The IT Nerd

Trend Micro Incorporated today announced the winners of its fall Pwn2Own competition held through the Zero Day Initiative. $989,750 in prizes were awarded throughout the event with the purchase of 63 unique zero days. The real-world impact if these vulnerabilities were weaponized would amount to 10x in time, data and financial loss.     

An estimated 80% of US employees are currently working from home some or all of the time, according to Gallup. However, that can expand the corporate attack surface if devices like routers, smart speakers, printers and network attached storage (NAS) are not properly secured. Vulnerabilities in household devices disclosed through Pwn2Own and Trend Micro’s Zero Day Initiative inform Trend Micro’s industry-leading threat intelligence that secures increasingly entangled consumer and enterprise networks.

Several waves of Deadbolt ransomware that compromised global NAS devices this year highlight the potential risk for businesses.

Attackers could also use compromised small office/home office (SOHO) connected devices as a jumping-off point for lateral movement within a network, potentially leading to a device connected to corporate resources. 

That’s why this year’s fall Pwn2Own competition featured a “SOHO Smashup” category that challenged hackers to exploit a Wi-Fi router and connected device. If contestants were able to take complete control of both devices within 30 minutes, they could earn $100,000 and 10 Master of Pwn points.

Raising awareness of the risks to SOHO equipment comes amidst government moves to enhance buyers’ confidence, in a technology where responsibility for security often falls between employee and enterprise.

In the EU, legislation is being proposed to mandate minimum security requirements of connected device vendors, while in the US there are moves afoot to launch a new labelling system akin to Energy Star.

Pwn2Own was held from 6-8 December 2022 in Trend Micro’s Toronto offices, with Trend Micro offering to reimburse up to $3,000 in travel expenses for teams participating in person. Those unable to attend were able to log in remotely.

The overall Master of Pwn winner was DEVCORE with 18.5 points and $142,500 in prizes. The top five contestants were:

To read more about the Pwn2Own Toronto event and the final competition winners, please visit: https://www.zerodayinitiative.com/blog/2022/12/9/pwn2own-toronto-2022-day-four-results-and-master-of-pwn

Trend Micro Incorporated today announced that 90% of Canadian organizations have had customer records compromised at least once over the past 12 months as they struggle to profile and defend an expanding attack surface. 

The findings come from Trend Micro’s semi-annual Cyber Risk Index (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific, of which 470 are Canadian.

The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The Canadian CRI index moved from + 0.16 in 2H 2021 to 0.30 in 1H 2022, indicating a surging level of risk over the past six months. 

This trend is also reflected elsewhere in the data: the number of Canadian organizations experiencing a “successful” cyber-attack increased from 83% to 93% over the same period. Unsurprisingly, the number now expected to be compromised over the coming year has also increased from 74% to 86%.

Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. It is often challenging for security professionals to identify the physical location of business-critical data assets and applications.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives. Based on the scores given by the respondents, “My organization’s IT security objectives are aligned with business objectives” only has a score of 4.35 out of 10.

Overall, Canadian respondents rated the following as the top cyber threats in 1H 2022:

1)      Advanced malware

2)      Cryptomining

3)      Watering hole attacks

4)      Botnets 

5)      Business Email Compromise (BEC)

By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.

To read a full copy of the latest Cyber Risk Index, please visit: www.trendmicro.com/cyberrisk

Trend Micro Incorporated yesterday predicted that ransomware groups will increasingly target Linux servers and embedded systems over the coming years. It recorded a double-digit year-on-year (YoY) increase in attacks on these systems in 1H 2022.

To read a full copy of the Trend Micro 2022 Midyear Roundup Report, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report   

According to Trend Micro data:

• 63 billion threats blocked by Trend Micro in 1H 2022
• 52% more threats in the first half of the year than the same period in 2021
• Government, manufacturing and healthcare are the top three sectors targeted with malware

Detection of attacks from ransomware-as-a-service surged in the first half of 2022. Major players like LockBit and Conti were detected with a 500% YoY increase and nearly doubled the number of detections in six months, respectively. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

New ransomware groups are emerging all the time. The most notable one in the first half of 2022 is Black Basta. The group hit 50 organizations in just two months. Many persist with the “big game-hunting” of large enterprises, although SMBs are an increasingly popular target.

One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% YoY increase. The number of critical bug advisories published soared by 400% YoY.

APT groups continue to evolve their methods by employing expansive infrastructure and combining multiple malware tools. The ten-fold increase in the number of detections is another proof point that threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations.

The concern is that threat actors are able to weaponize these flaws faster than vendors can release patch updates and/or customers can patch them.

Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is “spiraling out of control.”

Cloud visibility is particularly important given the continued threat of third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling. The latter is frequently abused by threat actors to route malware traffic or host phishing websites.

Trend Micro today predicted that ransomware groups will increasingly target Linux servers and embedded systems over the coming years. It recorded a double-digit year-on-year (YoY) increase in attacks on these systems in 1H 2022.

To read a full copy of the Trend Micro 2022 Midyear Roundup Report, please visit: 

https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report   

According to Trend Micro data:

• 63 billion threats blocked by Trend Micro in 1H 2022
• 52% more threats in the first half of the year than the same period in 2021
• Government, manufacturing and healthcare are the top three sectors targeted with malware

Detection of attacks from ransomware-as-a-service surged in the first half of 2022. Major players like LockBit and Conti were detected with a 500% YoY increase and nearly doubled the number of detections in six months, respectively. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

New ransomware groups are emerging all the time. The most notable one in the first half of 2022 is Black Basta. The group hit 50 organizations in just two months. Many persist with the “big game-hunting” of large enterprises, although SMBs are an increasingly popular target.

One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% YoY increase. The number of critical bug advisories published soared by 400% YoY.

APT groups continue to evolve their methods by employing expansive infrastructure and combining multiple malware tools. The ten-fold increase in the number of detections is another proof point that threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations.

The concern is that threat actors are able to weaponize these flaws faster than vendors can release patch updates and/or customers can patch them.

Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is “spiraling out of control.”

Cloud visibility is particularly important given the continued threat of third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling. The latter is frequently abused by threat actors to route malware traffic or host phishing websites.

With the end of summer fast approaching, children of all ages will soon be returning to school. With increase in daily use of digital technology, it is critical for parents to integrate digital literacy and cyber hygiene in their child’s learning process. 

A recent survey found that two-thirds of parents allow their kids to use the internet on their own, with over 70 percent admitting that their children had engaged in risky behavior online.

To help improve kids’ safety and awareness online, Trend Micro has launched the Cyber Academy, which will offer 7–10-year-olds, a series of video-based lessons and learning materials designed to upgrade children’s digital literacy skills in a way that’s meaningful and engaging. The Cyber Academy consists of internet safety lessons that focus on passwords, two-factor authentication, security, and privacy among others. The lessons can be delivered on-demand by a teacher in the classroom or a guardian at home in just 10–15 minutes and are offered completely free of charge.

To learn more about Trend Micro’s Cyber Academy and tips for guardians and teachers click here.

 Trend Micro Incorporated, today released a new report warning of a “darkverse” of criminality hidden from law enforcement, which could quickly evolve to fuel a new industry of metaverse-related cybercrime.

The top five metaverse threats outlined in the report are:

• NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
• The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before police catch up.
• Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
• Social engineering, propaganda and fake news will have a profound impact in a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
• Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially when using their worlds, there will be zero privacy as we know it.

As imagined by Trend Micro, the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity. 

Underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities.

This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors.

Cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators, for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions. 

Although a fully-fledged metaverse is still some years away, metaverse-like spaces will be commonplace much sooner. Trend Micro’s report seeks to start an urgent dialog about what cyber threats to expect and how they could be mitigated.

Questions to start asking include:

• How will we moderate user activity and speech in the metaverse? And who will be responsible?
• How will copyright infringements be policed and enforced?
• How will users know whether they’re interacting with a real person or a bot? Will there be a Turing Test to validate AI/humans?
• Is there a way to safeguard privacy by preventing the metaverse from becoming dominated by a few large tech companies?
• How can law enforcement overcome the high costs of intercepting metaverse crimes at scale, and solve issues around jurisdiction?

To read a full copy of the report, Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/metaworse-the-trouble-with-the-metaverse.

New research from global cybersecurity firm Trend Micro has revealed that 58 per cent of Canadian organizations feel they currently have a moderate risk exposure. However, over half (53 per cent) feel their organization is exposed to cyber risk threats such as phishing (59 per cent), ransomware attacks (55 per cent), supply chain (55 per cent) and IoT attacks (52 per cent).  Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.

On average, Canadian organizations estimated having 57 per cent visibility of their overall attack surface, and more than a quarter of respondents still approach their attack surface by mapping their systems manually (27 per cent). This may explain why only around 37 per cent are able to fully and accurately detail any one of the following based on risk assessments:

• Risk levels for individual assets
• Attack attempt frequency
• Attack attempt trends
• Impact of a breach on any particular area
• Industry benchmarks
• Preventative action plans for specific vulnerabilities

About 43 per cent of the IT and business decision makers Trend Micro interviewed say that keeping up-to-date with the ever-evolving attack surface is the main area they struggle with. In addition, nearly half (44 per cent) consider phishing or email attacks as the primary way of a cyber-attack starting against their organization.

The inability of organizations to accurately assess attack surface risk also keeps business leaders in the dark. According to Trend Micro’s insights, 11 per cent of Canadian organizations do not have a well-defined way to assess the risk exposure of its digital attack surface, and 69 per cent of respondents think the C-Suite should play a more active role in promoting good cybersecurity practices. 

A quarter (24 per cent) of those surveyed believe that increasing cybersecurity training or education would have the greatest impact in enabling leadership to better understand cyber risk.

There’s a clear opportunity here for organizations to leverage third-party expertise.

Only one-third (36 per cent) of Canadian respondents are already invested in a platform-based approach to attack surface management, while nearly half (47 per cent) of respondents say they’d like to do the same. Of those who’ve already made the move, improved visibility (42 per cent), reduced costs (40 per cent) and faster breach detection (35 per cent) are the most cited advantages.

Among those not planning to switch to a platform model, 37 per cent Canadian organizations consider time to move as the biggest disadvantage to using a platform model. 

Trend Micro commissioned Sapio Research to interview 6297 IT and business decision makers across 29 countries to compile the study.

For more information on Trend Micro’s global risk research, click here: https://www.trendmicro.com/explore/trend_global_risk_research_2

After years of leadership in the fast-growing global market for cloud security, Trend Micro has announced its new deployment models and services to improve customer experience.

Throughout two years of the global crisis, enterprise leaders invested in cloud infrastructure and services to streamline business processes, lower costs and drive innovation. This also means that business-critical cloud-native applications increased in complexity and broadened their corporate cyber-attack surface.

Two new features for the cloud security platform include:

• Simplified deployment and management of cloud intrusion prevention system infrastructure, removing burdens and reducing friction for running cloud-based network security.
• Container security free from infrastructure deployment to scan container images faster with no impact to speed. This update extends the company’s existing container offering, which was the first offered by a cybersecurity provider.

It is also worth noting: 

• Trend Micro was the first dedicated security provider to offer cloud protection in 2010. Since then, the company has built the most comprehensive cloud security platform, protecting all types of cloud environments and assets.
• Last year, Trend Micro the launched its Cloud One regional data centre in Canada to uphold data residency, safeguard data privacy and reduce the risk of a security breach for Canadian organizations.
• In 2022, Trend Micro has also added to its more than 15 AWS competencies to now include Healthcare and DevSecOps.
• Trend Micro has been crowned no. 1 in cloud workload security for the fourth consecutive year and furthers its market leadership with ongoing innovations based on customer feedback.

It has also achieved the updated Amazon Web Services (AWS) Security Competency, which demonstrates that Trend Micro continues to be a key AWS Partner Network (APN) member in helping secure joint customers’ cloud environments.

Trend Micro announced today that it has blocked over 33.6 million cloud email threats in 2021, a 101% increase on the previous year. This stark increase in attacks proves that email remains a top point of entry for cyber attacks.

The data was collected over the course of 2021 from products that supplement native protection in collaboration platforms such as Microsoft 365 and Google Workspace. 

Other key findings include:

• 16.5 million detected and blocked phishing attacks, a 138% increase as the hybrid workforce continued to be targeted
• 6.3 million credential phishing attacks, a 15% increase as phishing remains a primary means of compromise
• 3.3 million malicious files detected, including a 134% surge in known threats and a 221% increase in unknown malware

More positively, ransomware detections continued to decline by 43% year-over-year. This could be because attacks are becoming more targeted, along with Trend Micro’s successful blocking of ransomware affiliate tools such as Trickbot and BazarLoader.

Business email compromise (BEC) detections also fell by 11%. However, there was an 83% increase in BEC threats detected using Trend Micro’s AI-powered writing style analysis feature, indicating that these scams may be getting more sophisticated.

To read a full copy of the Cloud App Security Threat Report, please visit: https://www.trendmicro.com/vinfo/us//security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-threat-report-2021

Digital transformation since the pandemic has pushed many organizations over a technology “tipping point”. The more they invest in digital infrastructure to drive sustainable growth, the more they are exposing themselves to cyber risk.

Trend Micro, leader in cloud security, published a new study which found that over two-thirds (69%) of Canadian businesses  are  concerned about having a broadening attack surface. However, only 42% plan to invest in security tools and technologies to combat it this year.

Visibility challenges appear to be the main reason organizations struggle to manage and understand cyber risk in these environments. In Canada, even though a majority (88%) of respondents believe their organization have a well-defined way to assess the risk exposure of its digital attack surface, 60% said they have blind spots that hamper their security.

Other Canadian findings include:

• Nearly half (48%) of respondents consider cloud service misconfigurations of cloud assets as the biggest risk exposure when it comes to their organization’s attack surface
• One-third (34%) of organizations feel fully exposed to the cyber risk of phishing
• 44% of respondents consider email attacks as the primary way of a cyber-attack starting against their organization
• 88% of respondents in Canada believe their organization have a well-defined way to assess the risk exposure of its digital attack surface
• More than half of the respondent (53%) would describe their organization’s digital attack surface as being “complex but controlled.”58% of organizations currently have a moderate risk exposure
• 8-in-10 (84%) of organizations review/update their risk exposure in relation to their digital attack surface at least once a month
• Just 18% review risk exposure on a daily basis

Those responsible for securing their enterprises should click here to give this study a read as it is eye opening.