The IT Nerd

Trend Micro Incorporated today announced an extension to its partner program and launched a new offering designed to empower MSSPs, service partners and pure-play managed detection and response (MDR) companies to build or grow their MDR and SOC-as-a-service offerings. The new program will further enable the global ecosystem of MSSP partners that customers rely on amidst a cybersecurity skills shortage. 

Trend Vision One for Service Providers provides turnkey threat detection and response with extended SOAR capabilities built for managed security service partners, offering multi-tenant SOC capabilities and hundreds of 3rd party integrations across the IT environment and with other security vendors.  

• Out-of-the-box value, via incident response playbooks which reduce the need to build custom solutions
• Comprehensive, end-to-end SOC technology, from XDR to protection
• Improved customer outcomes, with MTTR (mean time to respond, repair, resolve, recover) measured not in weeks but hours
• Extensive integrations – hundreds of integrations that offer visibility, analysis and automation across Trend and a wide range of third-party products
• Greater SOC inspection and analytics thanks to log inspection & analytics which capture event data from a wide range of sources across the organization, from Trend and third-party solutions
• MSSP-ready capabilities – a multi-tenant offering delivered via a single pane of glass  

Partners who sign up to Trend Vision One for Service Providers will also receive industry-leading benefits including:  

• White-glove onboarding and enablement, leveraging Trend’s industry know-how working with hundreds of SOCs to help partners accelerate adoption and delivery of SOCaaS and MDR  
• Highly competitive pricing to allow new and existing MSSPs to penetrate the market quicker
• Choice of partnership, which means partners can choose the partnership right for their business:
  • Fully managed MDR or SOCaa
  • API integration to offer co-managed services for “bring your own technology” clients, where MSSPs help configure and manage Trend’s SOAR solution deployed on customers’ premises 

Today, Trend Micro released its midyear cybersecurity threat report, which found that in the first half of 2023, theTrend Micro blocked more than 85 billion threats globally consisting of email threats, malicious files, and malicious URLs, a 27% year-over-year increase.   

In Canada, the detection of attacks from ransomware-as-a-service surged in the first half of 2023. To date, Trend Micro has blocked 394,518,518 email threats attempts in Canada, 24.6% more than last year. 

As AI adoption continues to grow at a stable pace, ransomware groups will become more creative. Findings show Cyber criminals are turning to AI-enabled tools to simplify enacting scams, automate refining targets, and increase scalability with a crop of new crimes. 

You can read the full report here: Stepping Ahead of Risk: Trend Micro 2023 Midyear Cybersecurity Threat Report

Although emerging technologies such as AI are being developed to increase efficiency and make our lives easier, cases in which these technologies have been exploited are becoming increasingly frequent. Cybercriminals have been extorting innocent people through deepfake technology and the use of manipulated photos and videos to carry out these scams, which have  resulted in losses of $2.6 billion last year alone.

Young people and public figures are the most at risk of falling victim to these attacks. These individuals are prone to having their voice cloned due to their large social media presence. While AI Voice Cloning has provided comic relief using voice filters and allowed us to listen to classic songs from different artists, it has also allowed cybercriminals to adopt another avenue of crime. AI tools such as VoiceLab can harvest a person’s voice biometrics, producing a deepfake voice that would sound exactly like them. Coupled with an input script from a movie, it can cause close family and friends to believe their loved one has been abducted.

Additionally, by using ChatGPT, attackers can fuse large datasets of potential victims with voice, video and signal data information, and SIM jacking allows threat actors to control the kidnappee’s phone, making it difficult to track and unreachable.

You can read the full report by Trend Micro here: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-can-perform-virtual-kidnapping-scams-using-ai-voice-cloning-tools-and-chatgpt

Trend Micro, a global leader in cybersecurity solutions, has joined the Canadian Cyber Threat Exchange (CCTX) to contribute knowledge assets and threat insights and to help support cyber resilience across the country. The CCTX is Canada’s national cyber threat sharing and collaboration hub. 

By becoming a CCTX member, Trend Micro is joining forces with a diverse community of organizations, professionals, and government institutions to collaborate, share, and discuss useful information regarding cyber threat actors, their campaigns, TTPs (tactics, techniques, and procedures), trends, research, and processes. Collaborating on current risks and exchanging best practices, techniques, and insights is critical to increasing preparedness and developing security responses that can protect organizations across multiple fronts.

Building cyber resilience is an important focus area considering a recent Trend Micro report showed Canadian organizations struggle to profile and defend their expanding attack surface. Over the past year, 56 percent of Canadian organizations have had customer records compromised at least once. Moreover, another report found the average total cost of a data breach for Canadian companies was $4.50 million (USD).

The CCTX was created to build a secure Canada where all organizations, both private and public, collaborate to increase cyber resilience using a two-pronged approach: 

• CCTX Collaboration Centre is a trusted forum for cyber professionals to solve problems by exchanging best practices, techniques, and insights.
• The CCTX Data Exchange compiles, analyzes and shares cyber threat information to provide actionable cyber threat intelligence to its cross sectoral membership. Data is received from its members, the Canadian Centre for Cyber Security and other Canadian and international cyber threat sharing hubs.

As a leading global voice in the fight against cybercrime, Trend Micro is proud to support collaborative hubs, partnerships, and law enforcement internationally by sharing strategic and tactical threat intelligence with different countries worldwide, including Canada.

To learn more about Trend Micro please visit: www.TrendMicro.com

To learn more about CCTX, please visit: https://cctx.ca/

Today, Trend Micro released  a report titled, “AGENTS OF ABUSE: Residential Proxies and CAPTCHA-Solving Services,” to spotlight how cybercriminals use residential proxies and CAPTCHA-solving, proxies and configurations to carry out credential stuffing attacks.

Different markets and industries, including e-commerce, social media, fintech, airline and travel, and online ticket services, are losing billions of dollars each year because of fake web traffic generated by illicit scrapers, fake accounts, robot buyers, carders, and stuffers

Data revealed that 47.4 per cent of all Internet traffic in 2022 came from bots.

While CAPTCHA services and IP reputation feeds are used to counter this type of e-commerce fraud and account takeover, it has been found abusers have developed tools to counter these defensive measures.

Below are some stats worth highlighting around fake web traffic:

• 25% of newly registered accounts are fake
• 20% of login attempts are attacks
• 86% of all attacks are carried out by bots

Based on the data gathered using the Trend Micro™️ Smart Protection Network™️ from January to August 2022, business websites from different industries, including social commerce, online gaming, cryptocurrency, and travel, were affected by CAPTCHA-solving services.

You can also read the full report HERE.

Trend Micro Incorporated has announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2022. According to the results, the overall global cyber-risk levels have improved from “elevated” to “moderate” for the first time. While North America and Canada still stand at an elevated risk level, Canada received a score of -0.03, which shows an improvement compared to the first half of the year (-0.30).

Results also revealed almost two-thirds (60%) of Canadian organizations still anticipate they’ll be breached in the next 12 months, with almost one-out-of-five (18%) claiming this is “very likely” to happen.

Additionally, the CRI found that cyber-preparedness improved in Europe and APAC but declined slightly in Latin and North America over the past six months, with Canada going from a score of 5.31 in the first half of 2022, to a score of 5.18 (staying at a moderate risk).  Moreover, the threat index went from 5.61 in the first half of 2022 to 5.21; a 7.1% decrease in the last six months.

Despite this improvement, most Canadian organizations are still pessimistic about their prospects over the coming year. The CRI found that most respondents in Canada said it was “somewhat to very likely” they’d suffer a breach of customer data (61%) or Information assets (e.g. intellectual property) (60%) or a successful cyber-attack (69%).

These figures represent a decrease of 14%, 19% and 17%, respectively, from the last report.

At a global level, the top four threats listed by respondents in the CRI 2H 2022 remained the same from the previous report:

1. Clickjacking
2. Business Email Compromise (BEC)
3. Ransomware
4. Fileless attacks

“Botnets” replaced “login attacks” in fifth place.

Global respondents also named employees as representing three of their top five infrastructure risks:

1. Negligent insiders
2. Cloud computing infrastructure and providers
3. Mobile/remote employees
4. Shortage of qualified personnel
5. Virtual computing environments (servers, endpoints)

Based on the global survey results, the greatest areas of concern for businesses related to cyber-preparedness are:

People: “My organization’s senior leadership does not view security as a competitive advantage.” 

Process: “My organization’s IT security function doesn’t have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker.”

Technology: “My organization’s IT security function does not have the ability to know the physical location of business-critical data assets and applications.”

*The six-monthly Cyber Risk Index was compiled by the Ponemon Institute from interviews with 3729 global organizations. The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber-preparedness.

To read a full copy of the Trend Micro Cyber Risk Index (CRI) 2H 2022*, please visit:https://www.trendmicro.com/en_us/security-intelligence/breaking-news/cyber-risk-index

 Trend Micro Incorporated today published new research detailing how criminal groups start behaving like corporations as they grow bigger, but that this comes with its own attendant costs and challenges.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit:  

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

Small criminal businesses (e.g., Counter Anti-Virus service Scan4You):

• Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
• Their members often handle multiple tasks within the group and also have a day job on top of this work.
• Comprise the majority of criminal businesses, often partnering with other criminal entities.

Medium-sized criminal businesses (e.g., bulletproof hoster MaxDedi):

• Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
• They usually have a pyramid-style hierarchical structure with a single person in charge.

Large criminal business (e.g., ransomware group Conti):

• Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
• Feature relatively large numbers of lower management and supervisors.
• Implement effective OPSEC and partner with other criminal organizations.
•  Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
• They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization can provide critical clues to investigators, such as what types of data to hunt for. 

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

Trend Micro has put out research on how LinkedIn has become a great target for cybercriminals.

LinkedIn is considered the largest platform catering to professionals and companies’ information with approximately 875 million users in over 200 countries.

As in other social networks, sharing data is the principal activity done on this platform, and this opens people to threats targeting all kinds of users – from a cybercriminal perspective, LinkedIn is an optimal platform to gather information on potential targets and for initial reconnaissance given its large user base and business orientation.

From utilizing AI-generated headshots to create real-looking profiles to using LinkedIn messaging to target marketing and HR professionals, threat actors have found new ways to exploit the platform’s information to build sophisticated attacks that could result in personal, professional, social, and organizational damage.

To learn more about how data is been stolen and used against users and organizations you can read the full report here: A Growing Goldmine: Your LinkedIn Data Abused For Cybercrime

 Trend Micro today announced a massive 55% increase in overall threat detections in 2022 and a 242% surge in blocked malicious files, as threat actors indiscriminately targeted consumers and organizations across all sectors.

The roundup report reveals several interesting trends for 2022 and beyond:

The top three MITRE ATT&CK techniques show us that threat actors are gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilize valid accounts.

An 86% increase in backdoor malware detections reveals threat actors trying to maintain their presence inside networks for a future attack. These backdoors primarily targeted web server platform vulnerabilities.

A record number of Zero Day Initiative (ZDI) advisories (1,706) for the third year in a row is the result of a rapidly expanding corporate attack surface and researcher investment in automated analysis tools, which are finding more bugs. The number of critical vulnerabilities doubled in 2022. Two out of the top three CVEs reported in 2022 were related to Log4j.

The ZDI observed an increase in failed patches and confusing advisories, adding extra time and money to corporate remediation efforts and exposing organizations to unnecessary cyber risk.

Webshells were the top-detected malware of the year, surging 103% on 2021 figures. Emotet detections were second after undergoing something of a resurgence. LockBit and BlackCat were the top ransomware families of 2022.

Ransomware groups rebranded and diversified in a bid to address declining profits. In the future, we expect these groups to move into adjacent areas that monetize initial access, such as stock fraud, business email compromise (BEC), money laundering, and cryptocurrency theft.

Trend Micro recommends that organizations adopt a platform-based approach to managing the cyber-attack surface, mitigate security skills shortages and coverage gaps, and minimize the costs associated with point solutions. This should cover the following:

• Asset management. Examine assets and determine their criticality, any potential vulnerabilities, the level of threat activity, and how much threat intelligence is being gathered from the asset.
• Cloud security. Ensure that cloud infrastructure is configured with security in mind to prevent attackers from capitalizing on known gaps and vulnerabilities.
• Proper security protocols. Prioritize updating software as soon as possible to minimize the exploitation of vulnerabilities. Options such as virtual patching can help organizations until vendors provide official security updates.
• Attack surface visibility. Monitor disparate technologies and networks within the organization, as well as any security system that protects them. It may be difficult to correlate different data points from siloed sources.

To read a full copy of the report, Rethinking Tactics: 2022 Annual Cybersecurity Report, please click here.

* It covers endpoints (Android & iOS, IoT, IIoT, PCs, Macs, Linux, servers), email, web and network layers, OT networks, cloud, home networks, vulnerabilities, consumers, businesses, and governments globally.

Trend Micro Incorporated today released Future/Tense: Trend Micro Security Predictions for 2023. The report warns that threat actors will ramp up attacks targeting security blind spots in the home office, software supply chain and cloud in the coming year.

According to the report, VPNs represent a particularly attractive target as a single solution could be exploited to target multiple corporate networks. Home routers will also be singled out as they’re often left unpatched and unmanaged by central IT.

Alongside the threat to hybrid workers, the report anticipates several trends for IT security leaders to watch out for in 2023, including:

• A growing supply chain threat from managed service providers (MSPs), which will be selected because they offer access to a large volume of downstream customers, thereby maximizing the ROI of ransomware, data theft and other attacks
• “Living off the cloud” techniques may become the norm for groups attacking cloud infrastructure to stay hidden from conventional security tools. An example could be using a victim’s backup solutions to download stolen data into the attacker’s storage destination
• Connected car threats such as targeting of the cloud APIs which sit between in-vehicle embedded-SIMs (eSIMs) and back-end application servers. In a worst-case scenario (i.e., Tesla API) attacks could be used to gain access to vehicles. The connected car industry could also be impacted by malware lurking in open-source repositories
• Ransomware-as-a-service (RaaS) groups may rethink their business as the impact of double extortion fades. Some may focus on the cloud, while others could eschew ransomware altogether and try monetizing other forms of extortion like data theft
• Social engineering will be turbo-charged with business email compromise (BEC)-as-a-service offerings and the rise of deepfake-based BEC

Trend Micro recommends organizations mitigate these emerging threats in 2023 via:

• Zero trust strategies built on a “never trust, always verify” mantra, to minimize damage without sacrificing user productivity
• Employee training and awareness raising to turn a weak link in the security chain into an effective line of defense
• Consolidating onto a single security platform for all attack surface monitoring and threat detection and response. This will improve a company’s ability to catch suspicious activity across their networks, reduce the burden on security teams and keep defenders sharp 
• Stress testing IT infrastructures to ensure attack readiness in different scenarios, especially ones where a perimeter gateway has already been breached 
• A software bill of materials (SBOM) for every application, to accelerate and enhance vulnerability management—by delivering visibility into code developed in-house, bought from commercial sources, and built from third-party sources

To read a full copy of the report, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2023