The IT Nerd

Trend Micro Incorporated today announced that it received the highest score in the current offering and strategy categories, and among the second highest scores in the market presence category, in The Forrester Wave™: Cloud Workload Security, Q4 2019. Trend Micro believes that this recognition underscores the leadership of its cloud offerings and strategy as the peak of the cloud security market.

Forrester rigorously evaluated 13 competitive security vendors across 30 criterion and in three distinct areas: current offering, strategy and market presence.

In addition to its comprehensiveness, Forrester recognized Trend Micro’s cloud security offering in multiple areas including:

• “The solution is ideal for large firms with broad Cloud Workload Security (CWS) needs across workloads, hypervisors and containers.”
• “The OS level, agent-based protections are very strong and include malware and memory protection, file integrity monitoring, host-based firewall, intrusion detection/intrusion prevention, log inspection and application binary control,” the report noted.
• “Role-based access control (RBAC) is very flexible for administrators. Container runtime and pre-runtime checks are comprehensive, and the solution exposes a broad API for Deep Security policy control.”

Trend Micro provides optimized protection for workloads running on Amazon Web Services, Microsoft Azure, Google Cloud, VMware and Docker, allowing customers to automate deployment for streamlined compliance and seamlessly secure DevOps.

To download a complimentary copy of the full report, click here.

Trend Micro believes that this report complements another recently published recognition by another top analyst firm. The company was named the #1 vendor in Software-Defined Compute (SDC) workload protection by IDC in their new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 (DOC #US45638919, NOVEMBER 2019). This report revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.

Trend Micro Incorporated has announced its 2020 predictions report, which states that organizations will face a growing risk from their cloud and the supply chain. The growing popularity of cloud and DevOps environments will continue to drive business agility while exposing organizations, from enterprises to manufacturers, to third-party risk.

Attackers will increasingly go after corporate data stored in the cloud via code injection attacks such as deserialization bugs, cross-site scripting and SQL injection. They will either target cloud providers directly or compromise third-party libraries to do this.

In fact, the increasing use of third-party code by organizations employing a DevOps culture will increase business risk in 2020 and beyond. Compromised container components and libraries used in serverless and microservices architectures will further broaden the enterprise attack surface, as traditional security practices struggle to keep up.

Managed service providers (MSPs) will be targeted in 2020 as an avenue for compromising multiple organizations via a single target. They will not only be looking to steal valuable corporate and customer data, but also install malware to sabotage smart factories and extort money via ransomware.

The new year will also see a relatively new kind of supply chain risk, as remote workers introduce threats to the corporate network via weak Wi-Fi security. Additionally, vulnerabilities in connected home devices can serve as a point of entry into the corporate network.

Amidst this ever-volatile threat landscape, Trend Micro recommends organizations:

• Improve due diligence of cloud providers and MSPs
• Conduct regular vulnerability and risk assessments on third parties
• Invest in security tools to scan for vulnerabilities and malware in third-party components
• Consider Cloud Security Posture Management (CSPM) tools to help minimize the risk of misconfigurations
• Revisit security policies regarding home and remote workers

To read the full report, The New Norm: Trend Micro Security Predictions for 2020, please visit:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020.

Today, more than ever before, organizations are keen on taking advantage of the speed, automation, and global reach of 5G technology. The challenge is that the majority have little to no direct experience in telecommunication technology.

Trend Micro has released a report, Securing 5G Through Cyber-Telecom Identity Federation highlighting the major gaps in handling identities in IT and Telecommunications along with solutions to better equip businesses as they transition to using new technology to carry out various functions.

The report forces businesses to reconsider their approach to cybersecurity by listing out the security strategies, technical skills, and additional technologies needed to successfully adopt 5G and fully reap its benefits.

Trend Micro Incorporated today announced the launch of Trend Micro Cloud One™, a security services platform for organizations building applications in the cloud. Cloud One allows developers torapidly build applications using the cloud services they want, while managing their organization’s risk.

Cloud One delivers the industry’s broadest range of security capabilities in a single platform. Designed to help organizations meet their most strategic cloud priorities, it allows customers to migrate existing applications to the cloud, deliver new cloud-native applications and achieve cloud operational excellence. The first-of-its-kind platform has the flexibility to solve immediate customer challenges and the innovation to rapidly evolve with cloud services. At its heart, Cloud One includes the world’s leading workload security service that is already in use by thousands of organizations. It is complemented by enhanced container security and brand-new offerings for application security, network security, file storage security and cloud security posture management to ensure cloud infrastructure is optimally configured.

Many cloud security solutions are often hard to manage and deploy, inflexible and fail to provide the level of visibility IT teams need to manage fast-emerging risks.

Trend Micro’s all-in-one platform approach is designed to deliver simplified, automated and flexible protection, regardless of where an organization is on the journey to the cloud. Customers using the platform will benefit from a single-sign-on to all services, common user and cloud-service enrolment, visibility from a single console and a common pricing and billing model.

Trend Micro’s new cloud security platform supports the leading cloud providers, including Amazon Web Services (AWS), Microsoft Azure and Google Cloud.

By considering cloud projects and objectives holistically, Trend Micro Cloud One is able to provide enterprise grade security, while leveraging the benefits and efficiencies of the cloud.

The Cloud One platform will be available in Q1 2020 with three services fully integrated: workload security, network security and application security. The other components will be available as stand-alone solutions in Q1 2020 and integrated into Cloud One by the end of 2020.

• Trend Micro Cloud One – Workload Security
• Trend Micro Cloud One – Container Image Security
• Trend Micro Cloud One – File Storage Security
• Trend Micro Cloud One  – Network Security
• Trend Micro Cloud One – Cloud Posture Management
• Trend Micro Cloud One – Application Security

To find out more about Cloud One, please visit https://www.trendmicro.com/cloudone.

Trend Micro Incorporated today announced it has acquired Cloud Conformity, an innovative Cloud Security Posture Management (CSPM) company. The acquisition instantly broadens the cloud services Trend Micro can secure and resolves often overlooked security issues caused by cloud infrastructure misconfiguration.

Trend Micro’s strategy is built to ensure cloud security without disrupting how customers need to do business. This acquisition builds upon Trend Micro’s continuous innovation in cloud security, adding complementary capabilities that automatically identify and fix a range of cloud infrastructure configuration issues. It also optimizes costs and helps ensure compliance with leading industry regulatory standards such as PCI, GDPR, HIPAA and NIST.

In purposeful acquisitions, people matter as much as the technology, and Trend Micro will nurture and grow both as part of its market-leading cloud security strategy. The addition of all of Cloud Conformity’s employees brings valuable expertise and experience, along with the technology, to help businesses build in the cloud more effectively, not just build securely.

According to Gartner, “Through 2023, at least 99% of cloud security failures will be the customer’s fault.”* Gartner also states, “Through 2024, organizations implementing a CSPM offering and extending this into development will reduce cloud-related security incidents due to misconfiguration by 80%.” Trend Micro’s comprehensive set of cloud security services provide assurance for businesses that their risk is effectively managed while simultaneously meeting compliance standards.

Trend Micro is making the Cloud Conformity solution immediately available. For more information, please visit: http://trendmicro.com/cloudconformity.

*Neil MacDonald, “Innovation Insight for Cloud Security Posture Management,” Gartner.com, January 25, 2019, https://www.gartner.com/doc/3899373/innovation-insight-cloud-security-posture.

Trend Micro Incorporated today announced a strategic partnership with Snyk, the leader in developer-first open source security. The partnership will focus on solving the unrelenting challenge that open source vulnerabilities create for developers, stemming from code-reuse, public repositories and open source.

Together, Trend Micro and Snyk will help businesses manage the risk of vulnerabilities without interrupting the software delivery process. The combination of open source vulnerability intelligence from Snyk and Trend Micro will result in the most comprehensive ability to detect vulnerabilities for teams operating in a DevOps environment. Once vulnerabilities in containers are identified, Trend Micro is the shield and Snyk is the fix that combine for streamlined remediation and risk mitigation.

One of the key challenges for enterprise customers today is the need for speed in developing applications. Speed and efficiency is gained by leveraging open source code. Gartner reports,¹ “Open-source software is used within mission-critical IT workloads by over 95% of the IT organizations worldwide, whether they are aware of it or not.” Research from Snyk also found that those vulnerabilities in open source libraries are growing rapidly, nearly doubling in two years.²

[1] Gartner, Inc.; What Innovation Leaders Must Know About Open-Source Software; 26 August 2019 | G00441577

[2] Snyk, Inc.; 2019 State of Open Source Security https://snyk.io/blog/88-increase-in-application-library-vulnerabilities-over-two-years/

Additional terms of the ongoing partnership and product integration will be announced in November, 2019. For more information on the current partnership, please visit: https://www.trendmicro.com/snyk.

Trend Micro Incorporated today released research demonstrating that major new European banking rules could greatly increase the cyberattack surface for financial services firms and their customers.

The new research details the impact of the EU’s Revised Payment Services Directive (PSD2), which is designed to give users greater control over their financial data and the option of sharing it with a new breed of innovative Financial Technology (FinTech) firms. The same ideas are spreading globally under the term “Open Banking.”

The report highlights several possible attack scenarios under the new regulatory regime:

• Attacks on APIs: Public APIs are at the heart of Open Banking, allowing approved third parties to access users’ banking data to provide innovative new financial services. Implementation flaws in these APIs will allow attackers to exploit back-end servers to steal data.
• Attacks on FinTech companies: Users will be forced into a new trust relationship with providers that may have fewer resources than their banks and no track record on data protection. In a quick survey of Open Banking FinTechs, Trend Micro found them to have an average of 20 employees and no dedicated security professional. This makes them ideal targets for attackers and raises concerns over security gaps in their mobile apps, APIs, data sharing techniques and security modules that could be incorrectly implemented.
• Attacks on the apps or mobile platforms: Most Open Banking services will be deployed as mobile apps, making these a prime target for attackers. Finding the username, password, or encryption keys within the app would allow a criminal to retrieve banking data and pose as the user. Even if the apps don’t have permission to make payments, they could contain transaction data, allowing an attacker to build a highly accurate profile of their victims.
• Attacks against the user: Because new Open Banking apps will become the primary means for users to access financial data and services, phishing attacks could reap major rewards for attackers.

To prepare for the changing landscape, Trend Micro details how financial institutions can improve their cyber resilience. These include ensuring sensitive information is never contained in URL paths, prioritizing secure protocols, and eliminating risky practices.

Meanwhile, Open Banking app developers and owners must adopt a secure-by-design approach, including regular software audits.

To find out more about the cyberrisks associated with new Open Banking rules, read our report,Ready or Not for PSD2: The Risks of Open Banking, here: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-risks-of-open-banking-are-banks-and-their-customers-ready-for-psd2.

Trend Micro Incorporated today released new research detailing a fast-growing market for IoT attacks. Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes.

Trend Micro Research analyzed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetizing connected devices. The results reveal that the most advanced criminal markets are Russian- and Portuguese-speaking forums, in which financially driven attacks are most prominent. In these forums, cybercriminal activity is focused on selling access to compromised devices – mainly routers, webcams and printers – so they can be leveraged for attacks.

According to Trend Micro’s findings, most conversations and active monetization schemes are focused on consumer devices. However, discussions on how to discover and compromise connected industrial machinery are also occurring, especially the vital programmable logic controllers (PLCs) used to control large-scale manufacturing equipment. The most likely business plan to monetize attacks against these industrial devices involves digital extortion attacks that threaten production downtime.

Additionally, the report predicts an increase in IoT attack toolkits targeting a broader range of consumer devices, such as virtual reality devices. The opportunities for attackers will also multiply as more devices are connected to the internet, driven by 5G implementations.

Trend Micro urges manufacturers to partner with IoT security experts to mitigate cyber-related risks from the design phase. End users and integrators should also gain visibility and control over connected devices to be aware of and curb their cyber risk.

The full report, The Internet of Things in the Criminal Underground, can be found here:https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-internet-of-things-in-the-cybercrime-underground.

Trend Micro Incorporated today published its roundup report for the first half of 2019, revealing a surge in fileless attacks designed to disguise malicious activity. Detections of this threat alone were up 265% compared to the first half of 2018.

The findings in 2019 so far confirm many of the predictions Trend Micro made last year. Namely, attackers are working smarter to target businesses and environments that will produce the greatest return on investment.

Along with the growth in fileless threats in the first half of the year, attackers are increasingly deploying threats that aren’t visible to traditional security filters, as they can be executed in a system’s memory, reside in the registry, or abuse legitimate tools. Exploit kits have also made a comeback, with a 136% increase compared to the same time in 2018.

Cryptomining malware remained the most detected threat in the first half of 2019, with attackers increasingly deploying these threats on servers and in cloud environments. Substantiating another prediction, the number of routers involved in possible inbound attacks jumped 64% compared to the first half of 2018, with more Mirai variants searching for exposed devices.

Additionally, digital extortion schemes soared by 319% from the second half of 2018, which aligns with previous projections. Business email compromise (BEC) remains a major threat, with detections jumping 52% compared to the past six months. Ransomware-related files, emails and URLs also grew 77% over the same period.

In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, over 6 billion more than the same period last year. Of note, 91% of these threats entered the corporate network via email. Mitigating these advanced threats requires smart defense-in-depth that can correlate data from across gateways, networks, servers and endpoints to best identify and stop attacks.

To read the complete report, Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/evasive-threats-pervasive-effects.

By: Myla Pilao, Director for Technology Marketing, Trend Micro

In today’s ever-connected world, data breaches and cyberattacks have become increasingly common.  While ransomware attacks, specifically, may not be making headlines as often they should be, these attacks continue to be a persistent threat in the global cyber landscape indicating evolving approaches and brewing underground activity– known the silent evolution.

Dating back to 2007, when ransomware was just introduced, cybercriminals began with targeting end users. Over the years, however, as their techniques have become more sophisticated, there has been a transition towards highly targeted attacks with the most significantly impacted victims being enterprise and critical infrastructure industries. These include transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.

Beyond leveraging more sophisticated techniques, cybercriminals have developed the confidence to execute deep-surface campaigns. Instead of individual targets, attackers are now aiming at the main controller of network systems, including access to servers, exchange, active directory and so on, to create a bigger and deeper impact. This results in access to commands across the network. Recent examples such as LockerGoga, Ryuk, MegaCortex and Clop, show that as opposed to targeting one or two key areas, cybercriminals are now targeting the entire system. Recent examples have also significantly affected local governments in the United States, highlighting the impact of ransomware on smaller organizations that may lack the resources for proper IT hygiene practices.

As Canada continues to improve its systems and IT hygiene, it is creating a more equipped nation to tackle cyber crime. Although Canada stacks up well compared to other countries globally and is seeing a trend of decreasing ransomware infections, it has a large presence of critical infrastructure and therefore remains susceptible to threats.

In order for businesses to combat the silent evolution of ransomware, below are five best practices:

• Back up business data and company files regularly.To ensure the most efficient protection, back up files and data following the 3-2-1 rule, that is 3 different copies stored in 3 different places, in 2 different formats, with at least 1 copy stored offsite. In addition, businesses must test and verify these backups to ensure that they are intact and can be restored from in a reasonable amount of time, should they be needed.
• Update software and operating systems.Operating the latest versions can help prevent cybercriminals from abusing vulnerabilities in older software to spread ransomware.
  • The most noteworthy example is WannaCry, which made headlines in May 2017 after impacting a number of companies across the globe. Although the actual exploits that WannaCry abused were patched in March 2017, its widespread impact showed that many businesses were either unable to apply the patch on time or were using unsupported operating systems (which MS later patched).
• Implement network segmentation. Protecting the network against ransomware is very important, since infected networks are used to communicate with the cybercriminal’s servers and also used to spread ransomware within the network itself. Network segmentation can improve security by allocating user-specific resources which minimizes the ways that attackers can move within the network.
• Use multilayered security. Businesses now have workloads that spread across multiple environments ranging from physical servers to hybrid cloud and beyond), so using multilayered security should be a priority for companies that want to “cover all the bases.”
• Build a culture of security within the workplace. Organizations need to foster security awareness within their workforce. This goes beyond just regulatory compliance and should extend to employee education and remediation strategies.
  • For example, spam and phishing are two of the most common methods used to spread ransomware, making it important for businesses to teach their employees how to spot social engineering techniques.