Archive for Trend Micro

Security Breaches To Be More Sophisticated In 2019: Trend Micro

Posted in Commentary with tags on December 11, 2018 by itnerd

Trend Micro Incorporated a global leader in cybersecurity solutions, today released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. The report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights the growing threats faced by consumers and organizations that are exacerbated by the increasingly connected world.

The role of social engineering in successful attacks against businesses and individuals will continue to increase throughout the year. Since 2015, the number of phishing URLs blocked by Trend Micro has increased by nearly 3,800 percent. This offsets the lessening reliance on exploit kits, which has decreased by 98 percent in the same time. Additionally, attackers will continue to rely on known vulnerabilities that remain unpatched in corporate networks for 99.99 percent of exploits, as this remains a successful tactic.

Trend Micro also predicts attackers will leverage these proven methods against growing cloud adoption. More vulnerabilities will be found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining. This will lead to more damaging breaches due to misconfigured systems.

Attackers will also implement emerging technologies like AI to better anticipate the movements of executives. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.

SIM swapping and SIM-jacking will be a growing threat to take advantage of remote employees and everyday users. This attack method allows criminals to hijack a cell phone without the user’s knowledge, making it difficult for consumers to regain control of their devices. Additionally, the smart home will be an increasingly attractive target for attacks that leverage home routers and connected devices.

To find out more on these and many more 2019 predictions, read the full reporthere.

Advertisements

Trend Micro Survey Finds Nearly Half of Organizations Have Been Victims of BPC Attacks

Posted in Commentary with tags on December 8, 2018 by itnerd

Trend Micro Incorporated has revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC). Despite a high incidence of these types of attacks, 50 percent of management teams still don’t know what these attacks are or how their business would be impacted if they were victimized.

In a BPC attack, criminals look for loopholes in business processes, vulnerable systems and susceptible practices. Once a weakness has been identified, a part of the process is altered to benefit the attacker, without the enterprise or its client detecting the change. If victimized by this type of attack, 85 percent of businesses would be limited from offering at least one of their business lines.

Global security teams are not ignoring this risk, with 72 percent of respondents stating that BPC is a priority when developing and implementing their organization’s cybersecurity strategy. However, the lack of management awareness around this problem creates a cybersecurity knowledge gap that could leave organizations vulnerable to attack as businesses strive to transform and automate core processes to increase efficiency and competitivenessi.

The most common way for cybercriminals to infiltrate corporate networks is through a Business Email Compromise (BEC). This is a type of scam that targets email accounts of high-level employees related to finance or involved with wire transfer payments, either spoofing or compromising them through keyloggers or phishing attacks.

In Trend Micro’s survey, 61 percent of organizations said they could not afford to lose money from a BEC attack. However, according to the FBI, global losses due to BEC attacks continue to rise, reaching $12 billion earlier this year.

For more information on BPC and BEC attacks, read this Trend Micro Research report.

Guest Post: Trend Micro Has Security Tips For Safe Online Shopping This Black Friday/Cyber Monday

Posted in Commentary with tags on November 22, 2018 by itnerd

It’s no surprise that Canadians are preparing for the biggest holiday shopping event of the year. With Black Friday and Cyber Monday quickly approaching and online shopping at an all time high, it also means that cybercriminals are expected to be out in full force.

Canadians are no strangers to a great online deal, and so Trend Micro is shedding light on what online shoppers can do to protect their personal information. Below are the top 7 tips for avoiding cyber threats this shopping season.

Tips for Safe Online Shopping:

  1. Check any email coming from banks that request verification.
  2. Enable multi-factor authentication (2FA) for your online accounts and enable your credit card’s one-time password (OTP) feature.
  3. Keep your e-receipts and compare them with your credit card statements.
  4. Avoid connecting mobile devices to unsecure public networks.
  5. Choose retailer sites with buyer protection.
  6. When using voice-enabled assistants, monitor your publicly posted Personally identifiable Information (PII), these can be used as credentials to access IoT devices.
  7. Look for the verifier symbols of brands and shops, especially when visiting “so-called” business pages on social media, before interacting, shopping, or providing information.

There is also a blog post available called When Cybercriminals Hitch On Your Holiday Spending: Online Shopping Trends and Threats that you should have a look at.

Trend Micro Claims It Didn’t Steal User Data…. Then Back Pedals On That Claim

Posted in Commentary with tags on September 11, 2018 by itnerd

Well, Trend Micro has finally decided to respond to the firestorm that erupted on Sunday when it was discovered that some of their macOS apps were stealing the browser histories of users. And then the apps in question were promptly banned by Apple. Via a blog post, Trend Micro denied this…. Sort of:

Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false.

Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation (see, for example, the Dr Cleaner data collection disclosure here:  https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119854.aspx). The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

Well, that’s a crappy response which I am sure didn’t exactly win hearts and minds. Because sometime later they updated the blog post with this:

We apologize to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised.

We have taken action and have 3 updates to share with all of you.

First, we have completed the removal of browser collection features across our consumer products in question. Second, we have permanently dumped all legacy logs, which were stored on US-based AWS servers. This includes the one-time 24 hour log of browser history held for 3 months and permitted by users upon install. Third, we believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.

So I guess that the accusations weren’t completely false if Trend Micro backpedaled like this. I guess the optics just didn’t look too good. But they didn’t really answer the questions that need answering. Such as how pervasive was this practise? Were they doing this on their corporate line of products? How can we trust Trend Micro given all that is gone on? If Trend Micro really wants to address this, they need to be a transparent as possible. Otherwise, people will simply take their money elsewere.

Cisco To Bundle Trend Micro Security Into Consumer Routers

Posted in Commentary with tags , on February 18, 2009 by itnerd

Cisco via its Linksys brand wants to protect you from the bad guys that are lurking on the Internet. To that end, they’ve signed a deal with Trend Micro to stuff their technology into Linksys routers:

This multi-layered security offering helps provide network protection for family PCs and other home-network devices, such as online game consoles, Wi-Fi enabled phones, and personal media players. This collaboration has led to the introduction of Home Network Defender, an Internet security service from Trend Micro that features Safe Web Surfing capabilities, parental controls, and user-activity reporting embedded on select Linksys by Cisco wireless-N home routers. Home Network Defender helps to detect and eradicate Web threats such as online fraud, scams, phishing schemes, predators and viruses before they enter the home network.

I have to admit that this is a great idea. I find that most users don’t do enough to protect themselves from online threats until something bad happens. So having protection like this at the edge of your home network and making it easy to implement pretty much guarntees that nothing bad will happen.

Watch for products with this technology to start appearing on store shelves shortly.