfo/us//security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-threat-report-2021

Only 42% Canadian Organizations Plan To Invest In Security Tools This Year: Trend Micro

Posted in Commentary with tags on June 15, 2022 by itnerd

Digital transformation since the pandemic has pushed many organizations over a technology “tipping point”. The more they invest in digital infrastructure to drive sustainable growth, the more they are exposing themselves to cyber risk.

Trend Micro, leader in cloud security, published a new study which found that over two-thirds (69%) of Canadian businesses  are  concerned about having a broadening attack surface. However, only 42% plan to invest in security tools and technologies to combat it this year.

Visibility challenges appear to be the main reason organizations struggle to manage and understand cyber risk in these environments. In Canada, even though a majority (88%) of respondents believe their organization have a well-defined way to assess the risk exposure of its digital attack surface, 60% said they have blind spots that hamper their security.

Other Canadian findings include:

  • Nearly half (48%) of respondents consider cloud service misconfigurations of cloud assets as the biggest risk exposure when it comes to their organization’s attack surface
  • One-third (34%) of organizations feel fully exposed to the cyber risk of phishing
  • 44% of respondents consider email attacks as the primary way of a cyber-attack starting against their organization
  • 88% of respondents in Canada believe their organization have a well-defined way to assess the risk exposure of its digital attack surface
  • More than half of the respondent (53%) would describe their organization’s digital attack surface as being “complex but controlled.”58% of organizations currently have a moderate risk exposure
  • 8-in-10 (84%) of organizations review/update their risk exposure in relation to their digital attack surface at least once a month
  • Just 18% review risk exposure on a daily basis

Those responsible for securing their enterprises should click here to give this study a read as it is eye opening.

4-in-10 Canadian Organizations Still Struggling To Be Up To Date With Digital Attack Surface: Trend Micro

Posted in Commentary with tags on June 13, 2022 by itnerd

Trend Micro, the leader in cloud security, announced the findings of a new global study indicating that while organizations across the globe are struggling to define and secure an expanding cyber-attack surface, in Canada, 81% of organizations have at least somewhat defined it.

Trend Micro surveyed 6297 IT and business decision makers across 29 countries to compile the study. To read a full copy of the report, please visit: https://www.trendmicro.com/explore/trend_global_risk_research_2/the-challenge-of-man

The study revealed that 88% of respondents in Canada believe their organization have a well-defined way to assess the risk exposure of its digital attack surface, and more than half (53%) would describe their organization’s digital attack surface as being “complex but controlled.”

Despite the above, over two-thirds (69%) of Canadian respondents are concerned about having a broadening attack surface, and only 42% plan to invest in security tools and technologies to combat it this year.

Visibility challenges appear to be the main reason organizations struggle to manage and understand cyber risk in these environments.

The research shows that almost two-thirds (60%) of Canadian respondents said they have blind spots that hamper security, with cloud environments cited as the most opaque (41%). On average, respondents estimated having just 57% visibility of their attack surface.

These challenges are multiplied in global organizations. Two-fifths (40%) of respondents in Canada claimed that being an international enterprise that spans multiple jurisdictions makes managing the attack surface harder. 

Yet more than a quarter (27%) are still mapping their systems manually, and 20% outsource this task —which can create further silos and visibility gaps.

The study also revealed that over one-third (36%) of Canadian organizations don’t believe their method of assessing risk exposure is sophisticated enough. This is borne out in other findings:

  • 58% of organizations currently have a moderate risk exposure
  • Nearly half (48%) of respondents consider cloud service misconfigurations of cloud assets as the biggest risk exposure when it comes to their organization’s attack surface
  • 8-in-10 (84%) of organizations review/update their risk exposure in relation to their digital attack surface at least once a month
  • Just 18% review risk exposure on a daily basis
  • One-third (34%) of organizations feel fully exposed to the cyber risk of phishing
  • 44% of respondents consider phishing or email attacks as the primary way of a cyber-attack starting against their organization

Trend Micro Discovers Linux Based Malware That Targets VMware Servers

Posted in Commentary with tags , on May 29, 2022 by itnerd

Bad news for those who run VMware, as if they needed any more bad news that’s VMware related. Researchers at Trend Micro have discovered a Linux based malware that targets VMware ESXi servers:

We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. We encountered Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.

Here’s why this is dangerous. It makes the job of ransomware attackers far easier because they can encrypt the VMware ESXi server and then encrypt every guest VM it contains. In effect it’s one shot pwnage for a threat actor. And that can be catastrophic for an enterprise. There’s really no specific mitigation strategies that are offered up by Trend Micro, but I have one. Have multiple backups and snapshots and store them off line so that they can’t get pwned. Also do regular test recoveries because Backus mean nothing if you can’t use them to recover from something like this.