Login
On March 3, 2020, the cyber division of Federal Bureau of Investigation (FBI) issued a private industry notification calling out Business Email Compromise (BEC) scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email services, are targeted by cyber criminals based on FBI complaint information since 2014. The scams are initiated through credential phishing attacks in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting the two cloud services. The popularity of Office 365 and G Suite has positioned themselves as attractive targets for cybercriminals.
Trend Micro Cloud App Security is an API-based service protecting Microsoft® Office 365, Google G Suite, Box, and Dropbox. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through Office 365 and G Suite’s built-in security.
In 2019, Trend Micro Cloud App Security caught 12.7 million high-risk email threats in addition to what Office 365 and Gmail security have blocked. Those threats include close to one million malware, 11.3 million phishing attempts, and 386,000 BEC attempts. The blocked threats include 4.8 million of credential phishing and 225,000 of ransomware. These are potential attacks that could result in an organization’s monetary, productivity, or even reputation losses.
Trend Micro started publishing its Cloud App Security threat report since 2018. For third year in a row, Trend Micro Cloud App Security is proven to provide effective protection for cloud email services. The following customer examples for different scenarios further show how Cloud App Security is protecting different organizations.
Customer examples: Additional detections after Office 365 built-in security (2019 data)
These five customers, ranging from 550 seats to 80K seats, are across different industries. All of them use E3, which includes basic security (Exchange Online Protection). This data shows the value of adding CAS to enhance Office 365 native security. For example, a transportation company with 80,000 Office 365 E3 users found an additional 16,000 malware, 510,000 malicious & phishing URLs and 27,000 BEC, all in 2019. With the average cost of a BEC attack at $75,000 each and the potential losses and costs to recover from credential phishing and ransomware attacks, Trend Micro Cloud App Security pays for itself very quickly.
Customer examples: Additional Detections after Office 365 Advanced Threat Protection (2019 data)
Customers using Office 365 Advanced Threat Protection (ATP) also need an additional layer of filtering as well. For example, an IT Services company with 10,000 users of E3 and ATP detected an additional 14,000 malware, 713,000 malicious and phishing URLs, and 6,000 BEC in 2019 with Trend Micro Cloud App Security.
Customer examples: Additional Detections after third-party email gateway (2019 data)
Many customers use a third-party email gateway to scan emails before they are delivered to their Office 365 environment. Despite these gateway deployments, many of the sneakiest and hardest to detect threats still slipped though. Plus, a gateway solution can’t detect internal email threats, which can originate from compromised devices or accounts within Office 365.
For example, a business with 120,000 Office 365 users with a third-party email gateway stopped an additional 27,000 malware, 195,000 malicious and phishing emails, and almost 6,000 BEC in 2019 with Trend Micro Cloud App Security.
Customer examples: Additional Detections after Gmail built-in security (2019 data)
*Trend Micro Cloud App Security supports Gmail starting April 2019.
For customer choosing G suite, Trend Micro Cloud App Security can provide additional protection as well. For example, a telecommunication company with 12,500 users blocked almost 8,000 high risk threats with Cloud App Security in just five months.
Email gateway or built-in security for cloud email services is no longer enough to protect organizations from email-based threats. Businesses, no matter the size, are at risk from a plethora of dangers that these kinds of threats pose. Organizations should consider a comprehensive multilayered security solution such as Trend Micro Cloud App Security. It supplements the included security features in email and collaboration platforms like Office 365 and G Suite.
Check out the Trend Micro Cloud App Security Report 2019 to get more details on the type of threats blocked by this product and common email attacks analyzed by Trend Micro Research in 2019.
The post Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security appeared first on .
Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.
There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.
Let’s take look at some of the main threats out there and what you can do to stay safe.
What do they want?
Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.
The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.
There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.
Look out for these scams
Here’s a round-up of the most popular tactics used by tax scammers today:
Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.
These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.
In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.
Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.
Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.
Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.
What to do
The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.
Here are a few other recommendations:
|
|
It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.
According to the IRS tax preparers should put the following internal controls in place:
|
|
How Trend Micro can help
Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.
Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:
|
|
To find out more, go to our Trend Micro Security website.
The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the data of train commuters in the U.K. who were using the free Wi-Fi in Network Rail-managed stations was unintentionally leaked due to an unsecured Amazon Web Services (AWS) cloud storage. Also, read about how more than 200 million records containing property-related information on U.S. residents were exposed.
Read on:
Security Risks in Online Coding Platforms
As DevOps and cloud computing has gained popularity, developers are coding online more and more, but this traction has also raised the questions of whether online integrated development environments (IDEs) are secure. In this blog, learn about two popular cloud-based IDEs: AWS Cloud9 and Visual Studio Online.
Legal Services Giant Epiq Global Offline After Ransomware Attack
The company, which provides legal counsel and administration that counts banks, credit giants, and governments as customers, confirmed the attack hit on February 29. A source said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.
Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
Trend Micro has conducted an analysis into the behavior of the Geost trojan by reverse engineering a sample of the malware. The trojan employed several layers of obfuscation, encryption, reflection, and injection of non-functional code segments that made it more difficult to reverse engineer. Read this blog for further analysis of Geost.
Trend Micro Cooperates with Japan International Cooperation Agency to Secure the Connected World
Trend Micro this week announced new initiatives designed to enhance collaboration with global law enforcement and developing nations through cybersecurity outreach, support and training. The first agreement is with the Japan International Cooperation Agency (JICA), a government agency responsible for providing overseas development aid and nurturing social economic growth in developing nations.
Data of U.K. Train Commuters Leak from Misconfigured AWS Cloud Storage
The data of train commuters in the U.K. who were using the free Wi-Fi in Network Rail-managed stations was unintentionally leaked due to an unsecured Amazon Web Services (AWS) cloud storage. Approximately 10,000 users were affected, and data thought to be exposed in the leak includes commuters’ travel habits, contact information such as email addresses, and dates of birth.
Critical Netgear Bug Impacts Flagship Nighthawk Router
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The warnings, posted Tuesday, also include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.
FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure
To thwart increasingly dangerous cyber criminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said this week. Unsophisticated cyber criminals now have the power to paralyze entire hospitals, businesses and police departments, Wray also said.
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on U.S. residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data included personal and demographic information such as name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth and property-specific information.
How Human Security Investments Created a Global Culture of Accountability at ADP
Human security is what matters during a cybersecurity crisis, where skills and muscle memory can make the difference in make-or-break moments. Leaders and culture are the most important predictors of cyberattack outcomes, so it’s time to stop under-investing in human security.
Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not to Pay?
There were at least 113 successful ransomware attacks on state and local governments last year, according to global cybersecurity company Emsisoft, and in each case, officials had to figure out how to respond. Read this article to find out how officials make the tough call.
Wondering how more than 200 million records were exposed without requiring any password or authentication? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: 10,000 Users Affected by Leak from Misconfigured AWS Cloud Storage and Massive U.S. Property and Demographic Database Exposes 200 Million Records appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
Read on:
Trend Micro Detects a 10 Percent Rise in Ransomware
In its 2019 Annual Security Roundup, Trend Micro detected a decrease in the number of new ransomware families despite the overall attack increase. Additionally, it found that ransomware groups formed alliances in 2019 for more effective attacks. The healthcare industry remains the most targeted by ransomware; meanwhile, government and education sectors were also highly targeted.
In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions
Are you sure your home network is secure? In the third post of its four-part series, Trend Micro breaks down home network security to help you test the following features: threat blocking, access control and parental controls.
Six Suspected Drug Dealers Went Free After Police Lost Evidence in Ransomware Attack
US prosecutors were forced to drop 11 narcotics cases against six suspected drug dealers after crucial case files were lost in a ransomware infection at a Florida police department. Evidence from the 11 cases could not be recovered following the attack that hit the Stuart police department in April 2019.
Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019
Trend Micro’s 2019 roundup report reveals just how many tools, techniques and procedures hackers have at their disposal today. With 52 billion unique threats detected in 2019 by Trend Micro’s filters alone, threats are becoming an overwhelming challenge for many IT security departments.
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cybersecurity researchers uncovered a new high-severity hardware vulnerability residing in Wi-Fi chips manufactured by Broadcom and Cypress—reportedly powering over a billion devices. Dubbed ‘Kr00k’ and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.
Cybercrime Group Uses G Suite, Physical Checks in BEC Scam
An African cybercrime group named Exaggerated Lion uses G Suite and physical checks as new tools for Business Email Compromise (BEC) attacks, reported in a research paper by Agari. Like other BEC scams, the targets belong to company departments that handle finance.
Cisco Patches Flaws in FXOS, UCS Manager and NX-OS Software
On Wednesday, Cisco released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software. The most important of the bugs is a high severity flaw in FXOS and NX-OS that could allow an unauthenticated, adjacent attacker to execute arbitrary code as root. The weakness can also be exploited for denial of service (DoS).
PowerGhost Spreads Beyond Windows Devices, Haunts Linux Machines
Trend Micro researchers encountered a PowerGhost variant that infects Linux machines via EternalBlue, MSSQL and Secure Shell (SSH) brute force attacks. The malware, previously known to target only Windows systems, is a fileless cryptocurrency-mining malware that attacks corporate servers and workstations, capable of embedding and spreading itself undetected across endpoints and servers.
Android Malware Can Steal Google Authenticator 2FA Codes
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.
Ransomware Hits U.S. Electric Utility
The Reading Municipal Light Department (RMLD) has been infected with ransomware, revealed in a statement by the electric utility company. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware and there was no indication of plans to pay ransom to the threat actors.
Are you surprised that the number of new ransomware families detected in 2019 decreased while number of attacks increased? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices appeared first on .
Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019 roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.
In response, many CISOs are rightly re-examining how they approach threat defense. Rather than create potential security gaps and risk budget shortfalls through best-of-breed investments, they’re understanding that it may be better to consolidate on one provider that can do it all.
The state of play
Our report provides an alarming snapshot into a threat landscape characterized by volatility and chaos. Financially motivated cybercriminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface.
Three trends in the report stand out:
Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10% to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defense strategies.
Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91%) of threats we blocked last year, and increased 15% in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100% from the previous year. BEC attacks, which the FBI has claimed cost more than any other cybercrime type last year, grew 5%.
The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. We also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts.
What happens now?
This is just the tip of the iceberg. We also detected a 189% brute force IoT logins, an increase in mobile malware, and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimizing defense at each layer.
Here’s a quick checklist of elements to consider:
|
|
To find out more, read Trend Micro’s 2019 roundup report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/the-sprawling-reach-of-complex-threats.
The post Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019 appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.
Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.
We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.
To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:
http://www.eicar.org/download/eicar.com
When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.
Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.
Device control is the first part of access control.
|
|
Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.
For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.
Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.
In this test, we will use the free version of TeamViewer.
|
|
HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.
Next, you should test Disconnecting Devices.
|
|
As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.
Testing Website Filtering is easy.
|
|
The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.
Moving forward, Content Filtering is next in our checklist.
|
|
When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.
To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.
|
|
Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.
To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.
As an example:
|
|
To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.
Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.
To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.
Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.
Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.
Go here for Parts 1 and 2 of our series:
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a variant of LokiBot that has been discovered impersonating a popular game launcher, known for Fortnite, to trick users into executing it on their machines. Also, read about how an advanced threat actor has been targeting gambling and betting companies with malware linked to two Chinese hacker groups.
Read on:
LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
LokiBot, which can harvest sensitive data such as passwords and cryptocurrency information, has been discovered impersonating game launcher Epic Games—the company behind games such as Fortnite–to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.
DRBControl Espionage Operation Hits Gambling, Betting Companies
An advanced threat actor has been targeting gambling and betting companies with malware that links to two Chinese hacker groups. The mission — named “DRBControl” by security researchers — appears to be cyberespionage and includes stealing databases and source code from the targets. Researchers at Trend Micro painted a larger picture of DRBControl’s activities after analyzing a backdoor used by the group against a company in the Philippines.
Uncovering Risks in Ordinary Places: A Look at the IoT Threat Landscape
As the IoT continues to become more integrated into enterprises and homes, the threat landscape also expands. In this blog, Trend Micro looks at the most significant threats and vulnerabilities in IoT devices on the edge of the network, within the network itself, and on the cloud; as well as gains insights from the cybercriminal underground.
Newly Discovered Vulnerability Can Let Hackers Impersonate LTE Mobile Device Users, Researchers Say
German researchers have found a new vulnerability on 4G/LTE mobile devices that could allow hackers to impersonate the phone’s owner. In this article, Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro, discusses the threat level of this vulnerability and its risks, which include running up a person’s bill by making international calls or using premium services offered by the victim’s provider, like a TV streaming service.
Fake Dating Apps Found as Top Source of Malware in Africa
According to research from Kaspersky, 7,734 attacks from 1,486 threats were detected, affecting 2,548 mobile users from the continent. The countries with the most recorded attacks were South Africa with 58%, as Kenya (10%) and Nigeria (4%) trail behind.
US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to all industries operating critical infrastructures about a new ransomware in response to a cyberattack targeting an unnamed natural gas compression company’s internal network, encrypting critical data and knocking servers out of operation for almost two days.
Plugin Leaves Nearly 100,000 WordPress Sites Vulnerable to Compromise
According to a report by WebARX, a vulnerability in a plugin for WordPress themes allows remote attack execution, gives full administrator rights, and can possibly even wipe out the entire website database. The vulnerability was discovered in ThemeGrill Demo Importer, a plugin that offers demo options for themes, widgets, and other content that can help customize websites.
MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer
A hacking forum this week published personal details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. Those guests included celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.
Stolen Credit Card Data Concealed through Fake Club Membership Cards
Stolen credit card data has been disguised through counterfeit club membership cards, as revealed by the U.S. Secret Service and reported by Brian Krebs. The cards, purportedly for exclusive use at name-brand retailers, had barcodes that contained the credit card information as well expiration dates and card verification values (CVVs).
Adobe Releases Out-of-Band Patch for Critical Code Execution Vulnerabilities
Adobe has released an out-of-schedule fix to resolve two vulnerabilities that may expose user systems to code execution attacks. Users of Adobe Media Encoder and After Effects should update their software builds immediately. The tech giant thanked researcher Francis Provencher, alongside Matt Powell from Trend Micro’s Zero Day Initiative for reporting the vulnerabilities.
Surprised by the scale of the giant MGM Grand breach? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: LokiBot Impersonates Popular Game Launcher and DRBControl Espionage Operation Hits Gambling, Betting Companies appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the more than 140 February Patch Tuesday updates from Microsoft and Adobe. Also, read about how an unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 inmate records in several U.S. states.
Read on:
February 2020 Patch Tuesday: Microsoft Fixes 99 Vulnerabilities, Adobe 42
This week, patches from Microsoft and Adobe for February were announced. Microsoft released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe released fixes for 42, most of which are critical, and none actively exploited.
How to Manage Your Privacy On and Off Facebook
Where on Facebook is your privacy most at risk and what can you do to mange these risks? Although Facebook has taken steps to offer users tools to manage their data, such as their recent broad launch of their Off-Facebook Activity tool, they are not always easy to find. This blog from Trend Micro serves as a guide on how to protect your privacy on Facebook.
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
Emotet, the notorious trojan behind several botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already-infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems
Trend Micro discovered that the hacking group Outlaw has been busy developing their toolkit for illicit income sources. While they had been quiet since Trend Micro’s analysis in June, there was an increase in the group’s activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks.
Irving Security Company Spun Out of Trend Micro Lands $26M in Funding
Cysiv announced this week the close of a $26 million Series A financing led by ForgePoint Capital, a top tier venture capital firm that invests in transformative cybersecurity companies. Trend Forward Capital has been actively backing Cysiv and is also participating in this financing. Proceeds will be used to scale business operations and fuel further platform enhancements.
Trickbot, Emotet Use Text About Trump to Evade Detection
Threat actors have been using text from news articles about U.S. President Donald Trump to make malware undetectable. Trickbot samples employing this technique were recently found, while Trend Micro researchers detected Emotet samples using the same method.
Puerto Rico Gov Hit By $2.6M Phishing Scam
According to reports, an email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors. The scam email alleged a change to a banking account tied to remittance payments, which is a transfer of money (often by a foreign worker) to an individual in their home country.
Malicious Spam Campaign Targets South Korean Users
The spam campaign, detected by Trend Micro researchers, utilizes attachments compressed through ALZip, an archive and compression tool widely used in South Korea. When decompressed, the attachment is revealed to contain two executable (.EXE) files that carry the information stealer TrojanSpy.
Google Removes 500+ Malicious Chrome Extensions from the Web Store
Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-month long investigation conducted by security researcher Jamila Kaya and Cisco’s Duo Security team. The removed extensions operated by injecting malicious ads (malvertising) inside users’ browsing sessions.
Dynamic Challenges to Threat Detection and Endpoint Security — and How to Overcome Them
As a result of great technological advancements, our environments are steadily changing. Now more than ever, individuals and organizations rely on technology to make life more dynamic. This reliance on technology and the consequent expanding attack surface are what cybercriminals bank on as they create threats that are meant to trick users and organizations. In this blog, learn how to step up your threat detection and endpoint security.
YouTube, Twitter Hunt Down Deepfakes
YouTube and Twitter have taken measures to clamp down on synthetic and manipulated media, including deepfakes. Deepfakes are media (images, audio, video, etc.) synthetically generated through artificial intelligence and machine learning (AI/ML), which have been exploited in adult videos and propaganda using the faces and voices of unwitting celebrities, politicians, and other well-known figures.
Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records
An unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 records belonging to inmates of correctional facilities in several U.S. states. The leak, which was discovered by vpnMentor, exposed personally identifiable information (PII), prescription records and details of inmates’ daily activities.
An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
CVE-2020-0601 is a vulnerability that was discovered by the National Security Agency (NSA) and affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could create their own cryptographic certificates that appear to originate from a legitimate certificate that is trusted by Windows by default.
In your opinion, what was the most noteworthy patch from this month’s update? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records appeared first on .
Social media has come a long way in a short space of time. In a little over a decade, it’s grown from being the preserve of a relatively small group of online enthusiasts to one of the defining trends of 21st century life. As the undisputed global leader in this field, Facebook now boasts nearly 1.7 billion daily active users.
Not only do we share personal and global news, photos and videos with each other every day on the site, we also log-in to our favorite third-party websites and apps via Facebook to shop, chat, play games and much more. In short, social media makes life more fun, more social, and more connected.
But at the same time, our digital lives have become more complicated. Sometimes we share without realizing the significance of the data we’re showing others — including strangers, trolls and maybe even fraudsters. Sometimes we sign-up for third-party apps/services that take advantage of small print agreements to sell our data on to others — possibly for uses we did not want. And often, the websites we visit independently of Facebook send data on our browsing behavior back to the social network without our knowledge.
Some of us view this kind of tracking as the price we pay for free internet services, and welcome the improved personalization it enables. But others may feel creeped out that their family’s every click and swipe is being silently monitored, logged, and shared.
Time for action
The good news is that Facebook has been listening (to some extent!) to regulators and consumers, and has started the new year by offering users more tools to shine a light on where and how their data is being used, and how they can protect their privacy. But we’re talking here about a platform that has been growing non-stop for the past 15 years. Complexity is everywhere, and it’s not always easy to find the tools you need to enhance your privacy on the site.
That’s why we’ve put together this short guide. It’ll teach you where your privacy is most at risk on Facebook, and what you can do to manage these risks, including an assist by Trend Micro’s own Privacy Scanner tool.
Why should I be worried?
Although social media offers much to enrich and improve our lives, there are multiple levels of privacy risk involved in using it. For many of us, the stakes have risen almost silently in the background over the past few years. We can split these into three basic areas:
Oversharing: At a very basic level Facebook allows you to share news, pictures, stories and more with the world. But would you want your boss, prospective employer, law enforcement, credit agencies and other users to see every little thing about you? Yes, they increasingly use Facebook as a source of intelligence gathering, so you may want to limit who can view your information to just those in your friendship network.
Among the most prodigious collectors and monetizers of our private data are cyber-criminals. A Facebook account is a trove of sensitive personal information: everything from email addresses and phone numbers to partners and political preferences. It could all be leveraged to commit identity fraud or craft convincing phishing emails which trick you into giving away even more details. Something as innocuous as a photo of a family pet could provide hackers with some useful intel for guessing your online passwords. Or what about a real-time update from the beach? It might be all an opportunistic burglar needs to raid your home.
Third-party apps and websites: One of the most controversial aspects of data collection and use on Facebook relates to partner sites and services. Often, users sign-up for these apps without being fully aware of how their data will be used, or even what profile data the app may be gaining permission to harvest. It was data on 87 million Facebook users and their friends collected by a popular third-party personality test app that ended up being sold to Cambridge Analytica. It was then controversially used to target US voters ahead of the last Presidential election.
Following a huge FTC fine, Facebook is now more rigorous in ensuring third-party developers comply with its privacy and data use policies. But some users may still balk at their private data being sold on to third parties.
Other Off-Facebook activity: Apps and websites that you log into with your Facebook ID technically count as “off-Facebook activity”: that is, stuff that happens outside of the social site. But there’s more. Did you know, for example, that Facebook collects data from a huge number of additional sites and apps that aren’t obviously connected to the platform?
It uses code embedded on these sites to track what you do there, in order to make advertising on Facebook more targeted and personalized. So accurate and covert is this technology that it has given rise to a conspiracy theory that Facebook is somehow listening in to its users’ phone calls. It’s not. Users simply don’t know that, when they visit many sites and apps on the web, those same sites are secretly sending data back to Facebook, which then serves up relevant ads. Just bought Season One of your favorite show on a streaming app? You may get an ad for Season Two when you next visit your Facebook account.
Some people may be fine with this trade-off: privacy for a more tailored user experience. But many others may not. It’s one thing monitoring what you bought off an e-commerce site, quite another to track who you swiped left on when you were last on a dating site.
How can I manage my privacy better?
Fortunately, Facebook provides tools to help you to manage your privacy. Let’s go through some of them, from the newest to the oldest.
Off-Facebook
Facebook has just released a way of checking which sites/apps track and send data on your web usage back to the social network, clearing your data sharing history with them, and disconnecting for the future.
There are some caveats. Disconnecting in this way will log you out of any apps/sites you used Facebook to log into. In addition, it will not stop Facebook serving you advertising — you’ll get the same number of ads, except these won’t be as personalized as before. Facebook will also continue to receive information about your interactions on various sites, but this will be anonymized. |
|
Particular apps, games and websites
You can also directly edit the privacy and settings of particular apps, games and websites you’ve logged into with your Facebook account.
|
|
Basic privacy settings
Facebook has also overhauled its most basic privacy settings. Its Privacy Checkup tool features four distinct sections.
|
|
How Trend Micro can help
An easier option for managing your basic privacy on Facebook is the Trend Micro Privacy Scanner, which is available within Trend Micro Security on Windows and Mac, and within Mobile Security on Android and iOS. It automates the process of finding and fixing any potentially risky settings to keep your personal data safe from prying eyes.
It’s turned on by default in Trend Micro Internet and Maximum Security, as well as in Mobile Security.
|
|
Facebook is getting better at privacy, but its controls can be hard to find, and functionality is constantly being updated. That’s why we recommend a privacy audit every few months. Check in with your Facebook Privacy settings directly or via the Privacy Scanner to make sure you’re not leaking personal data. Privacy is subjective, but we’re all getting more critical about how big corporations use our data — and that’s not a bad thing.
Go here for more information on Trend Micro Security and Trend Micro Mobile Security.
The post How to Manage Your Privacy On and Off Facebook appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords so it can steal them for credit card information and other personal data.
Read on:
Four Reasons Your Cloud Security is Keeping You Up at Night
Organizations are migrating to the cloud for speed, agility, scalability, and cost-efficiency – but they have realized that it demands equally powerful security management. As the cloud continues to attract more businesses, security teams are spending sleepless nights securing the infrastructure. We can reduce the number of security issues affecting cloud infrastructure; however, we must first conquer the possible reasons for security vulnerabilities.
Trend Micro and Baker Hughes Collaborate to Help Deliver Protection for Critical Infrastructure
Trend Micro announced this week that it will collaborate with Baker Hughes’ Nexus Controls operational technology (OT) security experts through a strategic framework agreement, signed in late 2019. Together the companies aim to provide comprehensive, industry leading guidance and support for enterprises running critical OT environments.
Trend Micro recently discovered several malicious optimizer, booster and utility apps (detected as AndroidOS_BadBooster.HRX) on Google Play. The apps can access remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.
Zero Day Initiative Bug Hunters Rake in $1.5M in 2019
Zero Day Initiative, a division of Trend Micro, awarded more than $1.5 million in cash and prizes to bug-hunters throughout 2019, resulting in 1,035 security vulnerability advisories for the year. Most of those advisories (88 percent) were published in conjunction with a patch from the vendor.
ICS in VUCA: Insights from the World‘s Biggest ICS Security Event – S4
Many sessions at this year’s S4 discussed strengthening leadership. The environment surrounding the ICS community is filled with volatility, uncertainty, complexity and ambiguity (VUCA), and it requires strong leadership to drive changes. In this blog, read about the key takeaways coming out of the world’s leading ICS security event, S4.
This Crafty Malware Makes You Retype Your Passwords So It Can Steal Them
A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details. Detailed by researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico.
SORA and UNSTABLE: 2 Mirai Variants Target Video Surveillance Storage Systems
Trend Micro researchers encountered two variants of the notorious internet of things (IoT) malware, Mirai, employing a new propagation method. The two variants, namely SORA (detected as IoT.Linux.MIRAI.DLEU) and UNSTABLE (detected as IoT.Linux.MIRAI.DLEV), gain entry through Rasilient PixelStor5000 video surveillance storage systems by exploiting CVE-2020-6756.
Vulnerability in WhatsApp Desktop Exposed User Files
Facebook has patched a vulnerability in WhatsApp Desktop that could allow an attacker to launch cross-site scripting (XSS) attacks and access files from the victim’s system when paired with WhatsApp for iPhone. The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who found he could bypass WhatsApp’s CSP to execute code on a target system using maliciously crafted messages.
Ryuk Ransomware Infects US Government Contractor
The internal system of U.S. government contractor Electronic Warfare Associates (EWA) was infected with Ryuk ransomware last week, ZDNet reported. EWA is a contractor that supplies electronic equipment and services to the Department of Defense (DOD), the Department of Homeland Security (DHS), and the Department of Justice (DOJ).
New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant.
New Extortion Campaign Threatens Victims of the 2015 Ashley Madison Breach
A new extortion campaign is targeting victims of the Ashley Madison data breach that happened five years ago, Vade Secure reports. Avid Life Media — the company behind the site — was hacked in 2015 by a group known as Impact Team. The actors behind this new campaign tell victims that they will publicize proof of their profile as well as other “embarrassing” activities and demand bitcoins as payment.
Emotet Uses Coronavirus Scare in Latest Campaign, Targets Japan
Threat actors behind the Emotet malware used the novel coronavirus (2019-nCoV) scare as a hook for their spam email campaign against targets in Japan. IBM X-Force reported that the coronavirus spam emails were disguised as official notifications sent by a disability welfare provider and public health centers. The email content warns recipients about the rapid spread of the virus and instructs them to download an attached notice that allegedly contains preventive measures.
Researchers Use Smart Light Bulbs to Infiltrate Networks
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the Zigbee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices.
What was your biggest takeaway from the S4 ICS security conference this year? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: ZDI Bug Hunters Rake in $1.5M in 2019 and Metamorfo Trojan Malware Campaign Targets Online Banking Users appeared first on .
We are excited to introduce guest posts from our newest Trenders from Cloud Conformity, now Trend Micro Cloud One – Conformity. More insights will be shared from this talented team to help you be confident and in control of the security of your cloud environments!
Why your cloud security is keeping you up at night
We are all moving to the cloud for speed, agility, scalability, and cost-efficiency and have realized that it demands equally powerful security management. As the cloud keeps on attracting more businesses, security teams are spending sleepless nights securing the infrastructure.
Somewhere, a cyber con artist has a target set on you and is patiently waiting to infiltrate your security. Managing your security posture is as critical as wearing sunscreen even if the sun is hiding behind a cloud. You may not feel the heat instantly, but it definitely leaves a rash for you to discover later.
Analyzing the volume of issues across the global Trend Micro Cloud One – Conformity customer base clearly shows that ‘Security’ is the most challenging area within AWS infrastructure.
According to an internal study in June 2019, more than 50% of issues belonged to the ‘Security’ category.
We can definitely reduce the number of security issues affecting cloud infrastructure, but first need to conquer the possible reasons for security vulnerabilities.
1. Not scanning your accounts regularly enough
If you deploy services and resources multiple times a day, you must continuously scan all your environments and instances at regular intervals. Tools like Conformity Bot scans your accounts against 530 rules across five pillars of the Well-Architected Framework to help you identify potential security risks and prioritize them. You can even set up the frequency of scans or run them manually as required.
2. Not investing in preventative measures
Seemingly harmless misconfigurations can cause enormous damage that can rapidly scale up and result in a security breach. You can prevent potential security risks from entering live environments by investing some time in scanning your staging or test accounts before launching any resources or services. You can use a Template Scanner to scan your account settings against CloudFormation Template and identify any security and compliance issues before deployment.
3. Not monitoring real-time activity
Catastrophes don’t wait! It may take a few minutes before someone barges into your cloud infrastructure while you are away on the weekend. You need to watch activity in real-time to act on threats without delay. A tool such as Real-Time Monitoring Add-on tracks your account’s activity in real time and triggers alerts for suspicious activity based on set configurations. For example, you can set up alerts to monitor account activity from a specific country or region.
4. Not communicating risks in a timely manner
The information trickling from your monitoring controls is fruitless until you get the right people to act quickly. One of the best practices to maintain smooth security operations is to merge the flow of security activity and events into information channels. Conformity allows you to integrate your AWS accounts with communication channels, for example Jira, email, SMS, Slack, PagerDuty, Zendesk, ServiceNow ITSM, and Amazon SNS. Moreover, configuring communication triggers sends notifications and alerts to set teams through the selected channels.
AWS provides you with the services and resources to host your apps and infrastructure, but remember – Security is a shared responsibility in which you must take an active role.
See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.
Stay Safe!
The post Four Reasons Your Cloud Security Is Keeping You Up At Night appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, over two thousand WordPress sites were compromised using a malicious script that redirects visitors to scam websites. Also, read about how Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology.
Read on:
Security Analysis of Devices that Support SCPI and VISA Protocols
The Standard Commands for Programmable Instruments (SCPI) protocol, now 30 years old, was initially designed for sensors communicating over serial lines to make adoption via different languages and hardware interfaces easier. Today, these devices are being exposed to the internet as more networks get connected, but they have never been designed for it and network administrators might not be aware that this is happening.
The Rich Are Different, but their Smartphones Aren’t
After Jeff Bezos’ phone was hacked, it raised the question of how high-profile people protect their cybersecurity. In this article, Mark Nunnikhoven, vice president of cloud research at Trend Micro, explains that the rich and famous can’t buy phones that are more secure than the average.
Malicious Script Plagues Over 2,000 WordPress Accounts, Redirects Visitors to Scam Sites
Besides leading visitors to scam websites, the malicious script can also gain unauthorized admin access to affected WordPress sites, allowing attackers to inject malware and apply modifications. Sucuri reported that the attackers gained access to the affected sites by exploiting plugins such as the vulnerable versions of the “CP Contact Form with PayPal” and the “Simple Fields” plugins.
Avast Winds Down Jumpshot, Cites User Data Sale Privacy Concerns
Avast is winding down its subsidiary Jumpshot following an explosive investigation into the sale of user data to third parties that may pose a risk to consumer privacy. The antivirus vendor said the unit will no longer have access to user information harvested from users of Avast products and services will eventually be fully terminated.
Unsecured AWS S3 Bucket Found Leaking Data of Over 30K Cannabis Dispensary Customers
An unsecured Amazon S3 bucket owned by cannabis retailer THSuite was found leaking the data of more than 30,000 individuals. Discovered by a vpnMentor research team during a large-scale web mapping project, the unsecured bucket exposed 85,000 files that included records with sensitive personally identifiable information (PII).
Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition
Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The suit stems from a class-action proceeding from Facebook users in Illinois over a feature called Tag Suggestions, which identifies Facebook users in photos based on biometric identification technology.
Google, Mozilla Crack Down on Malicious Extensions and Add-ons
The Google security team has temporarily disallowed the publishing or updating of paid extensions that use the Chrome Web Store payments due to an influx of fraudulent transactions performed via the extensions. Mozilla banned 197 suspicious Firefox add-ons that executed malicious code, ran codes from a remote server, stole user data, collected user search terms and obfuscated source code.
Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point disclosed details of two recently patched vulnerabilities in Microsoft Azure services that are potentially dangerous and, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
3 Indonesian Hackers Arrested for Global Magecart Attacks, Other Members Still at Large
The International Criminal Police Organization (Interpol), together with the Indonesian National Police, recently publicized the arrest of three Indonesian men suspected of being behind intercontinental Magecart attacks. Known targets of this attack include online shops, hotel chains, advertising companies and even schools.
Inside the World’s Highest-Stakes Industrial Hacking Contest
Pwn2Own Miami, held at the S4 industrial control system security conference, has focused its participants’ skills for the first time exclusively on industrial control software (ICS). Every target is an application that touches physical machinery. The compromises could have catastrophic effects, from blackouts to life-threatening industrial accidents. In this article, read more about the inaugural Pwn2Own Miami competition.
Over 30 Million Stolen Credit Card Records Being Sold on the Dark Web
Cybercriminals were found selling more than 30 million credit card records on the dark web, purportedly from a data breach suffered by a U.S.-based gas station and convenience store chain last year. The breach was caused by a PoS malware attack and affected 860 convenience stores, of which 600 were also gas stations.
What are your thoughts on the class action lawsuit over Facebook’s facial recognition technology? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Over 2,000 WordPress Accounts Compromised and Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, dive into a research study that explores the risks associated with common cybersecurity vulnerabilities in a factory setting. Also, read about how misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records.
Read on:
Last week, Microsoft announced vulnerability CVE-2020-0601 and has already released a patch to protect against any exploits stemming from the vulnerability. Understanding how difficult it can be to patch systems in a timely manner, Trend Micro created a valuable tool that will test endpoints to determine if they have been patched against this latest threat or if they are still vulnerable.
Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware and cryptocurrency miners. All of these incidents were spotted by researchers at Trend Micro who built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target.
Defend Yourself Now and In the Future Against Mobile Malware
Recently, 42 apps were removed from the Google Play Store after being installed eight million times over the period of a year, flooding victims’ screens with unwanted advertising. Trend Micro blocked more than 86 million mobile threats in 2018, and that number is expected to continue to increase. To learn how to protect your mobile device from hackers, read this blog from Trend Micro.
Trend Micro Joins LOT Network to Fight ‘Patent Trolls’
Trend Micro announced this week that it has joined non-profit community LOT Network in a bid to combat the growing threat posed to its business and its customers by patent assertion entities (PAEs). The community now has more than 500 members, including some of the world’s biggest tech companies such as Amazon, Facebook, Google, Microsoft and Cisco.
Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601
Security researchers have released proof-of-concept (PoC) codes for exploiting CVE-2020-0601, a bug that the National Security Agency (NSA) reported. The vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) certificates and Public Key Infrastructure (PKI) trust. Enterprises and users are advised to patch their systems immediately to prevent attacks that exploit this security flaw.
Microsoft Leaves 250M Customer Service Records Open to the Web
Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account information dates back as far as 2005 and as recent as December 2019 and exposes Microsoft customers to phishing and tech scams. Microsoft said it is in the process of notifying affected customers.
Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided
On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited targeted attacks exploiting the flaw.
Google to Apple: Safari’s Privacy Feature Actually Opens iPhone Users to Tracking
Researchers from Google’s Information Security Engineering team have detailed several security issues in the design of Apple’s Safari anti-tracking system, Intelligent Tracking Prevention (ITP). ITP is designed to restrict cookies and is Apple’s answer to online marketers that track users across websites. However, Google researchers argue in a new paper that ITP leaks Safari users’ web browsing habits.
Hacker Publishes Credentials for Over 515,000 Servers, Routers, and IoT Devices
A hacker has published the credentials of over 515,000 servers, routers, and IoT devices on a well-known hacking website. ZDNet reported that the list consists of IP addresses and the usernames and passwords used by each for unlocking Telnet services, the port that allows these devices to be controlled through the internet.
Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment
The first Pwn2Own hacking competition that exclusively focuses on industrial control systems (ICS) has kicked off in Miami. So far, a total of $180,000 has been awarded for pwning five different products. The contest hosts at Trend Micro’s Zero Day initiative (ZDI) have allocated more than $250,000 in cash and prizes for the contest, which is testing eight targets across five categories.
Sextortion Scheme Claims Use of Home Cameras, Demands Bitcoin or Gift Card Payment
A new sextortion scheme has been found preying on victims’ fears through social engineering and follows in the footsteps of recent sextortion schemes demanding payment in bitcoin. Security researchers at Mimecast observed the scheme during the first week of the year. The scheme reportedly sent a total of 1,687 emails on Jan. 2 and 3, mostly to U.S. email account holders.
NetWire RAT Hidden in IMG Files Deployed in BEC Campaign
A recent business email compromise (BEC) campaign, purportedly coming from a small number of scammers in Germany, targets organizations by sending them emails with IMG file attachments hiding a NetWire remote access trojan (RAT). The campaign was discovered by IBM X-Force security researchers and involves sending an employee of the targeted organization an email masquerading as a corporate request.
What are your thoughts on the results of Trend Micro’s factory honeypot study? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web appeared first on .
The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.
There are said to be around 2.8 million of these apps on the official Google Play Store today. But unfortunately, where there are users, there are also hackers looking to capitalize. And one of their favorite ways to make money is by tricking you into downloading a malicious app they’ve sneaked onto the marketplace.
Most recently, 42 such apps had to be removed after being installed eight million times over the period of a year, flooding victims’ screens with unwanted advertising. This is just the tip of the iceberg. As more of us turn to mobile devices as our primary internet gateway, the bad guys will follow suit. Trend Micro blocked over 86 million mobile threats in 2018, and we can expect this figure to increase into the future.
So how can you protect your devices and your data from hackers?
Adware ahoy
The latest bunch of 42 apps are from a class of malicious software known as adware. This follows a previous discovery by Trend Micro earlier this year of a further 85 adware-laden apps downloaded eight million times. Cyber-criminals fraudulently make money by displaying unwanted ads on the victim’s device. In the meantime, the user has to contend with annoying pop-ups which can run down the device’s battery and eat up computing resources. Some even silently gather user information.
Ones to watch
Unfortunately, it’s increasingly difficult to spot malicious apps on the Play Store. A popular tactic for hackers is to hide their malware in titles which impersonate legitimate applications. A recent two-year study found thousands of such counterfeits on the Play Store, exposing users unwittingly to malware. Banking apps are a particularly popular type of title to impersonate as they can provide hackers with highly lucrative log-ins to open users’ accounts.
Some malware, like the recently disclosed Agent Smith threat, works by replacing all the legitimate apps on a user’s device with malicious alter-egos.
So, as we hit 2020, what other threats hidden in legitimate-seeming apps should mobile users be looking out for?
|
|
Is Google helping?
The Android ecosystem has always and remains to be a bigger threat than iOS because it’s relatively easier for developers to get their applications onto the official marketplace. Now, it’s true that Google carries out some vetting of the apps on its Play Store and it is getting better and quicker at spotting and blocking malware. It says the number of rejected app submissions grew by over 55% in 2018 while app suspensions increased by over 66%.
However, Google’s Play Protect, which is pre-installed on Android devices, has garnered less than favorable reviews. This anti-malware solution is intended to scan for malicious apps to prevent you downloading them. However, it has received poor reviews for its “terrible malware protection.”
In fact, in independent tests run in July by German organization AV-TEST, Google Play Protect found just 44% of the 3,347 “real-time” online malware threats, and just 55% of the 3,433 malware samples that were collected in the previous month. According to Tom’s Guide, “these scores are all well below the industry averages, which were always 99.5% or above in both categories for all three rounds.”
How do I stay safe?
So how can mobile users ensure their personal data and devices are secure from the growing range of app-based threats?
Consider the following:
|
|
How Trend Micro Mobile Security helps
Trend Micro Mobile Security (TMMS) offers customers comprehensive anti-malware capabilities via its real-time Security Scan function. Security Scan alerts you to any malware hidden in apps before they are installed and suggests legitimate versions. It can also be manually run on devices to detect and remove malicious apps, including ransomware, that may already have been installed.
To use the manual scan, simply:
1. Tap the Security Scan panel in the TMMS Console. The Security Scan settings screen appears, with the Settings tab active by default.
2. Tap Scan Now to conduct a security scan. The result appears.
3. In the example shown, “Citibank” has been detected as a fake banking app, installed on the device before Mobile Security was installed. Apps are recommended for you to remove or to trust.
4. Tap Uninstall to uninstall the fake app. A Details screen defines the security threats.
5. Tap Uninstall A popup will ask if you want to uninstall the app.
6. Tap Uninstall once more to uninstall it. The app will uninstall.
7. If there are more potentially unwanted apps, tap the panel for Apps Removal Recommended to show the list of apps recommended for removal. The Removal Recommended list will show apps to Remove or Trust.
8. You can configure settings via Security Scan > Settings This will allow you to choose protection strength (Low, Normal, and High).
9. In Settings, check the Pre-Installation Scan, which is disabled by default, to block malware from Google Play before it’s installed. It sets up a virtual private network (VPN) and enables the real-time scan.
Among its other features, Trend Micro Mobile Security also:
|
|
To find out more about Trend Micro Mobile Security, go to our Mobile Security Solutions website, where you can also learn about our Mobile Security solution for iOS.
Tags: Mobile Security, Mobile Antivirus, Mobile Antimalware, Android Antivirus
The post Defend Yourself Now and in the Future Against Mobile Malware appeared first on .
So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitimate, leading to potentially disastrous man-in-the-middle attacks.
Here’s the good news. Microsoft has already released a patch to protect against any exploits stemming from this vulnerability. But here’s the catch: You have to patch!
While Trend Micro offers industry-leading virtual patching capabilities via our endpoint, cloud, and network security solutions, the best protection against vulnerabilities is to deploy a real patch from the software vendor. Let me say it again for effect – the best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update.
We understand how difficult it can be to patch systems in a timely manner, so we created a valuable tool that will test your endpoints to see if whether they have been patched against this latest threat or if they are still vulnerable. Additionally, to ensure you are protected against any potential threats, we have just released additional layers of protection in the form of IPS rules for Trend Micro Deep Security and Trend Micro Vulnerability Protection (including Trend Micro Apex One). This was rolled out to help organizations strengthen their overall security posture and provide some protection during lengthy patching processes.
You can download our Trend Micro Vulnerability Assessment Tool right now to see if you are protected against the latest Microsoft vulnerability. And while you’re at it, check out our latest Knowledge Based Article for additional information on this new vulnerability along with Trend Micro security capabilities that help protect customers like you 24/7. Even during those quiet days in January.
The post Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a major crypto-spoofing bug impacting Windows 10 that has been fixed as part of Microsoft’s January Patch Tuesday update. Also, read about the launch of Pwn2Own Vancouver, where it will pay to hack a Tesla Model 3.
Read on:
Can You Hack a Tesla Model 3? $500,000 Says That You Can’t
Trend Micro’s Zero Day Initiative (ZDI) has officially announced that its Pwn2Own Vancouver competition will be hosted at CanSecWest March 18-20. This time, the stakes have been upped in the automotive category: the hacker who can evade the multiple layers of security found in a Tesla Model 3 to pull off a complete vehicle compromise will win a $500,000 prize and a new Tesla Model 3.
Texas School District Loses $2.3 Million to Phishing Scam, BEC
Manor Independent School District (MISD) in Texas is investigating an email phishing attack after a series of seemingly normal school-vendor transactions resulted in the loss of an estimated $2.3 million. According to the statement posted on Twitter, the district is cooperating with the Manor Police Department and the Federal Bureau of Investigation (FBI).
Equifax Settles Class-Action Breach Lawsuit for $380.5M
A Georgia court granted final approval for an Equifax settlement in a class-action lawsuit, after the credit-reporting agency was hit by its massive 2017 data breach. This week, the Atlanta federal judge reportedly ruled that Equifax will pay $380.5 million to settle lawsuits regarding the breach.
Sodinokibi Ransomware Increases Year-End Activity, Targets Airport and Other Businesses
The Sodinokibi ransomware, detected as Ransom.Win32.SODINOKIBI,was involved in several high-profile attacks in 2019. The ransomware ended the year by launching a new round of attacks aimed at multiple organizations, including the Albany International Airport and the foreign exchange company Travelex.
ICS Security in the Spotlight Due to Tensions with Iran
Given the heightened tensions between the U.S. and Iran, organizations with connected industrial infrastructure should be on guard. In the wake of the assassination, several cybersecurity experts and U.S. government officials have warned of the ICS security risk that Iran-affiliated adversaries pose. Others point to the likelihood of smaller cyberattacks designed to distract rather than prompt retaliation.
Dymalloy, Electrum, and Xenotime Hacking Groups Set Their Targets on US Energy Sector
At least three hacking groups have been identified aiming to interfere with power grids across the United States. The oil, gas, water and energy industries have proved to become a valuable target for threat actors looking to compromise ICS environments, and according to a report on the state of industrial control systems (ICSs), attempts in attacking the utilities industry are on the rise.
Microsoft Patches Major Crypto Spoofing Bug
A major crypto-spoofing bug impacting Windows 10 users has been fixed as part of Microsoft’s January Patch Tuesday security bulletin. The vulnerability could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.
Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages Overseas from Victims’ Accounts
Researchers recently discovered an updated version of the mobile banking trojan FakeToken after detecting 5,000 smartphones sending offensive text messages overseas. Once the malware infects an unprotected Android device, FakeToken is able to send and intercept text messages such as 2FA codes or tokens, as well as scan through the victim’s contacts to possibly send phishing messages.
Report: Chinese Hacking Group APT40 Hides Behind Network of Front Companies
An online group of cybersecurity analysts calling themselves “Intrusion Truth” doxed their fourth Chinese state-sponsored hacking operation. After previously exposing details about Beijing’s hand in APT3 (believed to operate out of the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province), Intrusion Truth has now begun publishing details about China’s cyber apparatus in the state of Hainan, an island in the South China Sea.
What are your thoughts on the major crypto-spoofing bug that was found by the NSA? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s collaboration with INTERPOL’s Global Complex for Innovation helped reduce cryptojacking by 78% in Southeast Asia. Also, read about three malicious apps in the Google Play Store that may be linked to the SideWinder threat group.
Read on:
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
Trend Micro found three malicious apps in the Google Play Store that work together to compromise a device and collect user information. The three malicious apps — disguised as photography and file manager tools — are likely to be connected to SideWinder, a known threat group that has reportedly targeted military entities’ Windows machines.
Operation Goldfish Alpha Reduces Cryptojacking Across Southeast Asia by 78%
Interpol announced the results of Operation Goldfish Alpha, a six-month effort to secure hacked routers across the Southeast Asia region. The international law enforcement agency said its efforts resulted in a drop of cryptojacking operations across Southeast Asia by 78%, compared to levels recorded in June 2019. Private sector partners included the Cyber Defense Institute and Trend Micro.
Celebrating Decades of Success with Microsoft at the Security 20/20 Awards
Trend Micro, having worked closely with Microsoft for decades, is honored to be nominated for the Microsoft Security 20/20 Partner awards in the Customer Impact and Industry Changemaker categories. Check out this blog for more information on the inaugural awards and Trend Micro’s recognitions.
Security Predictions for 2020 According to Trend Micro
Threat actors are shifting and adapting in their choice of attack vectors and tactics — prompting the need for businesses and users to stay ahead of the curve. Trend Micro has identified four key themes that will define 2020: a future that is set to be Complex, Exposed, Misconfigured and Defensible. Check out Digital Journal’s Q&A with Greg Young, vice president of cybersecurity at Trend Micro, to learn more about security expectations for this year.
The Everyday Cyber Threat Landscape: Trends from 2019 to 2020
In addition to security predictions for the new year, Trend Micro has listed some of the biggest threats from 2019 as well as some trends to keep an eye on as we begin 2020 in this blog. Many of the most dangerous attacks will look a lot like the ones Trend Micro warned about in 2019.
5 Key Security Lessons from the Cloud Hopper Mega Hack
In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the computing cloud. The men, who remain at large, are thought to be part of a Chinese hacking collective known as APT10.
The Summit of Cybersecurity Sits Among the Clouds
Shifts in threats in the security landscape have led Trend Micro to develop Trend Micro Apex One, a newly redesigned endpoint protection solution. Trend Micro Apex One brings enhanced fileless attack detection and advanced behavioral analysis and combines Trend Micro’s powerful endpoint threat detection capabilities with endpoint detection and response (EDR) investigative capabilities.
New Iranian Data Wiper Malware Hits Bapco, Bahrain’s National Oil Company
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company. The incident took place on December 29th and didn’t have the long-lasting effect hackers might have wanted, as only a portion of Bapco’s computer fleet was impacted and the company continued to operate after the malware’s detonation.
Ransomware Recap: Clop, DeathRansom, and Maze Ransomware
As the new year rolls in, new developments in different ransomware strains have emerged. For example, Clop ransomware has evolved to integrate a process killer that targets Windows 10 apps and various applications; DeathRansom can now encrypt files; and Maze ransomware has been targeting U.S. companies for stealing and encrypting data, alerted by the Federal Bureau of Investigation (FBI).
4 Ring Employees Fired for Spying on Customers
Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by data privacy incidents over the past year.
Web Skimming Attack on Blue Bear Affects School Admin Software Users
A web skimming attack was recently used to target Blue Bear, a school administration software that handles school accounting, student fees, and online stores for educational institutions. Names, credit card or debit card numbers, expiration dates and security codes, and Blue Bear account usernames and passwords may have been collected.
Patched Microsoft Access ‘MDB Leaker’ (CVE-2019-1463) Exposes Sensitive Data in Database Files
Researchers uncovered an information disclosure vulnerability (CVE-2019-1463) affecting Microsoft Access, which occurs when the software fails to properly handle objects in memory. The vulnerability, dubbed “MDB Leaker” by Mimecast Research Labs, resembles a patched information disclosure bug in Microsoft Office (CVE-2019-0560) found in January 2019.
A Trend Micro honeypot detected a cryptocurrency-mining threat on a compromised site, where the URL hxxps://upajmeter[.]com/assets/.style/min was used to host the command for downloading the main shell script. The miner, a multi-component threat, propagates by scanning vulnerable machines and brute-forcing (primarily default) credentials.
What are your thoughts on the rise of cryptomining malware and cryptojacking tactics? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: INTERPOL Collaboration Reduces Cryptojacking by 78% and Three Malicious Apps Found on Google Play May be Linked to SideWinder APT Group appeared first on .
Cybercriminals are often seen as having the upper hand over the “white hat” community. After all, they’re anonymous, can launch attacks from virtually anywhere in the world, and usually have the element of surprise. But there’s one secret weapon the good guys have: Collaboration. That’s why Trend Micro has always prioritized its partnerships with law enforcement, academia, governments and other cybersecurity businesses.
We’re proud to have contributed to yet another successful collaborative operation with INTERPOL Global Complex for Innovation (IGCI) in Singapore that’s helped to reduce the number of users infected by cryptomining malware by 78%.
Cryptomining On The Rise
Also known as cryptojacking, these attacks have become an increasingly popular way for cybercriminals to make money.
Why?
Because victims don’t know they’ve been infected. The malware sits on their machine in the background mining for digital currency 24/7/365. Increasingly, hackers have taken to launching sophisticated attacks against enterprise IT systems and cloud servers to increase their mining and earning potential. But many still target home computer systems like routers, as these are often left relatively unprotected. Stitch enough of these devices together in a botnet and they have a ready-made cash cow.
That’s why cryptojacking remained the most detected threat in the first half of 2019 in terms of file-based threat components, according to our data.
Unlike serious data breaches, phishing attacks, ransomware and banking Trojans, cryptojacking doesn’t have major impact on the victim. They don’t lose sensitive personal data, there’s no risk of follow-on identity fraud and they’re not extorted for funds by being locked out of their PC.
However, it’s not without consequences: Cryptomining malware can slow your home network to a crawl while running up serious energy bills. It may even bring your home computers to a premature end. Also, there’s always the risk with any kind of malware infection that hackers may switch tactics and use their footprint on your home machines to launch other attacks in the future.
Enter Operation Goldfish Alpha
That’s why we were keen to offer our assistance to INTERPOL during this year’s Operation Goldfish Alpha. Thanks to our broad global visibility into attack trends and infection rates, we were able to articulate the scale of the cryptojacking threat and key mitigation steps, at a pre-operation meeting with ASEAN law enforcement officers in June.
A few months later, we developed and disseminated a key Cryptojacking Mitigation and Prevention guidance document. It details how a vulnerability in MikroTik routers had exposed countless users in the region to the risk of compromise by cryptomining malware. The document explains how to scan for this flaw using Trend Micro HouseCall for Home Networks, and how HouseCall can be used to detect and delete the Coinhive JavaScript that hackers were using to mine for digital currency on infected PCs.
Spectacular Success
Over the five months of Operation Goldfish Alpha, experts from national Computer Emergency Response Teams (CERTs) and police across 10 countries in the region worked to locate the infected routers, notify the victims and use our guidance document to patch the bugs and kick out the hackers.
Having helped to identify over 20,000 routers in the region that were hacked in this way, we’re delighted to say that by November, the number had reduced by at least 78%.
That’s the value of partnerships between law enforcement and private cybersecurity companies: They combine the power of investigative policing with the detailed subject matter expertise, visibility and resources of industry experts like us. We’ll continue to lend a hand wherever we can to make our connected, digital world a safer place.
The post INTERPOL Collaboration Reduces Cryptojacking by 78% appeared first on .
Trend Micro Apex One as a Service
You have heard it before, but it needs to be said again—threats are constantly evolving and getting sneakier, more malicious, and harder to find than ever before.
It’s a hard job to stay one step ahead of the latest threats and scams organizations come across, but it’s something Trend Micro has done for a long time, and something we do very well! At the heart of Trend Micro security is the understanding that we have to adapt and evolve faster than hackers and their malicious threats. When we released Trend Micro OfficeScan 11.0, we were facing browser exploits, the start of advanced ransomware and many more new and dangerous threats. That’s why we launched our connected threat defense approach—allowing all Trend Micro solutions to share threat information and research, keeping our customers one step ahead of threats.
With the launch of Trend Micro OfficeScan XG, we released a set of new capabilities like anti-exploit prevention, ransomware enhancements, and pre-execution and runtime machine learning, protecting customers from a wider range of fileless and file-based threats. Fast forward to last year, we saw a huge shift in not only the threats we saw in the security landscape, but also in how we architected and deployed our endpoint security. This lead to Trend Micro Apex One, our newly redesigned endpoint protection solution, available as a single agent. Trend Micro Apex One brought to the market enhanced fileless attack detection, advanced behavioral analysis, and combined our powerful endpoint threat detection capabilities with our sophisticated endpoint detection and response (EDR) investigative capabilities.
We all know that threats evolve, but, as user protection product manager Kris Anderson says, with Trend Micro, your endpoint protection evolves as well. “While we have signatures and behavioral patterns that are constantly being updated through our Smart Protection Network, attackers are discovering new tactics that threaten your company. At Trend Micro, we constantly develop and fine-tune our detection engines to combat these threats, real-time, with the least performance hit to the endpoint. This is why we urge customers to stay updated with the latest version of endpoint security—Apex One.”
Trend Micro Apex One has the broadest set of threat detection capabilities in the industry today, and staying updated with the latest version allows you to benefit from this cross-layered approach to security.
One easy way to ensure you are always protected with the latest version of Trend Micro Apex One is to migrate to Trend Micro Apex One as a Service. By deploying a SaaS model of Trend Micro Apex One, you can benefit from automatic updates of the latest Trend Micro Apex One security features without having to go through the upgrade process yourself. Trend Micro Apex One as a Service deployments will automatically get updated as new capabilities are introduced and existing capabilities are enhanced, meaning you will always have the most recent and effective endpoint security protecting your endpoints and users.
Trend Micro takes cloud security seriously, and endpoint security is no different. You can get the same gold standard endpoint protection of Trend Micro Apex One, but delivered as a service, allowing you to benefit from easy management and ongoing maintenance.
The post The Summit of Cybersecurity Sits Among the Clouds appeared first on .
The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.
To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.
As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.
Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:
Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.
Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.
Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.
Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.
Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.
Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.
Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.
Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.
All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts. Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.
Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.
Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:
Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.
Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).
Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.
Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.
Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.
Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.
Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.
Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.
Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.
Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.
Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.
Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.
The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .
Effective collaboration is key to the success of any organization. But perhaps none more so than those working towards the common goal of securing our connected world. That’s why Trend Micro has always been keen to reach out to industry partners in the security ecosystem, to help us collectively build a safer world and improve the level of protection we can offer our customers. As part of these efforts, we’ve worked closely with Microsoft for decades.
Trend Micro is therefore doubly honored to be at the Microsoft Security 20/20 awards event in February, with nominations for two of the night’s most prestigious prizes.
Better together
No organization exists in a vacuum. The hi-tech, connectivity-rich nature of modern business is the source of its greatest power, but also one of its biggest weaknesses. Trend Micro’s mission from day one has been to make this environment as safe as possible for our customers. But we learned early on that to deliver on this vision, we had to collaborate. That’s why we work closely with the world’s top platform and technology providers — to offer protection that is seamless and optimized for these environments.
As a Gold Application Development Partner we’ve worked for years with Microsoft to ensure our security is tightly integrated into its products, to offer protection for Azure, Windows and Office 365 customers — at the endpoint, on servers, for email and in the cloud. It’s all about simplified, optimized security designed to support business agility and growth.
Innovating our way to success
This is a vision that comes from the very top. For over three decades, our CEO and co-founder Eva Chen has been at the forefront of industry leading technology innovation and collaborative success at Trend Micro. Among other things during that time, we’ve released:
|
|
Two awards
We’re delighted to have been singled out for two prestigious awards at the Microsoft Security 20/20 event, which will kick off RSA Conference this year:
Customer Impact
At Trend Micro, the customer is at the heart of everything we do. It’s the reason we have hundreds of researchers across 15 threat centers around the globe leading the fight against emerging black hat tools and techniques. It’s why we partner with leading technology providers like Microsoft. And it’s why the channel is so important for us.
Industry Changemaker: Eva Chen
It goes without saying that our CEO and co-founder is an inspirational figure within Trend Micro. Her vision and strong belief that our only real competition as cybersecurity vendors are the bad guys and that the industry needs to stand united against them to make the digital world a safer place, guides the over 6000 employees every day. But she’s also had a major impact on the industry at large, working tirelessly over the years to promote initiatives that have ultimately made our connected world more secure. It’s not an exaggeration to say that without Eva’s foresight and dedication, the cybersecurity industry would be a much poorer place.
We’re all looking forward to the event, and for the start of 2020. As we enter a new decade, Trend Micro’s innovation and passion to make the digital world a safer place has never been more important.
The post Celebrating Decades of Success with Microsoft at the Security 20/20 Awards appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s Cyber Risk Index (CRI) and its results showing increased cyber risk. Also, read about a data breach from IoT company Wyze that exposed information of 2.4 million customers.
Read on:
The 5 New Year’s Tech Resolutions You Should Make for 2020
Now is the perfect time to reflect on the past and think of all the ways you can make this coming year your best one yet. With technology playing such a central role in our lives, technology resolutions should remain top of mind heading into the new year. In this blog, Trend Micro shares five tech resolutions that will help make your 2020 better and safer.
Security Study: Businesses Remain at Elevated Risk of Cyber Attack
Elevated risk of cyber attack is due to increased concerns over disruption or damages to critical infrastructure, according to the Trend Micro’s latest Cyber Risk Index (CRI) study. The company commissioned Ponemon Institute to survey more than 1,000 organizations in the U.S. to assess business risk based on their current security postures and perceived likelihood of attack.
Parental Controls – Trend Micro Home Network Security Has Got You Covered
In the second blog of a three-part series on security protection for your home and family, Trend Micro discusses the risks associated with children beginning to use the internet for the first time and how parental controls can help protect them.
Cambridge Analytica Scandal: Facebook Hit with $1.6 Million Fine
The Cambridge Analytica scandal continues to haunt Facebook. The company has been receiving fines for its blatant neglect and disregard towards users’ privacy. The latest to join the bandwagon after the US, Italy, and the UK is the Brazilian government.
Why Running a Privileged Container in Docker is a Bad Idea
Privileged containers in Docker are containers that have all the root capabilities of a host machine, allowing the ability to access resources which are not accessible in ordinary containers. In this blog post, Trend Micro explores how running a privileged, yet unsecure, container may allow cybercriminals to gain a backdoor in an organization’s system.
IoT Company Wyze Leaks Emails, Device Data of 2.4M
An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Exposed on Dec. 4 until it was secured on Dec. 26, the database contained customer emails along with camera nicknames, WiFi SSIDs (Service Set Identifiers; or the names of Wi-Fi networks), Wyze device information, and body metrics.
Looking into Attacks and Techniques Used Against WordPress Sites
WordPress is estimated to be used by 35% of all websites today, making it an ideal target for threat actors. In this blog, Trend Micro explores different kinds of attacks against WordPress – by way of payload examples observed in the wild – and how attacks have used hacked admin access and API, Alfa-Shell deployment, and SEO poisoning to take advantage of vulnerable sites.
FPGA Cards Can Be Abused for Faster and More Reliable Rowhammer Attacks
In a new research paper published on the last day of 2019, a team of American and German academics showed that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks. The new research expands on previous work into an attack vector known as Rowhammer, first detailed in 2014
Emotet Attack Causes Shutdown of Frankfurt’s IT Network
The city of Frankfurt, Germany, became the latest victim of Emotet after an infection forced it to close its IT network. There were also incidents that occurred in the German cities of Gießen, Bad Homburgas and Freiburg.
BeyondProd Lays Out Security Principles for Cloud-Native Applications
BeyondCorp was first to shift security away from the perimeter and onto individual users and devices. Now, it is BeyondProd that protects cloud-native applications that rely on microservices and communicate primarily over APIs, because firewalls are no longer sufficient. Greg Young, vice president of cybersecurity at Trend Micro, discusses BeyondProd’s value in this article.
How MITRE ATT&CK Assists in Threat Investigation
In 2013, the MITRE Corporation, a federally funded not-for-profit company that counts cybersecurity among its key focus area, came up with MITRE ATT&CK, a curated knowledge base that tracks adversary behavior and tactics. In this analysis, Trend Micro investigates an incident involving the MyKings botnet to show how the MITRE ATT&CK framework helps with threat investigation.
TikTok Banned by U.S. Army Over China Security Concerns
With backlash swelling around TikTok’s relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. The United States Army had previously used TikTok as a recruiting tool for reaching younger users,
Mobile Money: How to Secure Banking Applications
Mobile banking applications that help users check account balances, transfer money, or pay bills are quickly becoming standard products provided by established financial institutions. However, as these applications gain ground in the banking landscape, cybercriminals are not far behind.
What security controls do you have in place to protect your home and family from risks associated with children who are new internet users? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Latest Cyber Risk Index Shows Elevated Risk of Cyber Attack and IoT Company Wyze Exposes Information of 2.4M Customers appeared first on .
We continue our three-part series on protecting your home and family. If you missed our first part, you can find it here.
Are your kids at that formative age when they’re beginning to use mobile devices? How about at that inquisitive age when they start to discover the wonders of the Internet? Or that age when they tend to be more carefree and self-indulgent?
The Internet and the digital devices our children use are valuable tools when used the right way. They give them access to a wide range of information, pave the way to explore worthwhile ideas, and keep them socially connected with family, relatives and friends. That said, though there are big advantages to kids’ use of the Internet, there are dangers as well. Part 2 of our 3-part series on home network security discusses those dangers to your children and what you can do to protect them, leveraging Trend Micro Home Network Security’s Parental Controls to help you do so.
Gone are the days when simple malware was the focal point for internet safety. Nowadays, children have so many devices giving them access to the internet, unknown dangerous situations have multiplied. As a parent, the challenges include the following:
|
|
Finding the right balance between parenting and controlling the child’s use or possible misuse of the internet is tricky. Here’s where Trend Micro Home Network’s (HNS) Parental Controls can come in. In addition to protecting your home network from security risks and attacks, HNS also provides a robust and flexible parental control system to keep internet usage safe for your children. Controls include:
|
|
Protecting your family members online starts with Adding a Profile.
You can add a new Profile for each Family Member and assign to them the devices they control. To do this, you can just simply tap Family in the Command Menu and choose the family member by tapping Add Someone. This will let you provide the Profile Name and Profile Picture as well as Assign Devices to the person by tapping the device(s) in the Unassigned panel. The devices you select will then be automatically moved into the ownership panel for that person. Tap Done and you’ll be presented with the Settings screen for that child’s Profile, where you can configure Parental Controls as you see fit.
Website Filtering
Next, let’s proceed with the most common component: Website Filtering.
|
|
Content Filtering
Moving on, you can also set up Content Filtering.
|
|
App Controls
To continue, there are apps that parents disapprove of, but there are always those instances when the children try to use them anyway against their parent’s wishes. That’s when you can choose to be informed of the Inappropriate Apps Used by your children.
|
|
Time Limits and Notifications
Even when you try to teach your kids about being responsible about their online time, it’s easier said than done. Thus, parents or guardians can schedule the hours of screen time their children are allowed each day, along with the hours when screen time is available. HNS’s Parental Controls provide both of these features and more.
|
|
Connection Alerts
Last but not least, since it’s tough to keep monitoring when your child is online, tapping Trend Micro HNS’ Connection Alert to toggle it on makes it easier for parents to get notifications when their kid’s digital devices connect to the home network during a specified time period.
In the end, Trend Micro Home Network Security’s Parental Controls can assist parents in dealing with the online safety challenges all children are exposed to in the 21st century. HNS’ flexible and intuitive feature set comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts support every parent or guardian’s goal to ensure a safe and secure internet experience for their kids. Coupled with kind face-to-face conversations, where you let your children know your care for them extends to how they use the Internet, HNS becomes your silent partner when ensuring your family’s safety.
For more information, go to Trend Micro Home Network Security.
The post Parental Controls – Trend Micro Home Network Security has got you covered appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity risk facing the oil and gas industry and its supply chain. Also, read about what Trend Micro’s CEO, Eva Chen, has to say about Microsoft and Amazon’s battle for cloud leadership.
Read on:
How to Get the Most Out of Industry Analyst Reports
In this video blog, Trend Micro’s Vice President of Cybersecurity, Greg Young, taps into his past experience at Gartner to explain how to discern the most value from industry analysts and help customers understand how to use the information.
Top Gun 51 Profile: Trend Micro’s Jeff Van Natter Sees Distributors as Key to Reaching New Partners
In an interview with Channel Futures, Trend Micro’s Jeff Van Natter explains why he believes distributors will continue to play an important role for Trend as it looks to expand its partner ecosystem.
How to Speed Up a Slow PC Running Windows OS
The first step to improving your Windows PC performance is to determine what’s causing it to run slow. In this blog, learn about eight tips on how to fix a slow PC running Windows and how to boost your PC’s performance.
Business Insider talked to 13 executives at companies that partner with Microsoft and Amazon on cloud platforms for their take on the rivalry between the two, and whether Microsoft can win. In this article, read about what Trend Micro CEO Eva Chen has to say about the rivalry.
DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
Trend Micro recently found notable malware activity affecting devices running Linux. Further analysis of the malware samples revealed that these actions were connected to a botnet called Momentum, which has been used to compromise devices and perform distributed denial-of-service (DDoS) attacks.
Oil and Gas Industry Risks Escalate, Cybersecurity Should Be Prioritized
The oil and gas industry and its supply chain face increased cybersecurity risks from advanced threat groups and others as they continue to build out digitally connected infrastructure, Trend Micro research reveals.
Christmas-Themed Shopping, Game and Chat Apps Found Malicious, Lure Users with Deals
Security researchers caution Android users when downloading apps for shopping, games, and Santa video chats as they found hundreds of malicious apps likely leveraging the season to defraud unwitting victims via command-and-control (C&C) attacks, adware or “excessive or dangerous combinations of permissions,” such as camera, microphone, contacts and text messages.
New Orleans Mayor Declares State of Emergency in Wake of City Cyberattack
New Orleans Mayor LaToya Cantrell declared a state of emergency last Friday after the city was hit by a cyberattack where phishing attempts were detected. Cantrell said the attack is similar to the July 2019 attack on the state level where several school systems in Louisiana were attacked by malware.
Credential Harvesting Campaign Targets Government Procurement Sites Worldwide
Cybersecurity company Anomali uncovered a campaign that used 62 domains and around 122 phishing sites in its operations and targeted government procurement services in 12 countries, including the United States, Canada, Japan, and Poland.
Schneider Electric Patches Vulnerabilities in its EcoStruxure SCADA Software and Modicon PLCs
Schneider Electric released several advisories on vulnerabilities they have recently fixed in their EcoStruxure and Modicon products. Modicon M580, M340, Quantum and Premium programmable logic controllers (PLCs) were affected by three denial of service (DoS) vulnerabilities.
FBot aka Satori is Back with New Peculiar Obfuscation, Brute-force Techniques
Trend Micro recently observed that the Mirai-variant FBot, also known as Satori, has resurfaced. Analysis revealed that this malware uses a peculiar combination of XOR encryption and a simple substitution cipher, which has not been previously used by other IoT malware variants. Additionally, the credentials are not located within the executable binary — instead, they are received from a command-and-control (C&C) server.
15 Cyber Threat Predictions for 2020
As 2020 nears, this article outlines the cyber threats that Trend Micro’s research team predicts will target organizations in the coming year, and why.
Trend Micro recently spotted a Negasteal/Agent Tesla variant that uses a new delivery vector: removable drives. The malware also now steals credentials from the applications FTPGetter and Becky! Internet Mail.
Into the Battlefield: A Security Guide to IoT Botnets
The internet of things (IoT) has revolutionized familiar spaces by making them smarter. Homes, offices and cities are just some of the places where IoT devices have given better visibility, security and control. However, these conveniences have come at a cost: traditional cyberthreats also found a new arena for attacks and gave rise to realities like IoT botnets.
What’s your take on whether or not Microsoft can topple Amazon in the cloud? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Microsoft vs. Amazon in the Cloud and Escalated Risk in the Oil and Gas Industry appeared first on .
Working with a slow PC is always annoying and frustrating. Enduring sudden frozen windows and stuttered animations can make you want to throw the machine out the window.
Take a deep breath, and consider these 8 tips on how to fix a slow PC running Windows.
Why is my Windows Running Slow?
First, here is a general analysis on why your Windows PC is running slow:
|
|
1. Restart your Computer
Many users are accustomed to keeping their computers running for several weeks. Their PC is either running or sleeping with the processes saved all the time. This means the running programs are occupying and filling up their RAM continuously, which can lead to the PC running extremely slowly. In addition, the computer might suffer from some bugs, which trigger programs to eat up much more RAM than they should. To avoid these troubles, restart your PC by clicking on the Windows button, selecting the ‘Power’ button, and choosing the ‘Restart’ button at least once a week.
A small hint: make sure you have saved your ongoing work before you shut down your computer.
2. Adjust setting modes
This is a very simple but often overlooked way to boost your PC’s performance. However, it sacrifices a bit of standby time. When you are not worrying about the state of charge and just pursuing maximum efficiency, you can consider opening Advanced System Setting in Windows for this trick.
Enter “Control Panel” in the Cortana search box in the taskbar. In the pop-up window, click “System,” and then click “Advanced system settings” in the left window, as shown below:
Click “Settings” in the performance bar, as shown in the following figure:
In the pop-up window, you can see that there are four setting modes, set “Adjust for best performance,” and then click OK, as shown in the following figure:
3. Disable Startup Programs
Startup items are programs that the system will run in the foreground or background once your computer is ON. When you download and install software, the “start-up” is usually a default choice. Therefore, if the software is not commonly used and you do not need to use it every time you start your PC, you can remove the check because it can slow down system speed. If you forgot to remove the check when installing the application, you can also make changes using the Task Manager.
To check and manage your startup programs, open the Task Manager (Ctrl + Alt + Del), then switch to the ‘Startup’ tab. You’ll also see the “Startup impact” of each startup program — either Low, Medium, or High. If you see “Not measured,” that’s because it was recently added and Windows hasn’t had a chance to observe the program’s behavior yet.
To prevent a program from launching on startup just right-click and choose “Disable.”
If you are not sure whether you can safely disable some programs, you can search the program online and learn about its function. If you are a little worried, you can download a PC cleaner app, which can automatically identify and classify these items and help you delete the unnecessary ones in batches. Remember to choose those apps without pop-up advertisements and hidden fees.
In addition, you can see the first tab named “Processes” in the picture above. Too many programs running simultaneously can slow down the system speed as well. Some programs may continue running in the background even after you have closed them. Under the “Processes” tab, you can select them and click ‘End task’ at the bottom right. However, be careful about this action because you might close some important processes needed to run Windows.
4. Turn off windows tips and tricks
When searching ways to speed up your PC online, your PC will ask you to disable the “Visual Effects” feature as they use up your PC’s performance. However, this operation needs you to balance the operating speed and the appearance of your PC, and even adjust those settings many times to achieve satisfying visual effects. Instead, here is an item that you can change without a hitch.
When you use a windows PC, Windows will always pay attention to what you are doing and provide tips on what you may want to do with your computer. You may find these tips unhelpful and even feel offended by its constant virtual viewing over your shoulders.
If you want to speed up your PC, you can ask Windows to stop giving you advice. To do this, click the START button, select the Settings icon, and then go to Systems > Notification & actions. Scroll down to the notifications section and uncheck the box labeled “Get tips, tricks, and suggestions as you use Windows.”
5. Run Disk Cleanup
Do not let that “Disk space is almost full” message pop up and stop your work. Too many junk files, useless big files and duplicate files usually cause insufficient disk space. To save gigabytes of disk space for things you really need, you should clean them regularly to free up space.
Here are steps on how to use the built-in Windows utility to run disk cleanup:
Press “WINDOWS + R” and enter the cleanmgr command with parameters:
cleanmgr /sageset
In the Disk Cleanup Settings window, you can find items you can clean.
Note that this operation is only the setting operation of the checked item. It has not been actually cleaned. After clicking OK, you need to press “WINDOWS + R” and enter “cleanmgr /sagerun:99”, and then it can execute specific cleanup operations.
You can also turn ON the storage sense function to remove unnecessary files automatically.
Enter Settings > System > Storage, and then turn ON the Storage sense function to allow Windows to clean up temporary files automatically. It can be set to run automatically every day, every fortnight, every month, or every two months.
Definitely, some cleanup apps can help you do the work more quickly and accurately. Besides useless files, they can even retrieve and delete similar photos. You can evaluate and download them according to your own needs.
6. Clean out your Registry
Registry is an important database, which is used to store the setting information of system and application program running in Windows. As early as Windows 3.0 introduced OLE technology, the registry has appeared. Windows NT was the first operating system to make extensive use of the registry at the system level. However, since the beginning of the Microsoft Windows 95 operating system, the registry has been a critical database that will continue to play a role in the subsequent operating systems.
The command to open the registry is:
Regedit or regedit.exe, regedt32 or regedt32.exe
Under normal circumstances, you can click the operation in the START menu (WINDOWS + R), and then enter regedit or regedit.exe and click OK to open the registry editor of Windows operating system.
The registry is a very messy thing. For example, when a program is uninstalled, the program’s settings are not always cleared in the registry. So over time, it will be filled with various outdated settings. This may lead to poor performance of your PC system.
A word of caution: Editing the registry manually is risky. A mistake can lead to system-level interruptions. Therefore, to clean the registry, it is recommended that a professional registry cleaner is used.
7. Malware and Virus Infection
As we all know, malware and viruses will infect the computer and make it run more sluggishly. There are a large number of antivirus apps in the marketplace. Trend Micro offers several options to consider.
8. Disable third-party services
If you installed a lot of software on your PC, the system may become chaotic and some unexpected problems might occur. For example, several security applications are running at the same time can create conflicts that make the system misbehave. You can disable all third-party software services and only keep the system itself. The system status will also be called “Clean Boot.”
Here is how to perform a clean boot of Windows:
Press “WINDOWS + R” and type “msconfig”, then click OK. Open System Configuration, go to the Services tab and put a tick in the “Hide all Microsoft services” box at the bottom left before choosing the items and hitting Disable all.
We hope the listed solutions can help you boost your PC performance conveniently. Manually checking what is wrong with your Windows can be time-consuming and painstaking. When those irritating system messages pop up and interfere with your work, it is time to turn to a trusted all-in-one system care utility like Cleaner One. By employing this productive worker, you can retrieve and delete unnecessary items, have less clutter, make your computer more efficient, and optimize your Windows OS with just a few clicks. Why not give it a go?
The post How to Speed Up a Slow PC Running Windows OS appeared first on .
Whether you’re trying to inform purchasing decisions or just want to better understand the cybersecurity market and its players, industry analyst reports can be very helpful. Following our recent accolades by Forrester and IDC in their respective cloud security reports, we want to help customers understand how to use this information.
Our VP of cybersecurity, Greg Young, taps into his past experience at Gartner to explain how to discern the most value from industry analyst reports.
The post How To Get The Most Out Of Industry Analyst Reports appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the threat campaign Waterbear and how it uses API hooking to evade security product detection. Also, read about December Patch Tuesday updates from Microsoft and Adobe.
Read on:
Waterbear is Back, Uses API Hooking to Evade Security Product Detection
Previously, Waterbear has been used for lateral movement, decrypting and triggering payloads with its loader component. In most cases, the payloads are backdoors that can receive and load additional modules. However, recently Trend Micro discovered a piece of Waterbear payload with a brand new purpose: hiding its network behaviors from a specific security product by API hooking techniques.
Microsoft December 2019 Patch Tuesday Plugs Windows Zero-Day
Microsoft has released today the December 2019 Patch Tuesday security updates. This month’s updates include fixes for 36 vulnerabilities, including a zero-day in the Windows operating system that has been exploited in the wild.
(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
Recently, Trend Micro found a cryptomining threat using process hollowing and a dropper component that requires a specific set of command line arguments to trigger its malicious behavior, leaving no trace for malicious activity detection or analysis to reference the file as malicious.
2020 Predictions: Black Hats Begin to Target Facial Recognition Technology
Research interest in defeating facial recognition technology is booming. Adversaries are likely taking notice, but don’t expect widespread adoption overnight. Jon Clay, director of threat communication at Trend Micro, points out that techniques ranging from deep fakes to adversarial machine learning are likely still in an early stage.
US, UK Governments Unite to Indict Hacker Behind Dreaded Dridex Malware
Maksim Yakubets, who allegedly runs Russia-based Evil Corp, the cybercriminal organization that developed and distributed banking malware Dridex, has been indicted in the United States by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC).
Trend Micro, McAfee and Bitdefender Top Cloud Workload Security List
Trend Micro, McAfee and Bitdefender were named among the leaders in a new report from Forrester Research on cloud workload security that covered 13 vendors.
BEC Scam Successfully Steals US $1 Million Using Look-Alike Domains
A Chinese venture capital firm lost US $1 million to scammers who successfully came between a deal the firm had with an Israeli startup. The business email compromise (BEC) campaign used by the attackers consisted of 32 emails and look-alike domains to trick both parties of their authenticity.
Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season
As cybercriminals grow more sophisticated and holiday shoppers continue to flock online, researchers warn internet-based retailers could face a 20 percent uptick in cyberattacks this holiday season compared to last year.
Bug in Ryuk Ransomware’s Decryptor Can Lead to Loss of Data in Certain Files
Ryuk’s decryptor tool could cause data loss instead of reinstating file access to users. According to a blog post from Emsisoft, a bug with how the tool decrypts files could lead to incomplete recoveries, contrary to what the decryptor is meant to achieve.
Hacker Hacks Hacking Platform, Gets Paid $20,000 By the Hacked Hackers
HackerOne operates as a conduit between ethical hackers looking for vulnerabilities, and organizations like General Motors, Goldman Sachs, Google, Microsoft, Twitter, and the U.S. Pentagon, want to patch those security holes before malicious threat actors can exploit them. One of the hackers registered with the platform hacked HackerOne instead and was paid $20,000 (£15,250) by HackerOne as a result.
Trickbot’s Updated Password-Grabbing Module Targets More Apps, Services
Researchers from Security Intelligence have reported on a sudden increase of Trickbot’s activities in Japan, and Trend Micro researchers have found updates to the password-grabbing (pwgrab) module and possible changes to the Emotet variant that drops Trickbot.
Ransomware Recap: Snatch and Zeppelin Ransomware
Two ransomware families with noteworthy features – Snatch and Zeppelin –were spotted this week. Snatch ransomware is capable of forcing Windows machines to reboot into Safe Mode. Zeppelin ransomware, on the other hand, was responsible for infecting healthcare and IT organizations across Europe and the U.S.
Brian Krebs is the CISO MAG Cybersecurity Person of the Year
For the first time, CISO Mag named a Cybersecurity Person of the Year, who is defined as someone who been committed to bringing awareness into the realm of cybersecurity. In addition to recognizing Brian Krebs of KrebsOnSecurity.com, two other individuals were recognized: Trend Micro’s Rik Ferguson, VP of security research, and web security expert Troy Hunt.
Do you think retail cyberattacks will soar higher than 20 percent this holiday season? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: December Patch Tuesday Updates and Retail Cyberattacks Set to Soar 20 Percent During 2019 Holiday Season appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about stalkerware and why it’s on the rise. Also, read about Trend Micro’s selection as a launch partner for the new Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing service, announced during AWS re:Invent 2019.
Read on:
You’re in Safe Hands with Trend Micro Home Network Security
Your home should be a haven that protects you. In the cyber age, however, your router, computers, TVs, game consoles and smart devices are continuously connected to the internet and run the risk of being hacked—usually when you least expect it. This blog is the first of a three-part series outlining how to implement Home Network Security to protect your home.
Amazon Web Services Recognizes Trend Micro as Launch Partner for New Service
With Amazon VPC Ingress Routing, Trend Micro customers will gain benefits which include more flexibility and control traffic routing with transparent deployment and no need to re-architect. Deploying in-line allows customers to be proactive in their network security, which in turn can prevent and disrupt attacks before they can be successful.
What Worries CISOs Most In 2019
Trend Micro’s VP of infrastructure strategies, Bill Malik, recently sat down with a dozen senior IT security leaders to discuss challenges they are currently facing in light of considerable changes in their business environments. These include the high pace of acquisitions balancing executive and team focuses, bring-your-own-device (BYOD) policies and ransomware infections.
Ransomware Attack Hits Major U.S. Data Center Provider
CyrusOne, one of the biggest data center providers in the U.S., has suffered a ransomware attack and is currently working with law enforcement and forensics firms to investigate the attack. CyrusOne is also helping customers restore lost data from backups.
Stalkerware is government-style surveillance software used by individuals to spy on others, which is usually someone you know. With smartphone usage continuing to rise, a whole mini industry has appeared over the past couple of years selling monitoring software, or more treacherously, trojan spyware and code that can hide itself so that you don’t even know it’s on your device.
The California DMV Is Making $50M a Year Selling Drivers’ Personal Information
The California Department of Motor Vehicles is generating revenue of $50,000,000 a year through selling drivers’ personal information, according to a DMV document obtained by Motherboard. This information includes names, physical addresses, and car registration information.
Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
Trend Micro has followed cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008 but noticed an unusual increase in malware development and deployments towards November 2018 as part of a campaign dubbed “Operation ENDTRADE.”
Iran Targets Mideast Oil with ZeroCleare Wiper Malware
A freshly discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services (IRIS), ZeroCleare was involved in a recently spotted APT attack on an oil and gas company, in which it compromised a Windows machine via a vulnerable driver.
Trend Micro has found a new spyware family disguised as chat apps on a phishing website. Trend believes that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign.
Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
In November 2019, Trend Micro analyzed an exploit kit named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During an analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed that these samples were making use of obfuscation tools that made them virtually undetectable.
Trend Micro More Than Doubles Commitment to Underrepresented Persons in Cybersecurity
This week at AWS re:Invent, Trend Micro announced plans to further strengthen its commitment to underrepresented persons by more than doubling its annual time and financial investments to alleviate the skills and diversity gaps in cybersecurity.
Mobile Security: 80% of Android Apps Now Encrypt Network Traffic by Default
Three years ago, Google started its push to tighten network traffic protection from Android devices to web services. The company has provided an update stating that 80% of Android apps have adopted the HTTPS standard by default. HTTPS encrypts network traffic, preventing third parties from intercepting data from apps.
Magecart Sets Sights on Smith & Wesson, Other High-Profile Stores
After incidents in the past few months that saw the threat actor go after customers of online shops and hotel chains, threat actors from the infamous card-skimming group once again took action, this time on Black Friday on a new set of targets: high-profile stores, including firearms vendor Smith & Wesson (S&W).
Out on a Highway Run: Threats and Risks on ITS and Smart Vehicles
The research firm Counterpoint predicted that by 2022, the number of vehicles with embedded connectivity will grow by 270%. The expected increase in technology adoption, however, does not come without risks — from petty showcases of hacks to possibly bigger threats to safety and financial losses.
StrandHogg Android Vulnerability Allows Malware to Hijack Legitimate Apps
Researchers discovered a vulnerability in Android devices that allows malware to hijack legitimate apps. Using this vulnerability (StrandHogg), cybercriminals could trick users into granting permissions to their malicious apps and provide openings for phishing pages.
Ginp Trojan Targets Android Banking App Users, Steals Login Credentials and Credit Card Details
Counterfeit apps were found carrying a new version of the Android banking trojan Ginp (detected by Trend Micro as AndroidOS_Ginp.HRXB) to steal user login credentials and credit card details. ThreatFabric’s analysis of recent Ginp samples showed that it reused some code from Anubis, an Android malware family notorious for its use in cyberespionage activities before being re-tooled as a banking trojan.
What AWS re:Invent announcement did you find the most interesting? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise appeared first on .
Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.
Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.
Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:
|
|
Sound good? Let’s get started with Part 1!
Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:
|
|
Configuration Modes
Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.
However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.
While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.
Some additional information about HNS’s station Modes:
|
|
If you change the mode, run a Test Status check 5 minutes after changing the settings.
Off to a Good Start
As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)
At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.
If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.
Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.
Recommended Network and Security Settings
There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.
|
|
For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.
For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.
The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .
Today, Amazon Web Services (AWS) announced the availability of a powerful new service, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to customers—enabling new approaches to network security. Trend Micro TippingPoint and Trend Micro Cloud One integrate with Amazon VPC Ingress Routing deliver network security that allows customers to quickly obtain compliance by inspecting both ingress and egress traffic. This gives you a deployment experience designed to eliminate any disruption in your business.
Cloud network layer security by Trend Micro
A defense-in-depth or layered security approach is important to organizations, especially at the cloud network layer. That being said, customers need to be able to deploy a solution without re-architecting or slowing down their business, the problem is, previous solutions in the marketplace couldn’t meet both requirements.
So, when our customers asked us to bring TippingPoint intrusion prevention system (IPS) capabilities to the cloud, we responded with a solution. Backed by industry leading research from Trend Micro Research, including the Zero Day Initiative, we created a solution that includes cloud network IPS capabilities, incorporating detection, protection and threat disruption—without any disruption to the network.
At AWS re:Invent 2018, AWS announced the launch of Amazon Transit Gateway. This powerful architecture enables customers to route traffic through a hub and spoke topology. We leveraged this as a primary deployment model in our Cloud Network Protection, powered by TippingPoint, cloud IPS solution, announced in July 2019. This enabled our customers to quickly gain broad security and compliance, without re-architecting. Now, we’re adding a flexible new deployment model.
Enhancing security through partnered innovation
This year we are excited to be a Launch Partner for Amazon VPC Ingress Routing, a new service that allows for customers to gain additional flexibility and control in their network traffic routing. Learn more about this new feature here.
Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.
By enabling customers to redirect their north-south traffic flowing in and out of a VPC through internet gateway and virtual private gateway to the Trend Micro cloud network security solution. Not only does this enable customers to screen all external traffic before it reaches the subnet, but it also allows for the interception of traffic flowing into different subnets, using different instances of the Trend Micro solution.
Trend Micro customers now have the ability to have powerful cloud network layer security in AWS leveraging Amazon VPC Ingress Routing. With this enhancement, customers can now deploy in any VPC, without any disruptive re-architecture and without introducing any additional routing or proxies. Deploying directly inline is the ideal solution and enables simplified network security without disruption in the cloud.
What types of protection can customers expect?
When you think of classic IPS capabilities, of course you think of preventing inbound attacks. Now, with Amazon VPC Ingress Routing and Trend Micro, customers can protect their VPCs in even more scenarios. Here is what our customers are thinking about:
Trend Micro Cloud One – Network Security
Amazon VPC Ingress Ingress Routing will be available as a deployment option soon for Cloud Network Protection, powered by TippingPoint, available in AWS Marketplace. It will also be available upon release of our recently announced Trend Micro Cloud One – Network Security, a key service in Trend Micro’s new Cloud One, a cloud security services platform.
The post Network security simplified with Amazon VPC Ingress Routing and Trend Micro appeared first on .
We recently held a valuable conversation (and a great dinner) with about a dozen senior IT security leaders in Atlanta, Georgia. I was fortunate to attend and discuss what plagues them most.
Here are some of their concerns.
Many face considerable change in their business environments – one third of the companies called out the high pace of acquisitions as a source of risk.
Acquisitions draw down information security resources disproportionately. First, IT security must participate in the due diligence phase, prior to the actual acquisition. Under significant time pressure, and strictly bound by the terms of the governing NDA, the InfoSec team must verify the integrity of the target environment’s IT infrastructure. It must render a judgment on the trustworthiness of the underlying procedures, the competence of the support team, the appropriateness of funding and staffing, the effectiveness of policy and awareness training, the fitness of the security technology judged against the changing mission of the target firm, and the accessibility of crucial information. In regulated industries, the acquirer has to review past certifications, audit findings and recommendations, and earlier security events, including how they were handled, and how the organization effectively integrated lessons learned into its updated way of doing business. Some of the attendees reported an acquisition every six weeks over the past two years or more. This pace requires efficient process maturity and open communication among the team members, and ample trust.
Some CIOs reported the challenge of balancing the executive team’s need to know with the managerial desire to optimize team focus on critical initiatives. In the Boardroom and among the C-suite, IT remains a hot topic and IT security is a known vulnerability. This leads some organizations toward micromanaging the IT security team. As we all know, this inappropriate focus has two costs: first, it distracts the Board and the C-suite from their primary missions. Second, it distracts the people doing the job from their task. One effective tactic some adopted is the weekly – or even daily – newsletter. This document provides the status for ongoing projects, notes about top performers, assessment of newly discovered vulnerabilities, and pointers towards effective risk mitigation the leadership team can bring to their respective operational areas. When a Board member has a question for the team, the CISO can intercept it and post a response through the newsletter.
Many CISOs discussed their challenges with BYOD policies. Some mentioned concerns with GDPR impeding their ability to wipe corporate applications and information from employee-owned devices. It’s unclear how to balance that business requirement with privacy concerns for smart phones. With laptops, one approach is to limit corporate access through a locked-down virtual desktop image accessed through a secure VPN. An evil-minded employee could take a picture of the screen, but that attack works on a corporate laptop just as well.
BEC remains a concern, along with phishing attacks leading to possible ransomware infections. One approach is to ignore emails from new domains – those that are less than two months old. This would exclude email from nearly all attackers; anyone legitimately trying to reach an employee will try again in time.
The meeting was quite open and convivial. It was an honor to participate in the discussion, and I look forward to similar meetings in the future. My thanks to the participants!
What do you think? Let me know in the comments below, or message me @WilliamMalikTM!
The post What Worries CISOs Most In 2019 appeared first on .
Ever get the feeling you’re being followed? Unfortunately, when it comes to our digital lives, this is increasingly the case. But while we’re all keen to boost our followers on social media, it’s a different matter when it comes to anonymous third parties secretly stalking us online. Yes, we’re already tracked by ISPs every time we go online, or by web providers like Google and social sites like Facebook and Twitter. But in these cases, we do get a little back in return: more streamlined, personalized services, and at the least, more relevant (if annoying) advertising. In the best scenario, though, we’d never be tracked without our consent.
With a phenomenon known as stalkerware, however, there’s zero gain for the victim. This is nothing short of government-style surveillance software used by individuals to spy on others – usually someone you know.
What is stalkerware?
We’re all spending more time on our smartphones. For the first time ever this year, time spent on mobile devices exceeded that spent in front of the TV. By 2021, it’s predicted that Americans will be glued to their handsets for nearly four hours per day. We chat and flirt with friends on social media. We post our photos and status updates. We email, text, IM and call via our devices. We also shop, hail taxis, or navigate around town, listen to music or watch YouTube or TV, and even bank online – all from the mini-computer in the palm of our hands.
Unfortunately, for some of us, there are people out there that want to know what we’re doing and who we’re with at all times. It could be a jealous partner, a jilted ex, over-protective parents, or even a suspicious employer. For them, a whole mini-industry has appeared over the past couple of years selling monitoring software, or more treacherously, trojan spyware and code that can hide itself, so you don’t even know it’s on your device. For just a few dollars, individuals can get their hands on an app which can monitor everything you do on your device. This includes
|
|
Breaking the law
Let’s be clear: it’s when monitoring software—and certainly, spyware—is used for stalking that it really becomes stalkerware. That means firms selling monitoring software may be operating in a grey area ethically and legally, depending on how the software is used. While they’re technically legitimate, the surveillance software is usually branded in such a way as to keep them just this side of the law. Think of concerned parents who want to ensure their children are safe, or of employers who want to ensure their staff are where they should be during work hours. That said, those who use such software to spy on individuals without their knowledge or consent are violating ethical standards and breaking the law. And if the software or code is specifically designed to hide itself, as with trojan spyware or spying code—then a line has certainly been crossed. You’re now neck deep in the shady gumshoe world of stalkerware.
There’s a huge range of “spyware” or “monitoring” apps available on the market today, including Retina-X, FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, Spyera, SpyBubble, and Android Spy. Given the often covert nature of the industry, it’s hard to get an accurate picture of exactly how widespread the use of such software for stalking is, although the number of titles on the market should give some indication. Reports from 2017 suggested 130,000 people had an account with Retina-X or FlexiSpy, while it was claimed a few years prior that mSpy had as many as two million users.
Stalkerware, or the use of monitoring software for stalking, represents not only a gross intrusion into your privacy, but also a possible security concern if the companies running these apps are themselves hacked or accidentally leak data belonging to victims of their customers.
How do I know if my phone has been hit?
It can be quite difficult for users of stalkerware to install the spying app on your device without physical access to it. However, malicious links in emails, texts, on websites, or even on social media could represent a potential threat vector if attackers manage to trick you into clicking through to an unwanted install. Although iOS devices are difficult to tamper with unless they’re jailbroken—and jailbreaking itself is trickier than it used to be—Android users are more exposed.
While ‘legitimate’ GPS trackers and the like (such as Life360 and other monitoring apps) are available on Google Play and can be installed as visible apps, stalkerware is typically available on 3rd-party app stores, is installed without the user’s consent, and will do its best to stay hidden on your device, potentially disguising itself under different app or process names. So here are a few things you can do to spot the tell-tale signs something is not quite right:
|
|
How do I keep my device secure?
By its very nature, stalkerware is designed to stay hidden, so it can be hard to spot. But here are a few ideas to keep your device, and life, free from unwarranted snooping:
|
|
How Trend Micro can help
Trend Micro can help you fight against stalkerware on your Android device with Trend Micro Mobile Security. It can scan your device before, during, and after a download to detect for:
|
|
Depending on the type of stalkerware, it could fall into any of the above categories—but Trend Micro Mobile Security can help fight against all of them. Below are typical test examples of the protection processes it provides against Android malware, PUAs, and stalkerware.
Trend Micro also offers protection from PUAs on PCs and Macs via Trend Micro Security, to deal with the broader threat of stalkerware across multiple fixed as well as mobile platforms. Trend Micro Antivirus for Mac also provides protection against webcam hacks, which can be used for stalking.
Together, both solutions can help protect you—and your Windows and Mac desktops and Android mobile devices—against stalkerware.
Tags: Stalkerware, Antimalware, Antivirus, Endpoint Security, Mobile Security
The post Stalking the Stalkerware appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, read about how the p4 hacking team from Poland won Trend Micro’s Capture the Flag (CTF) competition in Tokyo.
Read on:
Skimming Scams and Redirection Schemes Phish Consumers Credentials Days Before Black Friday
Ahead of Black Friday, cybercriminals are busy rolling out schemes to trick consumers into sharing their card credentials. In one skimming operation, threat actors faked a retailer’s third-party payment service platform (PSP), resulting in a hybrid skimmer-phishing page. Another campaign used redirection malware on WordPress websites so that users would land on their malicious phishing page.
Polish Hacking Team Triumphs in Trend Micro CTF Competition
Machine learning, reverse engineering, and unearthing mobile and IoT vulnerabilities were among the disciplines tested during Trend Micro’s latest international capture the flag (CTF) competition. The fifth Raimund Genes Cup final pitted 13 teams of young hackers against one another. The winning team, p4 from Poland, claimed a ¥1 million prize (US $9,000) and 15,000 Zero Day Initiative points per player at the Tokyo event.
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
CVE-2019-11932, a vulnerability in WhatsApp for Android, was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many applications still use the older version and remain at risk.
Don’t Overlook the Security of Your Supply Chain
In its 2020 Predictions report, Trend Micro states that organizations will face a growing risk from their cloud and the supply chain. The reliance on open source and third-party software and the introduction of modern workplace practices all present immense risks.
Trickbot Appears to Target OpenSSH and OpenVPN Data in Upgraded Password-Grabbing Module
Trickbot, which was a simple banking trojan when it arrived in 2016, has since mutated into a constantly evolving malware family that includes information theft, vulnerability exploitation, and rapid propagation among its capabilities. In Trend Micro’s recent blog, learn more about how to combat Trickbot and other similarly sophisticated threats.
Stranger Hacks into Baby Monitor, Tells Child, ‘I Love You’
A stranger hacked a Seattle couple’s baby monitor and used it to peer around their home remotely and tell the pair’s 3-year-old, “I love you,” the child’s mother said. It’s not the first time the monitor brand in question, Fredi, made by Shenzhen Jinbaixun Technology Co., Ltd., according to its website, has come under fire for being comparatively easy to access.
Microsoft Says New Dexphot Malware Infected More Than 80,000 Computers
Microsoft security engineers detailed today a new malware strain that has been infecting Windows computers since October 2018 to hijack their resources to mine cryptocurrency and generate revenue for the attackers. Named Dexphot, this malware reached its peak in mid-June this year when its botnet reached almost 80,000 infected computers.
How are you protecting yourself from skimming and phishing scams during this holiday season? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition appeared first on .
FreshRSS 