FreshRSS

🔒
❌ About FreshRSS
☷
▽ 🔃
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

DNSTrails v1.0 – DNS intelligence database

By MaxiSoler
DNSTrails is an intelligence database, featuring IP and Domain related data such as current and historical DNS records, current and historical WHOIS, technologies used, subdomains and the ability to...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

OWASP Joomscan v0.0.1

By MaxiSoler
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. If you want to do a...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

PoT – Phishing on Twitter v0.1

By MaxiSoler
PoT (Phishing on Twitter) is phishing tool. It is spoofing target’s friend and creating tweet like him. It all happens automatically. How it works? Collect data from target’s twitter...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

GAN v1.0 – A SSL Subdomain Extractor

By MaxiSoler
GetAltName (or GAN) is a tool that extracts sub-domains or virtual domains directly from SSL certificates found in HTTPS sites. It returns a handy list of sub-domains to ease the phase of information...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Enumdb Beta – Brute Force MySQL and MSSQL Databases

By MaxiSoler
Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Black Hat Arsenal USA 2018 – Call For Tools (Now Closed)

By NJ Ouchn
The Black Hat Arsenal team will once again provide hackers & security researchers the opportunity to demo their newest and latest code! The Arsenal tool demo area is dedicated to independent...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

T.rex_scan v0.2 – Integrate Tools to Audit Web Sites

By MaxiSoler
T.rex_scan only facilitates the visualization when auditing a web page. With this script you can optimize your time, reducing the time you audit a page web since T.rex_scan executes the task you...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Black Hat Arsenal USA 2018 The “w0w” Lineup !!

By NJ Ouchn
Just woow. Finally after few days of reviewing, selecting, unselecting, doubting, screaming and re-reviewing. The Blackhat  & ToolsWatch team released the selected tools for the USA...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Recon Village @ DEFCON 2018 (Hackathon)

By MaxiSoler
ToolsWatch likes open source tools, for that reason we will participate in the Recon Village @ DEF CON 2018 as part of jury. Maxi Soler will be there 🙂 Recon Village is an Open Space with Talks,...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Blackhat Arsenal Europe 2018 CFT Open

By NJ Ouchn
The Black Hat Arsenal team is heading to London with the very same goal: give hackers & security researchers the opportunity to demo their newest and latest code. The Arsenal tool demo area is...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

HITB Armory – Call for Tools is OPEN! (Dubai, UAE)

By MaxiSoler
We’re pleased to announce the first ever HackInTheBox Armory! The HITB Armory is where you can showcase your security tools to the world. You will get 30 minutes to present your tools onstage,...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Black Hat Arsenal Europe 2018 Lineup Announced

By NJ Ouchn
After days of reviewing the hundreds of submitted tools, ToolsWatch and Black Hat teams selected 50 tools. They will be demonstrated over 2 days the 5th and 6th of December 2018 at the Excel London...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Black Hat Arsenal Asia 2019 CFT Open

By NJ Ouchn
The Black Hat Arsenal team will be back in Singapore with the very same goal: give hackers & security researchers the opportunity to demo their newest and latest code. The Arsenal tool demo area...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Black Hat Arsenal Asia 2019 Lineup Announced

By NJ Ouchn
The Black Hat Arsenal event is back to Singapore after a successful session in London. In case you are attending the Blackhat Asia 2019, do not forget to stop by the Arsenal because we have selected...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Amazing Black Hat Arsenal USA 2019 Lineup Announced

By NJ Ouchn
After days of though reviewing, the whole Arsenal team has selected nearly 94 tools. Most of them will be released during the event. This USA session will introduce as well a new daily meet-up in the...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Introducing the 1st Arsenal Lab USA 2019

By NJ Ouchn
After several years of a dazzling success of the famous Black Hat Arsenal, the team has brainstormed to offer some new entertainment.Several ideas have been reviewed however the principle of an...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Stalking the Stalkerware

By Trend Micro
A recently released survey interviewed black hat hackers to get a better sense of the strategies and methodologies today's cybercriminals are using.

Ever get the feeling you’re being followed? Unfortunately, when it comes to our digital lives, this is increasingly the case. But while we’re all keen to boost our followers on social media, it’s a different matter when it comes to anonymous third parties secretly stalking us online. Yes, we’re already tracked by ISPs every time we go online, or by web providers like Google and social sites like Facebook and Twitter. But in these cases, we do get a little back in return: more streamlined, personalized services, and at the least, more relevant (if annoying) advertising. In the best scenario, though, we’d never be tracked without our consent.

With a phenomenon known as stalkerware, however, there’s zero gain for the victim. This is nothing short of government-style surveillance software used by individuals to spy on others – usually someone you know.

What is stalkerware?

We’re all spending more time on our smartphones. For the first time ever this year, time spent on mobile devices exceeded that spent in front of the TV. By 2021, it’s predicted that Americans will be glued to their handsets for nearly four hours per day. We chat and flirt with friends on social media. We post our photos and status updates. We email, text, IM and call via our devices. We also shop, hail taxis, or navigate around town, listen to music or watch YouTube or TV, and even bank online – all from the mini-computer in the palm of our hands.

Unfortunately, for some of us, there are people out there that want to know what we’re doing and who we’re with at all times. It could be a jealous partner, a jilted ex, over-protective parents, or even a suspicious employer. For them, a whole mini-industry has appeared over the past couple of years selling monitoring software, or more treacherously, trojan spyware and code that can hide itself, so you don’t even know it’s on your device. For just a few dollars, individuals can get their hands on an app which can monitor everything you do on your device. This includes

  • SMS messages
  • GPS coordinates/location
  • Emails
  • Web browsing
  • Keystroke logging
  • Photo, video, and audio recording

Breaking the law

Let’s be clear: it’s when monitoring software—and certainly, spyware—is used for stalking that it really becomes stalkerware. That means firms selling monitoring software may be operating in a grey area ethically and legally, depending on how the software is used. While they’re technically legitimate, the surveillance software is usually branded in such a way as to keep them just this side of the law. Think of concerned parents who want to ensure their children are safe, or of employers who want to ensure their staff are where they should be during work hours. That said, those who use such software to spy on individuals without their knowledge or consent are violating ethical standards and breaking the law. And if the software or code is specifically designed to hide itself, as with trojan spyware or spying code—then a line has certainly been crossed. You’re now neck deep in the shady gumshoe world of stalkerware.

There’s a huge range of “spyware” or “monitoring” apps available on the market today, including Retina-X, FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, Spyera, SpyBubble, and Android Spy. Given the often covert nature of the industry, it’s hard to get an accurate picture of exactly how widespread the use of such software for stalking is, although the number of titles on the market should give some indication. Reports from 2017 suggested 130,000 people had an account with Retina-X or FlexiSpy, while it was claimed a few years prior that mSpy had as many as two million users.

Stalkerware, or the use of monitoring software for stalking, represents not only a gross intrusion into your privacy, but also a possible security concern if the companies running these apps are themselves hacked or accidentally leak data belonging to victims of their customers.

How do I know if my phone has been hit?

It can be quite difficult for users of stalkerware to install the spying app on your device without physical access to it. However, malicious links in emails, texts, on websites, or even on social media could represent a potential threat vector if attackers manage to trick you into clicking through to an unwanted install. Although iOS devices are difficult to tamper with unless they’re jailbroken—and jailbreaking itself is trickier than it used to be—Android users are more exposed.

While ‘legitimate’ GPS trackers and the like (such as Life360 and other monitoring apps) are available on Google Play and can be installed as visible apps, stalkerware is typically available on 3rd-party app stores, is installed without the user’s consent, and will do its best to stay hidden on your device, potentially disguising itself under different app or process names. So here are a few things you can do to spot the tell-tale signs something is not quite right:

  • Check the setting which allows apps to be downloaded outside the official Google Play store (which doesn’t allow stalkerware). The UI can vary depending on manufacturer, but try Settings -> Security -> Allow unknown sources. If it’s on and you didn’t turn it on, you might have a problem.
  • Check to see if there are any unusual apps on your phone that you can’t remember downloading/installing.
  • Check Settings ->Applications -> Running Services to see if there are any unusual looking services running on your device. Try Googling ones you’re unfamiliar with.
  • Stalkerware could slow your device down, so if you’re noticing any major hit to performance, it could be worth investigating further.
  • Of course, if you start getting messages from the stalker, as in “I’m watching you!” it’s time to scour your device for the offending spying app or code.

How do I keep my device secure?

By its very nature, stalkerware is designed to stay hidden, so it can be hard to spot. But here are a few ideas to keep your device, and life, free from unwarranted snooping:

  • Don’t let your device out of your sight.
  • Don’t click on suspicious links in unsolicited emails, texts, social media messages, etc.
  • Install AV on your device from a reputable vendor who’s publicly addressed the stalkerware problem, to help spot any unusual/malicious activity like keylogging—as well as (potentially) the stalkerware itself. If the AV can catch potentially unwanted applications (PUAs), it could spot the stalkerware, though the AV industry as a whole needs to improve its algorithms for protection from stalkerware.
  • Keep an eye on what apps have been installed on the device.
  • Switch on two-factor authentication for your online accounts, so that even if a third-party has your passwords, they won’t be able to log-in as you, particularly for financial accounts.
  • Use a Password Manager to store long, strong and unique passwords for all your accounts, out of reach of a snooper.

How Trend Micro can help

Trend Micro can help you fight against stalkerware on your Android device with Trend Micro Mobile Security. It can scan your device before, during, and after a download to detect for:

  • Malware, defined as any software intentionally designed to cause damage, which can include theft of private data.
  • Potentially unwanted applications (PUAs), classified as “grayware” (as is stalkerware), which can be created by both legitimate and illegitimate publishers, but that are potentially a threat to your security or privacy.
  • High risk applications – An extension of PUAs, which clearly pose a serious risk to the user’s privacy by asking for too much access to your personal data.

Depending on the type of stalkerware, it could fall into any of the above categories—but Trend Micro Mobile Security can help fight against all of them. Below are typical test examples of the protection processes it provides against Android malware, PUAs, and stalkerware.

Trend Micro also offers protection from PUAs on PCs and Macs via Trend Micro Security, to deal with the broader threat of stalkerware across multiple fixed as well as mobile platforms. Trend Micro Antivirus for Mac also provides protection against webcam hacks, which can be used for stalking.

Together, both solutions can help protect you—and your Windows and Mac desktops and Android mobile devices—against stalkerware.

Tags: Stalkerware, Antimalware, Antivirus, Endpoint Security, Mobile Security

The post Stalking the Stalkerware appeared first on .

Network security simplified with Amazon VPC Ingress Routing and Trend Micro

By Trend Micro

Today, Amazon Web Services (AWS) announced the availability of a powerful new service, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to customers—enabling new approaches to network security. Trend Micro™ TippingPoint™ and Trend Micro™ Cloud One integrate with Amazon VPC Ingress Routing deliver network security that allows customers to quickly obtain compliance by inspecting both ingress and egress traffic. This gives you a deployment experience designed to eliminate any disruption in your business.

Cloud network layer security by Trend Micro

A defense-in-depth or layered security approach is important to organizations, especially at the cloud network layer. That being said, customers need to be able to deploy a solution without re-architecting or slowing down their business, the problem is, previous solutions in the marketplace couldn’t meet both requirements.

So, when our customers asked us to bring TippingPoint intrusion prevention system (IPS) capabilities to the cloud, we responded with a solution. Backed by industry leading research from Trend Micro Research, including the Zero Day Initiative™, we created a solution that includes cloud network IPS capabilities, incorporating detection, protection and threat disruption—without any disruption to the network.

At AWS re:Invent 2018, AWS announced the launch of Amazon Transit Gateway. This powerful architecture enables customers to route traffic through a hub and spoke topology. We leveraged this as a primary deployment model in our Cloud Network Protection, powered by TippingPoint, cloud IPS solution, announced in July 2019. This enabled our customers to quickly gain broad security and compliance, without re-architecting. Now, we’re adding a flexible new deployment model.

 

Enhancing security through partnered innovation

This year we are excited to be a Launch Partner for Amazon VPC Ingress Routing, a new service that allows for customers to gain additional flexibility and control in their network traffic routing. Learn more about this new feature here.

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

By enabling customers to redirect their north-south traffic flowing in and out of a VPC through internet gateway and virtual private gateway to the Trend Micro cloud network security solution. Not only does this enable customers to screen all external traffic before it reaches the subnet, but it also allows for the interception of traffic flowing into different subnets, using different instances of the Trend Micro solution.

Trend Micro customers now have the ability to have powerful cloud network layer security in AWS leveraging Amazon VPC Ingress Routing. With this enhancement, customers can now deploy in any VPC, without any disruptive re-architecture and without introducing any additional routing or proxies. Deploying directly inline is the ideal solution and enables simplified network security without disruption in the cloud.

 

What types of protection can customers expect?

When you think of classic IPS capabilities, of course you think of preventing inbound attacks. Now, with Amazon VPC Ingress Routing and Trend Micro, customers can protect their VPCs in even more scenarios. Here is what our customers are thinking about:

  • Protecting physical and on-premises assets by routing that traffic to AWS via DirectConnect or VPN
  • Detecting compromised cloud workloads (cloud native or otherwise) and disrupting those attacks, including DNS filters and geo-blocking capabilities
  • Preventing lateral movement between multi-tiered applications or between connected partner ecosystems
  • Prevention for cloud-native threats, including Kubernetes® and Docker® vulnerabilities, and container image and repository compromises occurring when pulled into VPCs

 

Trend Micro™ Cloud One ­– Network Security

Amazon VPC Ingress Ingress Routing will be available as a deployment option soon for Cloud Network Protection, powered by TippingPoint, available in AWS Marketplace. It will also be available upon release of our recently announced Trend Micro™ Cloud One – Network Security, a key service in Trend Micro’s new Cloud One, a cloud security services platform.

The post Network security simplified with Amazon VPC Ingress Routing and Trend Micro appeared first on .

Objective By The Sea & ToolsWatch To Organize The First Edition Of macOS “Aloha” Armory (CLOSED)

By NJ Ouchn
We are extremely pleased and excited to announce our recent partnership with the renowned Objective By The Sea to promote a security & hacking tools demonstration area exclusively macOS oriented....

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How To Get The Most Out Of Industry Analyst Reports

By Trend Micro

Whether you’re trying to inform purchasing decisions or just want to better understand the cybersecurity market and its players, industry analyst reports can be very helpful. Following our recent accolades by Forrester and IDC in their respective cloud security reports, we want to help customers understand how to use this information.

Our VP of cybersecurity, Greg Young, taps into his past experience at Gartner to explain how to discern the most value from industry analyst reports.

The post How To Get The Most Out Of Industry Analyst Reports appeared first on .

Parental Controls – Trend Micro Home Network Security has got you covered

By Trend Micro

We continue our three-part series on protecting your home and family. If you missed our first part, you can find it here

Are your kids at that formative age when they’re beginning to use mobile devices? How about at that inquisitive age when they start to discover the wonders of the Internet? Or that age when they tend to be more carefree and self-indulgent?

The Internet and the digital devices our children use are valuable tools when used the right way. They give them access to a wide range of information, pave the way to explore worthwhile ideas, and keep them socially connected with family, relatives and friends. That said, though there are big advantages to kids’ use of the Internet, there are dangers as well. Part 2 of our 3-part series on home network security discusses those dangers to your children and what you can do to protect them, leveraging Trend Micro Home Network Security’s Parental Controls to help you do so.

Internet Access Threats are Real

Gone are the days when simple malware was the focal point for internet safety. Nowadays, children have so many devices giving them access to the internet, unknown dangerous situations have multiplied. As a parent, the challenges include the following:

  • Your children can come across unwanted or explicit content (such as porn), whether intentionally or unintentionally.
  • Your children can become victims of cyber bullies or internet predators through messaging apps they use or websites they visit.
  • Your kids could be concealing their delinquent online activities from you.
  • There also may be apps your kids are using that you don’t approve of. Conversely, there may be apps you approve, but your kids are spending too much time on them.
  • Your youngers could be consuming too much time with their digital devices, instead of studying or doing other productive activities.

Parental Controls: Your Silent Partner

Finding the right balance between parenting and controlling the child’s use or possible misuse of the internet is tricky. Here’s where Trend Micro Home Network’s (HNS) Parental Controls can come in. In addition to protecting your home network from security risks and attacks, HNS also provides a robust and flexible parental control system to keep internet usage safe for your children. Controls include:

  • Web Access Control and Monitoring, which gives parents the ability to allot Daily Time Quotas as well as to implement a Customizable Schedule for your child’s screen time. The controls include the means to Pause Internet Access by each Family Member’s Profile; and they also provide general Online Connectivity Monitoring for observing family members’ internet usage.
  • Website and Content Filtering blocks inappropriate websites and content. It also enables parents to turn on Google Safe Search and YouTube Restricted Mode.
  • App Controls manages YouTube Pause and Time Limits. In addition, App Detection alerts you if your children are detected using potentially inappropriate apps.

Parental Controls that Work for You

Protecting your family members online starts with Adding a Profile.

You can add a new Profile for each Family Member and assign to them the devices they control. To do this, you can just simply tap Family in the Command Menu and choose the family member by tapping Add Someone. This will let you provide the Profile Name and Profile Picture as well as Assign Devices to the person by tapping the device(s) in the Unassigned panel. The devices you select will then be automatically moved into the ownership panel for that person. Tap Done and you’ll be presented with the Settings screen for that child’s Profile, where you can configure Parental Controls as you see fit.

Website Filtering

Next, let’s proceed with the most common component: Website Filtering.

  • To set this up, tap Set Up Now for Filtering to block inappropriate websites and content for this family member.
  • Once the Filtering screen appears, you can toggle on Get Notifications for this family member when selected websites are visited, and Block to block selected websites for this family member’s profile.
  • You can also tap the appropriate pre-configured setting for the Age Level for this particular profile. You can choose from Child, Pre-Teen, and Teen; or tap Custom to manually select categories and subcategories to block. Filtered Categories include: Adult or Sexual (e.g. Pornography), Communication or Media (e.g. Social Networking), Controversial (e.g. Violence, Hate, Racism) and Shopping and Entertainment (e.g. Games, Gambling).
  • There may be instances where you may want to set exceptions to allow specific websites to be accessed or blocked. To do so, tap Set Exceptions and then add the website URL to either the Allowed List or Denied List.

Content Filtering

Moving on, you can also set up Content Filtering.

  • Setting up Content Filtering is quite straightforward. For example, you can toggle Turn On Google Safe Search to filter Google search results on your child’s phone, tablet or computer within your home network.
  • Likewise, all you need to do to restrict mature, inappropriate and offensive content on YouTube search results on your child’s devices is to toggle Turn On YouTube Restricted Mode.

App Controls

To continue, there are apps that parents disapprove of, but there are always those instances when the children try to use them anyway against their parent’s wishes. That’s when you can choose to be informed of the Inappropriate Apps Used by your children.

  • You can achieve this by tapping Set Up Now under Inappropriate App Used and then enabling Get Notifications.
  • You can then choose from the App Categories such as Games, Adult, Social Network or Chat, Shopping or Advertisement, Media/Streaming, Dating and VPN, which will send an alert once those selected apps are used by your kids on their respective devices.

Time Limits and Notifications

Even when you try to teach your kids about being responsible about their online time, it’s easier said than done. Thus, parents or guardians can schedule the hours of screen time their children are allowed each day, along with the hours when screen time is available. HNS’s Parental Controls provide both of these features and more.

  • To set up Time Limits, just tap Set Up Now to bring up Add First Rule. You can select the days for this rule and the number of hours per day that your child can use the internet.
  • You can indicate the Internet Time Limit and Time on YouTube by scrolling back and forth to see the limits available, then tap the total time per day you want to allow.
  • Once you set the limits, you may want to toggle Get Notifications to tip you off when your child reaches the limit.
  • Next, you’ll set the time period when your child can use the Internet by tapping the From and To fields, and moving the Time Wheelbar accordingly for the Beginning and Ending
  • You can opt to be informed by selecting Get Notifications when your child attempts to use the internet outside the allowed time period, as well as Block Internet Access for the child when they do.
  • Before tapping Done to finalize the rule(s), the Rule Complete screen shows a summary of the rule you’ve set, providing a clock to show the Allowed Time, the Days for which the rule is set, the Hours of Internet allowed, including any time allowed for YouTube viewing, and the Times

Connection Alerts

Last but not least, since it’s tough to keep monitoring when your child is online, tapping Trend Micro HNS’ Connection Alert to toggle it on makes it easier for parents to get notifications when their kid’s digital devices connect to the home network during a specified time period.

In the end, Trend Micro Home Network Security’s Parental Controls can assist parents in dealing with the online safety challenges all children are exposed to in the 21st century. HNS’ flexible and intuitive feature set comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts support every parent or guardian’s goal to ensure a safe and secure internet experience for their kids. Coupled with kind face-to-face conversations, where you let your children know your care for them extends to how they use the Internet, HNS becomes your silent partner when ensuring your family’s safety.

For more information, go to Trend Micro Home Network Security.

The post Parental Controls – Trend Micro Home Network Security has got you covered appeared first on .

Celebrating Decades of Success with Microsoft at the Security 20/20 Awards

By Sanjay Mehta

Effective collaboration is key to the success of any organization. But perhaps none more so than those working towards the common goal of securing our connected world. That’s why Trend Micro has always been keen to reach out to industry partners in the security ecosystem, to help us collectively build a safer world and improve the level of protection we can offer our customers. As part of these efforts, we’ve worked closely with Microsoft for decades.

Trend Micro is therefore doubly honored to be at the Microsoft Security 20/20 awards event in February, with nominations for two of the night’s most prestigious prizes.

Better together

No organization exists in a vacuum. The hi-tech, connectivity-rich nature of modern business is the source of its greatest power, but also one of its biggest weaknesses. Trend Micro’s mission from day one has been to make this environment as safe as possible for our customers. But we learned early on that to deliver on this vision, we had to collaborate. That’s why we work closely with the world’s top platform and technology providers — to offer protection that is seamless and optimized for these environments.

As a Gold Application Development Partner we’ve worked for years with Microsoft to ensure our security is tightly integrated into its products, to offer protection for Azure, Windows and Office 365 customers — at the endpoint, on servers, for email and in the cloud. It’s all about simplified, optimized security designed to support business agility and growth.

Innovating our way to success

This is a vision that comes from the very top. For over three decades, our CEO and co-founder Eva Chen has been at the forefront of industry leading technology innovation and collaborative success at Trend Micro. Among other things during that time, we’ve released:

  • The world’s first hardware-based system lockdown technology (StationLock)
  • Innovative internet gateway virus protection (InterScan VirusWall)
  • The industry’s first two-hour virus response service-level agreement
  • The first integrated physical-virtual security offering, with agentless threat protection for virtualized desktops (VDI) and data centers (Deep Security)
  • The first ever mobile app reputation service (MARS)
  • AI-based writing-style analysis for protection from Business Email Compromise (Writing Style DNA)
  • Cross-layer detection and response for endpoint, email, servers, & network combined (XDR)
  • Broadest cloud security platform as a service (Cloud One)

Two awards

We’re delighted to have been singled out for two prestigious awards at the Microsoft Security 20/20 event, which will kick off RSA Conference this year:

Customer Impact

At Trend Micro, the customer is at the heart of everything we do. It’s the reason we have hundreds of researchers across 15 threat centers around the globe leading the fight against emerging black hat tools and techniques. It’s why we partner with leading technology providers like Microsoft. And it’s why the channel is so important for us.

Industry Changemaker: Eva Chen

It goes without saying that our CEO and co-founder is an inspirational figure within Trend Micro. Her vision and strong belief that our only real competition as cybersecurity vendors are the bad guys and that the industry needs to stand united against them to make the digital world a safer place, guides the over 6000 employees every day. But she’s also had a major impact on the industry at large, working tirelessly over the years to promote initiatives that have ultimately made our connected world more secure. It’s not an exaggeration to say that without Eva’s foresight and dedication, the cybersecurity industry would be a much poorer place.

We’re all looking forward to the event, and for the start of 2020. As we enter a new decade, Trend Micro’s innovation and passion to make the digital world a safer place has never been more important.

 

The post Celebrating Decades of Success with Microsoft at the Security 20/20 Awards appeared first on .

The Everyday Cyber Threat Landscape: Trends from 2019 to 2020

By Trend Micro

The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.

To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.

As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.

Top five threats of 2019

Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:

Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.

Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.

Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.

Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.

Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.

What to look out for in 2020

Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.

Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.

Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.

All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts.  Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.

Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.

How to stay safe

Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:

Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.

Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).

Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.

Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.

Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.

How Trend Micro can help

Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.

Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.

Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.

Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.

Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.

Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.

Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.

The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .

The Summit of Cybersecurity Sits Among the Clouds

By Trend Micro

Trend Micro Apex One™ as a Service

You have heard it before, but it needs to be said again—threats are constantly evolving and getting sneakier, more malicious, and harder to find than ever before.

It’s a hard job to stay one step ahead of the latest threats and scams organizations come across, but it’s something Trend Micro has done for a long time, and something we do very well! At the heart of Trend Micro security is the understanding that we have to adapt and evolve faster than hackers and their malicious threats. When we released Trend Micro™ OfficeScan™ 11.0, we were facing browser exploits, the start of advanced ransomware and many more new and dangerous threats. That’s why we launched our connected threat defense approach—allowing all Trend Micro solutions to share threat information and research, keeping our customers one step ahead of threats.

 

With the launch of Trend Micro™ OfficeScan™ XG, we released a set of new capabilities like anti-exploit prevention, ransomware enhancements, and pre-execution and runtime machine learning, protecting customers from a wider range of fileless and file-based threats. Fast forward to last year, we saw a huge shift in not only the threats we saw in the security landscape, but also in how we architected and deployed our endpoint security. This lead to Trend Micro Apex One™, our newly redesigned endpoint protection solution, available as a single agent. Trend Micro Apex One brought to the market enhanced fileless attack detection, advanced behavioral analysis, and combined our powerful endpoint threat detection capabilities with our sophisticated endpoint detection and response (EDR) investigative capabilities.

 

We all know that threats evolve, but, as user protection product manager Kris Anderson says, with Trend Micro, your endpoint protection evolves as well. While we have signatures and behavioral patterns that are constantly being updated through our Smart Protection Network, attackers are discovering new tactics that threaten your company. At Trend Micro, we constantly develop and fine-tune our detection engines to combat these threats, real-time, with the least performance hit to the endpoint. This is why we urge customers to stay updated with the latest version of endpoint security—Apex One.”

Trend Micro Apex One has the broadest set of threat detection capabilities in the industry today, and staying updated with the latest version allows you to benefit from this cross-layered approach to security.

 

One easy way to ensure you are always protected with the latest version of Trend Micro Apex One is to migrate to Trend Micro Apex One™ as a Service. By deploying a SaaS model of Trend Micro Apex One, you can benefit from automatic updates of the latest Trend Micro Apex One security features without having to go through the upgrade process yourself. Trend Micro Apex One as a Service deployments will automatically get updated as new capabilities are introduced and existing capabilities are enhanced, meaning you will always have the most recent and effective endpoint security protecting your endpoints and users.

 

Trend Micro takes cloud security seriously, and endpoint security is no different. You can get the same gold standard endpoint protection of Trend Micro Apex One, but delivered as a service, allowing you to benefit from easy management and ongoing maintenance.

The post The Summit of Cybersecurity Sits Among the Clouds appeared first on .

INTERPOL Collaboration Reduces Cryptojacking by 78%

By Trend Micro

Cybercriminals are often seen as having the upper hand over the “white hat” community. After all, they’re anonymous, can launch attacks from virtually anywhere in the world, and usually have the element of surprise. But there’s one secret weapon the good guys have: Collaboration. That’s why Trend Micro has always prioritized its partnerships with law enforcement, academia, governments and other cybersecurity businesses.

We’re proud to have contributed to yet another successful collaborative operation with INTERPOL Global Complex for Innovation (IGCI) in Singapore that’s helped to reduce the number of users infected by cryptomining malware by 78%.

Cryptomining On The Rise

Also known as cryptojacking, these attacks have become an increasingly popular way for cybercriminals to make money.

Why?

Because victims don’t know they’ve been infected. The malware sits on their machine in the background mining for digital currency 24/7/365. Increasingly, hackers have taken to launching sophisticated attacks against enterprise IT systems and cloud servers to increase their mining and earning potential. But many still target home computer systems like routers, as these are often left relatively unprotected. Stitch enough of these devices together in a botnet and they have a ready-made cash cow.

That’s why cryptojacking remained the most detected threat in the first half of 2019 in terms of file-based threat components, according to our data.

Unlike serious data breaches, phishing attacks, ransomware and banking Trojans, cryptojacking doesn’t have major impact on the victim. They don’t lose sensitive personal data, there’s no risk of follow-on identity fraud and they’re not extorted for funds by being locked out of their PC.

However, it’s not without consequences: Cryptomining malware can slow your home network to a crawl while running up serious energy bills. It may even bring your home computers to a premature end. Also, there’s always the risk with any kind of malware infection that hackers may switch tactics and use their footprint on your home machines to launch other attacks in the future.

Enter Operation Goldfish Alpha

That’s why we were keen to offer our assistance to INTERPOL during this year’s Operation Goldfish Alpha. Thanks to our broad global visibility into attack trends and infection rates, we were able to articulate the scale of the cryptojacking threat and key mitigation steps, at a pre-operation meeting with ASEAN law enforcement officers in June.

A few months later, we developed and disseminated a key Cryptojacking Mitigation and Prevention guidance document. It details how a vulnerability in MikroTik routers had exposed countless users in the region to the risk of compromise by cryptomining malware. The document explains how to scan for this flaw using Trend Micro HouseCall for Home Networks, and how HouseCall can be used to detect and delete the Coinhive JavaScript that hackers were using to mine for digital currency on infected PCs.

Spectacular Success

Over the five months of Operation Goldfish Alpha, experts from national Computer Emergency Response Teams (CERTs) and police across 10 countries in the region worked to locate the infected routers, notify the victims and use our guidance document to patch the bugs and kick out the hackers.

Having helped to identify over 20,000 routers in the region that were hacked in this way, we’re delighted to say that by November, the number had reduced by at least 78%.

That’s the value of partnerships between law enforcement and private cybersecurity companies: They combine the power of investigative policing with the detailed subject matter expertise, visibility and resources of industry experts like us. We’ll continue to lend a hand wherever we can to make our connected, digital world a safer place.

The post INTERPOL Collaboration Reduces Cryptojacking by 78% appeared first on .

Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601

By Trend Micro

So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitimate, leading to potentially disastrous man-in-the-middle attacks.

 

Here’s the good news. Microsoft has already released a patch to protect against any exploits stemming from this vulnerability. But here’s the catch: You have to patch!

While Trend Micro offers industry-leading virtual patching capabilities via our endpoint, cloud, and network security solutions, the best protection against vulnerabilities is to deploy a real patch from the software vendor. Let me say it again for effect – the best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update.

We understand how difficult it can be to patch systems in a timely manner, so we created a valuable tool that will test your endpoints to see if whether they have been patched against this latest threat or if they are still vulnerable. Additionally, to ensure you are protected against any potential threats, we have just released additional layers of protection in the form of IPS rules for Trend Micro Deep Security™ and Trend Micro Vulnerability Protection™ (including Trend Micro Apex One™).  This was rolled out to help organizations strengthen their overall security posture and provide some protection during lengthy patching processes.

 

You can download our Trend Micro Vulnerability Assessment Tool right now to see if you are protected against the latest Microsoft vulnerability. And while you’re at it, check out our latest Knowledge Based Article for additional information on this new vulnerability along with Trend Micro security capabilities that help protect customers like you 24/7. Even during those quiet days in January.

The post Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 appeared first on .

CVE In The Hook – Monthly Vulnerability Review (January 2020 Issue)

By NJ Ouchn
Every day, new common vulnerabilities and exploits are publicly exposed. While this brings these flaws

How to Manage Your Privacy On and Off Facebook

By Trend Micro

Social media has come a long way in a short space of time. In a little over a decade, it’s grown from being the preserve of a relatively small group of online enthusiasts to one of the defining trends of 21st century life. As the undisputed global leader in this field, Facebook now boasts nearly 1.7 billion daily active users.

Not only do we share personal and global news, photos and videos with each other every day on the site, we also log-in to our favorite third-party websites and apps via Facebook to shop, chat, play games and much more. In short, social media makes life more fun, more social, and more connected.

But at the same time, our digital lives have become more complicated. Sometimes we share without realizing the significance of the data we’re showing others — including strangers, trolls and maybe even fraudsters. Sometimes we sign-up for third-party apps/services that take advantage of small print agreements to sell our data on to others — possibly for uses we did not want. And often, the websites we visit independently of Facebook send data on our browsing behavior back to the social network without our knowledge.

Some of us view this kind of tracking as the price we pay for free internet services, and welcome the improved personalization it enables. But others may feel creeped out that their family’s every click and swipe is being silently monitored, logged, and shared.

Time for action

The good news is that Facebook has been listening (to some extent!) to regulators and consumers, and has started the new year by offering users more tools to shine a light on where and how their data is being used, and how they can protect their privacy. But we’re talking here about a platform that has been growing non-stop for the past 15 years. Complexity is everywhere, and it’s not always easy to find the tools you need to enhance your privacy on the site.

That’s why we’ve put together this short guide. It’ll teach you where your privacy is most at risk on Facebook, and what you can do to manage these risks, including an assist by Trend Micro’s own Privacy Scanner tool.

Why should I be worried?

Although social media offers much to enrich and improve our lives, there are multiple levels of privacy risk involved in using it. For many of us, the stakes have risen almost silently in the background over the past few years. We can split these into three basic areas:

Oversharing: At a very basic level Facebook allows you to share news, pictures, stories and more with the world. But would you want your boss, prospective employer, law enforcement, credit agencies and other users to see every little thing about you? Yes, they increasingly use Facebook as a source of intelligence gathering, so you may want to limit who can view your information to just those in your friendship network.

Among the most prodigious collectors and monetizers of our private data are cyber-criminals. A Facebook account is a trove of sensitive personal information: everything from email addresses and phone numbers to partners and political preferences. It could all be leveraged to commit identity fraud or craft convincing phishing emails which trick you into giving away even more details. Something as innocuous as a photo of a family pet could provide hackers with some useful intel for guessing your online passwords. Or what about a real-time update from the beach? It might be all an opportunistic burglar needs to raid your home.

Third-party apps and websites: One of the most controversial aspects of data collection and use on Facebook relates to partner sites and services. Often, users sign-up for these apps without being fully aware of how their data will be used, or even what profile data the app may be gaining permission to harvest. It was data on 87 million Facebook users and their friends collected by a popular third-party personality test app that ended up being sold to Cambridge Analytica. It was then controversially used to target US voters ahead of the last Presidential election.

Following a huge FTC fine, Facebook is now more rigorous in ensuring third-party developers comply with its privacy and data use policies. But some users may still balk at their private data being sold on to third parties.

Other Off-Facebook activity: Apps and websites that you log into with your Facebook ID technically count as “off-Facebook activity”: that is, stuff that happens outside of the social site. But there’s more. Did you know, for example, that Facebook collects data from a huge number of additional sites and apps that aren’t obviously connected to the platform?

It uses code embedded on these sites to track what you do there, in order to make advertising on Facebook more targeted and personalized. So accurate and covert is this technology that it has given rise to a conspiracy theory that Facebook is somehow listening in to its users’ phone calls. It’s not. Users simply don’t know that, when they visit many sites and apps on the web, those same sites are secretly sending data back to Facebook, which then serves up relevant ads. Just bought Season One of your favorite show on a streaming app? You may get an ad for Season Two when you next visit your Facebook account.

Some people may be fine with this trade-off: privacy for a more tailored user experience. But many others may not. It’s one thing monitoring what you bought off an e-commerce site, quite another to track who you swiped left on when you were last on a dating site.

How can I manage my privacy better?

Fortunately, Facebook provides tools to help you to manage your privacy. Let’s go through some of them, from the newest to the oldest.

Off-Facebook
Facebook has just released a way of checking which sites/apps track and send data on your web usage back to the social network, clearing your data sharing history with them, and disconnecting for the future.

  • The Off-Facebook Activity tool can be reached here, or you can go to Settings > Your Facebook Information > Off-Facebook Activity.
  • Click Manage Your Off-Facebook Activity and you’ll see a list of the (possibly many) apps and sites that have shared info about you with Facebook, including how they shared the data, and what kind of data it is.
  • You can turn off this activity by going to Clear History. However, to prevent such data sharing in future, you will need to go to Manage Future Activity and then toggle it Off.

There are some caveats. Disconnecting in this way will log you out of any apps/sites you used Facebook to log into. In addition, it will not stop Facebook serving you advertising — you’ll get the same number of ads, except these won’t be as personalized as before. Facebook will also continue to receive information about your interactions on various sites, but this will be anonymized.

Particular apps, games and websites

You can also directly edit the privacy and settings of particular apps, games and websites you’ve logged into with your Facebook account.

  • Go here, or click Settings, then Apps and Websites in the menu on the left.
  • Click the name of the app, game or website you want to update, or Search Apps and Websites with the Search tool on the upper right to find it.
  • Once you’ve found the app, game, or website in question, update the information you’re sharing, who can see that you use it, and the notifications you receive.
  • Click Save to save your changes.

Basic privacy settings

Facebook has also overhauled its most basic privacy settings. Its Privacy Checkup tool features four distinct sections.

  • Click at the top of any page on Facebook and select Privacy Checkup. Then choose
  • Who Can See What You Share to review and change who can view your profile info and posts, and to block individuals if you wish.
  • How to Keep Your Account Secure to choose a stronger password and turn on login alerts.
  • How People Can Find You On Facebook enables you to choose who can look you up and send friend requests.
  • Your Data Settings on Facebook provides a list of apps and sites you’ve used Facebook to log-in to and allows you to remove these.

How Trend Micro can help

An easier option for managing your basic privacy on Facebook is the Trend Micro Privacy Scanner, which is available within Trend Micro Security on Windows and Mac, and within Mobile Security on Android and iOS. It automates the process of finding and fixing any potentially risky settings to keep your personal data safe from prying eyes.

It’s turned on by default in Trend Micro Internet and Maximum Security, as well as in Mobile Security.

  • Either click on the Privacy icon in the TMS Console, or in the PC or Mac browser click the Trend Micro Toolbar and select Check Your Online Privacy/Check Social Network Privacy
  • In Mobile Security, tap the panel for Social Network Privacy > Facebook.
  • Once you’re signed-in to Facebook, See Scan Results, and then click or tap Fix All, or click or tap on the drop down to view and edit each issue separately.

Facebook is getting better at privacy, but its controls can be hard to find, and functionality is constantly being updated. That’s why we recommend a privacy audit every few months. Check in with your Facebook Privacy settings directly or via the Privacy Scanner to make sure you’re not leaking personal data. Privacy is subjective, but we’re all getting more critical about how big corporations use our data — and that’s not a bad thing.

Go here for more information on Trend Micro Security and Trend Micro Mobile Security.

The post How to Manage Your Privacy On and Off Facebook appeared first on .

Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019

By Trend Micro

Variety is welcome in most walks of life, but not when it comes to the threat landscape. Yet that is unfortunately the reality facing modern cybersecurity professionals. As Trend Micro’s 2019  roundup report reveals, hackers have an unprecedented array of tools, techniques and procedures at their disposal today. With 52 billion unique threats detected by our filters alone, this is in danger of becoming an overwhelming challenge for many IT security departments.

In response, many CISOs are rightly re-examining how they approach threat defense. Rather than create potential security gaps and risk budget shortfalls through best-of-breed investments, they’re understanding that it may be better to consolidate on one provider that can do it all.

The state of play

Our report provides an alarming snapshot into a threat landscape characterized by volatility and chaos. Financially motivated cybercriminals collaborate and compete with each other on a daily basis to elicit profits from their victims. And there are plenty of those, thanks to increased investments in cloud and digital platforms that have broadened the corporate attack surface.

Three trends in the report stand out:

Ransomware is on the rise: Although the number of new families fell, the number of detected ransomware components jumped by 10% to top 61 million during the year. Attacks have been causing chaos across the US, particularly among under-funded public sector authorities and schools. The recent outage at Redcar council could be ominous for UK local authorities. As if service downtime wasn’t enough, several groups have also begun stealing sensitive data before they encrypt, and releasing it if victims don’t pay up — which will require organisations to evolve their threat defense strategies.

Phishing is evolving: As always, email-borne attacks accounted for the vast majority (91%) of threats we blocked last year, and increased 15% in volume from 2018. What does this mean? That phishing remains the number one vector for attacks on organisations. Although we noted an overall decline in total attempts to visit phishing sites, there were some spikes. Fraudsters appear to be targeting Office 365 in an attempt to bypass security filters: the number of unique phishing URLs that spoofed the Microsoft cloud platform soared by 100% from the previous year. BEC attacks, which the FBI has claimed cost more than any other cybercrime type last year, grew 5%.

The supply chain is exposed: At the same time, the digital supply chain has rapidly expanded in recent years, exposing more organisations to risk. This was particularly notable in the e-commerce space last year, as Magecart gangs managed to compromise an estimated two million sites. Many of these attacks focused on attacking supply chain partners, which provide JavaScript libraries to the victim sites. We also observed an increase in attacks focused on compromising DevOps tools and deployments, such as misconfigured versions of Docker Engine – Community and unsecured Docker hosts.

What happens now?

This is just the tip of the iceberg. We also detected a 189% brute force IoT logins, an increase in mobile malware, and much more. To regain the initiative in the face of such a wide-ranging set of threats, CISOs may find more value in taking a connected threat defence approach. This would consolidate protection onto a single provider across gateways, networks, servers and endpoints, with underlying threat intelligence optimizing defense at each layer.

Here’s a quick checklist of elements to consider:

  • Network segmentation, regular back-ups and continuous network monitoring to help tackle ransomware
  • Improved security awareness programs so users can better spot BEC and phishing attempts
  • Monitor vulnerabilities and misconfigurations in supply chain partners’ systems to defend against Magecart attacks
  • Scan container images at build and runtime for malware and vulnerabilities
  • Keep all systems and software on latest versions
  • Two-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like RDP and developer tools

To find out more, read Trend Micro’s 2019 roundup report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/the-sprawling-reach-of-complex-threats.

The post Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019 appeared first on .

Tax Scams – Everything you need to know to keep your money and data safe

By Trend Micro

Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.

There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.

Let’s take look at some of the main threats out there and what you can do to stay safe.

What do they want?

Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.

The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.

There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.

Look out for these scams

Here’s a round-up of the most popular tactics used by tax scammers today:

Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.

These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.

In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.

Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.

Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.

Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.

What to do

The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.

Here are a few other recommendations:

  • Install anti-malware from a reputable provider to block phishing emails and websites and prevent malware downloads.
  • Be wary of any unsolicited messages purporting to come from your tax preparer or the IRS. Always contact them directly to check whether it’s a genuine communication or not.
  • Don’t click on any links in unsolicited emails, or download attachments.
  • Obtain an Identity Protection PIN from the IRS before filing your taxes. This will prevent fake returns being filed in your name.
  • Alert phishing@irs.gov about any unsolicited emails from IRS scammers.
  • Protect your log-ins with tax preparation companies. Switch on multi-factor authentication (MFA) if available, and/or use a password manager to make your logins hard to guess or crack.

It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.

According to the IRS tax preparers should put the following internal controls in place:

  • Install anti-malware on all web and storage servers and keep their software automatically updated.
  • Encourage the use of unique, strong passwords via a password manager for each account, and deploy multi-factor authentication technology for clients.
  • Encrypt all sensitive files and emails exchanged with strong password protections.
  • Back-up sensitive data regularly to a secure off-site source.
  • Wipe clean/destroy any old hard drives and printers containing sensitive data.
  • Limit access to taxpayer data to staff who need to know.

How Trend Micro can help

Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.

Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:

  • Protects against phishing links in emails that can take you to fraudulent sites. Its Fraud Buster feature for Gmail and Hotmail extends this to webmail.
  • Blocks malicious website downloads and scans for malware hidden in attachments.
  • Protects against ransomware and theft of sensitive data via Folder Shield.
  • Protects and manages strong, unique passwords with Password Manager, which is bundled with Trend Micro Maximum Security.

To find out more, go to our Trend Micro Security website.

The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .

Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security

By Chris Taylor

On March 3, 2020, the cyber division of Federal Bureau of Investigation (FBI) issued a private industry notification calling out Business Email Compromise (BEC) scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email services, are targeted by cyber criminals based on FBI complaint information since 2014. The scams are initiated through credential phishing attacks in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting the two cloud services. The popularity of Office 365 and G Suite has positioned themselves as attractive targets for cybercriminals.

Trend Micro™ Cloud App Security™ is an API-based service protecting Microsoft® Office 365™, Google G Suite, Box, and Dropbox. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through Office 365 and G Suite’s built-in security.

In 2019, Trend Micro Cloud App Security caught 12.7 million high-risk email threats in addition to what Office 365 and Gmail security have blocked. Those threats include close to one million malware, 11.3 million phishing attempts, and 386,000 BEC attempts. The blocked threats include 4.8 million of credential phishing and 225,000 of ransomware. These are potential attacks that could result in an organization’s monetary, productivity, or even reputation losses.

Trend Micro started publishing its Cloud App Security threat report since 2018. For third year in a row, Trend Micro Cloud App Security is proven to provide effective protection for cloud email services. The following customer examples for different scenarios further show how Cloud App Security is protecting different organizations.

Customer examples: Additional detections after Office 365 built-in security (2019 data)

These five customers, ranging from 550 seats to 80K seats, are across different industries. All of them use E3, which includes basic security (Exchange Online Protection). This data shows the value of adding CAS to enhance Office 365 native security. For example, a transportation company with 80,000 Office 365 E3 users found an additional 16,000 malware, 510,000 malicious & phishing URLs and 27,000 BEC, all in 2019. With the average cost of a BEC attack at $75,000 each and the potential losses and costs to recover from credential phishing and ransomware attacks, Trend Micro Cloud App Security pays for itself very quickly.

Customer examples: Additional Detections after Office 365 Advanced Threat Protection (2019 data)

Customers using Office 365 Advanced Threat Protection (ATP) also need an additional layer of filtering as well. For example, an IT Services company with 10,000 users of E3 and ATP detected an additional 14,000 malware, 713,000 malicious and phishing URLs, and 6,000 BEC in 2019 with Trend Micro Cloud App Security.

Customer examples: Additional Detections after third-party email gateway (2019 data)

Many customers use a third-party email gateway to scan emails before they are delivered to their Office 365 environment. Despite these gateway deployments, many of the sneakiest and hardest to detect threats still slipped though. Plus, a gateway solution can’t detect internal email threats, which can originate from compromised devices or accounts within Office 365.

For example, a business with 120,000 Office 365 users with a third-party email gateway stopped an additional 27,000 malware, 195,000 malicious and phishing emails, and almost 6,000 BEC in 2019 with Trend Micro Cloud App Security.

Customer examples: Additional Detections after Gmail built-in security (2019 data)

*Trend Micro Cloud App Security supports Gmail starting April 2019.

For customer choosing G suite, Trend Micro Cloud App Security can provide additional protection as well. For example, a telecommunication company with 12,500 users blocked almost 8,000 high risk threats with Cloud App Security in just five months.

Email gateway or built-in security for cloud email services is no longer enough to protect organizations from email-based threats. Businesses, no matter the size, are at risk from a plethora of dangers that these kinds of threats pose. Organizations should consider a comprehensive multilayered security solution such as Trend Micro Cloud App Security. It supplements the included security features in email and collaboration platforms like Office 365 and G Suite.

Check out the Trend Micro Cloud App Security Report 2019 to get more details on the type of threats blocked by this product and common email attacks analyzed by Trend Micro Research in 2019.

The post Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security appeared first on .

Smart Check Validated for New Bottlerocket OS

By Trend Micro

Containers provide a list of benefits to organizations that use them. They’re light, flexible, add consistency across the environment and operate in isolation.

However, security concerns prevent some organizations from employing containers. This is despite containers having an extra layer of security built in – they don’t run directly on the host OS.

To make containers even easier to manage, AWS released an open-source Linux-based operating system meant for hosting containers. While Bottlerocket AMIs are provided at no cost, standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.

Bottlerocket is purpose-built to run containers and improves security and resource utilization by only including the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose OS’s.

At Trend Micro, we’re always focused on the security of our customers cloud environments. We’re proud to be a launch partner for AWS Bottlerocket, with our Smart Check component validated for the OS prior to the launch.

Why use additional security in cloud environments

While an OS specifically for containers that includes native security measures is a huge plus, there seems to be a larger question of why third-party security solutions are even needed in cloud environments. We often hear a misconception with cloud deployment that, since the cloud service provider has built in security, users don’t have to think about the security of their data.

That’s simply not accurate and leaves a false sense of security. (Pun intended.)

Yes – cloud providers like AWS build in security measures and have addressed common problems by adding built in security controls. BUT cloud environments operate with a shared responsibility model for security – meaning the provider secures the environment, and users are responsible for their instances and data hosted therein.

That’s for all cloud-based hosting, whether in containers, serverless or otherwise.

 

Why Smart Check in Bottlerocket matters

Smooth execution without security roadblocks

DevOps teams leverage containerized applications to deploy fast and don’t have time for separate security roadblocks. Smart Check is built for the DevOps community with real-time image scanning at any point in the pipeline to ensure insecure images aren’t deployed.

Vulnerability scanning before runtime

We have the largest vulnerability data set of any security vendor, which is used to scan images for known software flaws before they can be exploited at runtime. This not only includes known vendor vulnerabilities from the Zero Day Initiative (ZDI), but also vulnerability intelligence for bugs patched outside the ZDI program and open source vulnerability intelligence built in through our partnership with Snyk.

Flexible enough to fit with your pipeline

Container security needs to be as flexible as containers themselves. Smart Check has a simple admin process to implement role-based access rules and multiple concurrent scanning scenarios to fit your specific pipeline needs.

Through our partnership with AWS, Trend Micro is excited to help ensure customers can continue to execute on their portion of the shared responsibility model through container image scanning by validating that the Smart Check solution will be available for customers to run on Bottlerocket at launch.

More information can be found here: https://aws.amazon.com/bottlerocket/

If you are still interested in learning more, check out this AWS blog from Jeff Barr.

The post Smart Check Validated for New Bottlerocket OS appeared first on .

Suddenly Teleworking, Securely

By Greg Young (Vice President for Cybersecurity)

So you suddenly have a lot of staff working remotely. Telework is not new and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely.

A Lot of New Teleworkers All At Once

This event can’t be treated like a quick rollout of an application: there are business, infrastructure, and customer security impacts. There will be an increase of work for help desks as new teleworkers wrestle with remote working.

Additionally, don’t compound the problem. There is advice circulating to reset all passwords for remote workers. This opens the door for increased social engineering to attempt to lure overworked help desk staff into doing password resets that don’t comply with policy. Set expectations for staff that policy must be complied with, and to expect some delays while the help desk is overloaded.

Business continuity issues will arise as limited planning for remote workers could max out VPN licenses, firewall capacity, and application timeouts as many people attempt to use the same apps through a narrower network pipe.

Help Staff Make A Secure Home Office

In the best of times, remote workers are often left to their own devices (pun intended) for securing their work at home experience. Home offices are already usually much less secure than corporate offices: weak routers, unmanaged PCs, and multiple users means home offices become an easier attack path into the enterprise.

It doesn’t make sense to have workers operate in a less secure environment in this context. Give them the necessary security tools and operational tools to do their business. Teleworkers, even with a company-issued device, are likely to work on multiple home devices. Make available enterprise licensed storage and sharing tools, so employees don’t have to resort to ‘sketchy’ or weak options when they exceed the limits for free storage on Dropbox or related services.

A Secure Web Gateway as a service is a useful option considering that teleworkers using a VPN will still likely be split tunneling (i.e. not going through corporate security devices when browsing to non-corporate sites, etc.), unlike when they are in the corporate office and all connections are sanitized. That is especially important in cases where a weak home router gets compromised and any exfiltration or other ‘phone home’ traffic from malware needs to be spotted.

A simple way to get this information out to employees is to add remote working security tips to any regularly occurring executive outreach.

Operational Issues

With a large majority of businesses switching to a work-from-home model with less emphasis on in-person meetings, we also anticipate that malicious actors will start to impersonate digital tools, such as ‘free’ remote conferencing services and other cloud computing software.

Having a policy on respecting telework privacy is a good preventative step to minimize the risk of this type of attack being successful. Remote workers may be concerned about their digital privacy when working from home, so any way to inform them about likely attack methods can help.

Any steps to prevent staff trying to evade security measures out of a concern over privacy are likely a good investment.

Crisis Specific Risks

During any major event or crisis, socially engineered attacks and phishing will increase. Human engineering means using any lever to make it a little bit easier for targets to click on a link.

We’re seeing targeted email attacks taking advantage of this. Some will likely use tactics such as attachments named “attached is your Work At Home Allowance Voucher,” spoofed corporate guidelines, or HR documents.

Sadly, we expect hospitals and local governments will see increased targeting by ransomware due the expectation that payouts are likelier during an emergency.

But Hang On – It Is Not All Bad News

The good news is that none of these attacks are  new and we already have playbooks to defend against them. Give a reminder to all staff during this period to be more wary of phishing, but don’t overly depend on user education – back it up with security technology measures. Here are a few ways to do that.

  • Give your remote workers the security and productivity tools they need to protect themselves and their non-corporate IT resources.
  • Include an enterprise managed cloud storage account for work documents so employees don’t find free versions that may not be safe.
  • Enable customers and supply chain partners, who may also be teleworking, to interact with you securely.

The post Suddenly Teleworking, Securely appeared first on .

How to Stay Safe as Online Coronavirus Scams Spread

By Trend Micro
Here, we'll take a look at several best practices for protecting kids on the Internet, and how, as a parent or guardian, you can do your part to help safeguard young users' online activities.

Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.

This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.

As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.

Here’s a quick guide to the key online threats and security tips:

Phishing for trouble

Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.

Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.

The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.

Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.

Watch out for these scams

The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:

‘Official’ updates

Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.

Coronavirus map

Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.

Corporate updates

Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.

Donations

Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.

Click here for a cure

One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.

Tax refunds

In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.

How to stay safe

The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:

  • Be cautious of any unsolicited emails/social media messages etc, even if they appear to come from a reputable organization or a known contact.
  • Don’t click through on any links/buttons in unsolicited emails, or download attachments.
  • If an email asks you for personal data, check directly with the sender rather than clicking through and entering those details.
  • Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and block malicious downloads and websites.
  • Disable macros in Office files – these are often used by hackers to run malware.

How Trend Micro can help

Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:

Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.

Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.

To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.

The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .

The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring

By Trend Micro

We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.

But what about the firms that we entrust to handle our data securely?

Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.

What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.

Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.

What happened this time?

Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.

The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.

They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).

How does it affect me?

Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.

However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.

Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.

What should I do next?

This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.

Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?

Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.

Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:

Step 1: Dark web monitoring works

To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.

This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.

Step 2: Password protection

Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.

This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.

Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:

  • Be wary of any unsolicited email, even if it appears to come from a reputable vendor
  • Don’t click on links in unsolicited emails, or download attachments
  • If an email asks you for personal data, check directly with the source, rather than clicking through/replying
  • Invest in AV with anti-phishing from a trusted vendor, for all desktop and mobile devices
  • Ensure all operating systems and applications are on the latest version.

How Trend Micro can help

Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:

Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.

Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.

Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.

Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.

In the end, only you can guard your identity credentials with vigilance.

The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .

COVID-19: How Do I Work from Home Securely?

By Trend Micro

The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.

This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.

This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.

With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.

The main threats

Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.

If you click through on a malicious link, the next stage of the attack could:

  • Take you to a convincing-looking log-in page (e.g., for Microsoft Outlook, Office 365, or any popular cloud apps) where your username and password could be harvested by hackers. With these, they have a foothold in the organization which could provide the foundation for a serious information-stealing attack.
  • Covertly initiate a malware download. This malware could exploit unpatched vulnerabilities on your computer to infect not just your machine but the entire corporate network it’s connected to, with ransomware, cryptojacking malware, banking trojans, information-stealing threats, and much more.

Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.

Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.

Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.

Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.

What are the hackers after?

Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.

By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.

Working safely at home

With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.

Consider the following:

  • User awareness exercises to improve the ability of home workers to spot phishing attacks.
  • Ensure all home workers are outfitted with anti-malware for any devices used for work. Trend Micro Maximum Security is an excellent place to start for PCs and Macs, while Trend Micro Mobile Security can help secure Android and Mobile devices.
  • Require strong, unique passwords for all accounts, stored in a password manager, such as Trend Micro Password Manager.
  • Enhance the above by switching on two-factor authentication for all enterprise accounts that have it (including any cloud platforms).
  • Always use a VPN for communication between home and corporate networks.
  • Ensure staff have a clear route to report any security incidents.
  • Switch on automatic updates for all home computer systems (operating systems and software).
  • Ensure smart home devices are on latest software version and have strong passwords or 2FA.
  • Use a network security solution like Trend Micro Home Network Security to secure your home network. It not only provides a secure baseline for working at home, with its web and content threat protections; you can block your kids’ use of the internet and YouTube while you’re having conference calls or doing other bandwidth-intensive work on the remotely-accessed corporate network.
  • Tightly enforce endpoint security policies: if possible, only allow work devices to connect to the corporate network, and/or employee devices that have been previously scanned for threats.

We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.

The post COVID-19: How Do I Work from Home Securely? appeared first on .

The AWS Service to Focus On – Amazon EC2

By Trend Micro
cloud services

If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.

We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!

Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.

While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?

Introducing Rules

If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.

It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?

We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.

What is the Rule?

A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.

Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.

Amazon EC2 Best Practices and Rules

Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:

  1. To ensure Security, ensure IAM users and roles are used and management policies are established for access policies.
  2. For managing Storage, keep EBS volumes separate for operating systems and data, and check that the Amazon EC2 instances provisioned outside of the AWS Auto Scaling Groups (ASGs) have Termination Protection safety feature enabled to protect your instances from being accidentally terminated.
  3. For efficient Resource Management, utilize custom tags to track and identify resources, and keep on top of your stated Amazon EC2 limits.
  4. For full confident Backup and Recovery, regularly test the process of recovering instances and EBS volumes should they fail, and create and use approved AMIs for easier and consistent future instance deployment.

See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.

Stay Safe!

The post The AWS Service to Focus On – Amazon EC2 appeared first on .

Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity

By Wendy Moore

The global public cloud services market is on track to grow 17% this year, topping $266 billion. These are impressive figures, and whatever Covid-19 may do short-term to the macro-economy, they’re a sign of where the world is heading. But while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” That is, hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters.

Whilst helping to drive agility, differentiation and growth, this new reality also creates cyber risk. As IT leaders try to chart a course for success, they’re crying out for a more holistic, simpler way to manage hybrid cloud security.

Cloud for everyone

Organizations are understandably keen to embrace cloud platforms. Who wouldn’t want to empower employees to be more productive and DevOps to deliver agile, customer-centric services? But digital transformation comes with its own set of challenges. Migration often happens at different rates throughout an organization. That makes it hard to gain unified visibility across the enterprise and manage security policies in a consistent manner — especially when different business units and departments are making siloed decisions. An estimated 85% of organizations are now using multiple clouds, and 76% are using between two and 15 hybrid clouds.

To help manage this complexity, organisations are embracing containers and serverless architectures to develop new applications more efficiently. However, the DevOps teams using these technologies are focused primarily on time-to-market, sometimes at the expense of security. Their use of third-party code is a classic example: potentially exposing the organization to buggy or even malware-laden code.

A shared responsibility

The question is, how to mitigate these risks in a way that respects the Shared Responsibility model of cloud security, but in a consistent manner across the organization? It’s a problem exacerbated by two further concerns.

First, security needs to be embedded in the DevOps process to ensure that the applications delivered are secure, but not in a way that threatens the productivity of teams. They need to be able to use the tools and platforms they want to, but in a way that doesn’t expose the organization to unnecessary extra risk. Second, cloud complexity can often lead to human error: misconfigurations of cloud services that threaten to expose highly regulated customer and corporate data to possible attacks. The Capital One data breach, which affected an estimated 100 million consumers, was caused partly by a misconfigured Web Application Firewall.

Simplifying security

Fortunately, organizations are becoming more mature in their cloud security efforts. We see customers that started off tackling cyber risk with multiple security tools across the enterprise, but in time developed an operational excellence model. By launching what amount to cloud centers of excellence, they’re showing that security policies and processes can be standardized and rolled out in a repeatable way across the organization to good effect.

But what of the tools security teams are using to achieve this? Unfortunately, in too many cases they’re relying on fragmented, point products which add cost, further complexity and dangerous security gaps to the mix. It doesn’t have to be like this.

Cloud One from Trend Micro brings together workload security, container security, application security, network security, file storage security and cloud security posture management (CSPM). The latter, Cloud One – Conformity offers a simple, automated way to spot and fix misconfigurations and enhance security compliance and governance in the cloud.

Whatever stage of maturity you are at with your cloud journey, Cloud One offers simple, automated protection from a single console. It’s simply the way cloud security needs to be.

The post Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity appeared first on .

NCSA Small Business Webinar Series

By William "Bill" Malik (CISA VP Infrastructure Strategies)
virus

Working from home? How do you keep your employees cyber-safe and cyber-secure? How do you protect your reputation, profit, and cash flow when you depend on your IT infrastructure as never before?

The National Cyber Security Alliance is hosting a series of webinars for small business owners, and we’re proud to support this effort with guest speakers to share our threat intelligence and security expertise.

The topics will help small companies deal with the challenges of COVID-19. The agenda is at https://staysafeonline.org/event_category/cybersecure-my-business/.

Here’s a quick overview of each session and why it might benefit your organization to tune in.

Telework Cybersecurity Best Practices – April 7: Many small business owners rely on face-to-face meetings with their teams. But, social distancing and work-from-home directives interrupt that way of doing things. In this session, we’ll discuss how to adjust your business to deal with a remote workforce. For some managers, not seeing every member of the team can be unsettling. We’ll talk about ways to overcome that barrier. For many organizations, using remote tools can put an extra burden on your IT gear and staff. We’ll talk about alternatives to lighten that load. And for most organizations, the new way of working can expose new and different information security vulnerabilities. We’ll offer some good practices to reduce your exposure.

Guest speakers from Trend Micro will be Greg Young and Ed Cabrera.

Spring has Sprung! Time for a Digital Spring Cleaning – April 14: One way to cut down on IT resource use is to get rid of unnecessary stuff. This webcast will suggest tactics to reduce the burden on your infrastructure. You will learn about cleaning up your storage, getting off unnecessary email lists, improving your – and your customers’ – privacy, and lowering your attack profile by getting rid of stale applications and services.

E-Commerce Security During COVID-19 – April 21, 2020: Businesses that rely on foot traffic are pivoting to on-line offerings. Restaurants support demand with delivery or curbside pick-up, which both put a strain on your IT resources. Unfortunately, the bad guys are exploiting weaknesses in on-line ordering and payment systems. We’ll talk about measures small businesses should consider to protect their reputation, cash flow, and profits during this transition.

Guest speakers from Trend Micro will be myself and Mitchel Chang.

How to Avoid COVID-19 Scams – May 5, 2020: Bad guys are trying to make money off Covid-19 worries. In this session, Lesley Fair, a Senior Attorney with the Bureau of Consumer Protection at the Federal Trade Commission talks about different kinds of scams and what to do about them, hopefully before anyone gets conned, and what steps you can take if you think you might have gotten stung. Ths session will be repeated on May 26.

Guest speakers from Trend Micro will be myself and Jon Clay.

What Are Phishing, Vishing and Smishing? How Can I Protect My Small Business From These Threats? – May 12, 2020: This session will discuss attacks that can arrive through email, messages, and video chats. Small businesses are targets as well as big firms and the public at large – the bad guys are going anywhere they can to make a (dishonest) buck. You’ll help your employees and customers protect themselves with some good advice, practices, and tools.

Mitchel Chang will be a guest panelist.

How to Avoid COVID-19 Scams – May 26, 2020: A second session of the May 5 discussion. This time Jon Clay and Myla Pilao will be guest speakers from Trend Micro.

Telework Cybersecurity Best Practices – June 9, 2020: A second session of the April 7 event. Greg and Ed will give a repeat performance attendees.

Each session starts at 2:00 PM Eastern time. NCSA will record each session, but you should register to listen in and ask questions live. While the information is tuned to meet the needs of small businesses, individuals at larger organizations, and the general public, will find good ideas and helpful hints an tips to stay safe and cope with this challenging time. We hope to see you soon.

What do you think? Let me know in the comments below or @WilliamMalikTM

The post NCSA Small Business Webinar Series appeared first on .

CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)

By NJ Ouchn
There is no shortage of potential threats to your digital security. In fact, the number

Principles of a Cloud Migration – From Step One to Done

By Jason Dablow
cloud

Boiling the ocean with the subject, sous-vide deliciousness with the content.

Cloud Migrations are happening every day.  Analysts predict over 75% of mid-large enterprises will migrate a workload to the cloud by 2021 – but how can you make sure your workload is successful? There are not just factors with IT teams, operations, and security, but also with business leaders, finance, and many other organizations of your business. In this multi-part series, I’ll explore best practices, forward thinking, and use cases around creating a successful cloud migration from multiple perspectives.  Whether you’re a builder in the cloud or an executive overseeing the transformation, you’ll learn from my firsthand experience and knowledge on how to bring value into your cloud migration project.

Here are just a few advantages of a cloud migration:

  • Technology benefits like scalability, high availability, simplified infrastructure maintenance, and an environment compliant with many industry certifications
  • The ability to switch from a CapEx to an OpEx model
  • Leaving the cost of a data center behind

While there can certainly be several perils associated with your move, with careful planning and a company focus, you can make your first step into cloud a successful one.  And the focus of a company is an important step to understand. The business needs to adopt the same agility that the cloud provides by continuing to learn, grow, and adapt to this new environment. The Phoenix Project and the Unicorn Project are excellent examples that show the need and the steps for a successful business transformation.

To start us off, let’s take a look at some security concepts that will help you secure your journey into this new world. My webinar on Principles to Make Your Cloud Migration Journey Secure is a great place to start: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html

The post Principles of a Cloud Migration – From Step One to Done appeared first on .

Cloud Transformation Is The Biggest Opportunity To Fix Security

By Greg Young (Vice President for Cybersecurity)

This overview builds on the recent report from Trend Micro Research on cloud-specific security gaps, which can be found here.

Don’t be cloud-weary. Hear us out.

Recently, a major tipping point was reached in the IT world when more than half of new IT spending was on cloud over non- cloud. So rather than being the exception, cloud-based operations have become the rule.

However, too many security solutions and vendors still treat the cloud like an exception – or at least not as a primary use case. The approach remains “and cloud” rather than “cloud and.”

Attackers have made this transition. Criminals know that business security is generally behind the curve with its approach to the cloud and take advantage of the lack of security experience surrounding new cloud environments. This leads to ransomware, cryptocurrency mining and data exfiltration attacks targeting cloud environments, to name a few.

Why Cloud?

There are many reasons why companies transition to the cloud. Lower costs, improved efficiencies and faster time to market are some of the primary benefits touted by cloud providers.

These benefits come with common misconceptions. While efficiency and time to market can be greatly improved by transitioning to the cloud, this is not done overnight. It can take years to move complete data centers and operational applications to the cloud. The benefits won’t be fully realized till the majority of functional data has been transitioned.

Misconfiguration at the User Level is the Biggest Security Risk in the Cloud

Cloud providers have built in security measures that leave many system administrators, IT directors and CTOs feeling content with the security of their data. We’ve heard it many times – “My cloud provider takes care of security, why would I need to do anything additional?”

This way of thinking ignores the shared responsibility model for security in the cloud. While cloud providers secure the platform as a whole, companies are responsible for the security of their data hosted in those platforms.

Misunderstanding the shared responsibility model leads to the No. 1 security risk associated with the cloud: Misconfiguration.

You may be thinking, “But what about ransomware and cryptomining and exploits?” Other attack types are primarily possible when one of the 3 misconfigurations below are present.

You can forget about all the worst-case, overly complex attacks: Misconfigurations are the greatest risk and should be the No. 1 concern. These misconfigurations are in 3 categories:

  1. Misconfiguration of the native cloud environment
  2. Not securing equally across multi-cloud environments (i.e. different brands of cloud service providers)
  3. Not securing equally to your on-premises (non-cloud) data centers

How Big is The Misconfiguration Problem?

Trend Micro Cloud One™ – Conformity identifies an average of 230 million misconfigurations per day.

To further understand the state of cloud misconfigurations, Trend Micro Research recently investigated cloud-specific cyber attacks. The report found a large number of websites partially hosted in world-writable cloud-based storage systems. Despite these environments being secure by default, settings can be manually changed to allow more access than actually needed.

These misconfigurations are typically put in place without knowing the potential consequences. But once in place, it is simple to scan the internet to find this type of misconfiguration, and criminals are exploiting them for profit.

Why Do Misconfigurations Happen?

The risk of misconfigurations may seem obvious in theory, but in practice, overloaded IT teams are often simply trying to streamline workflows to make internal processes easier. So, settings are changed to give read and/or write access to anyone in the organization with the necessary credentials. What is not realized is that this level of exposure can be found and exploited by criminals.

We expect this trend will increase in 2020, as more cloud-based services and applications gain popularity with companies using a DevOps workflow. Teams are likely to misconfigure more cloud-based applications, unintentionally exposing corporate data to the internet – and to criminals.

Our prediction is that through 2025, more than 75% of successful attacks on cloud environments will be caused by missing or misconfigured security by cloud customers rather than cloud providers.

How to Protect Against Misconfiguration

Nearly all data breaches involving cloud services have been caused by misconfigurations. This is easily preventable with some basic cyber hygiene and regular monitoring of your configurations.

Your data and applications in the cloud are only as secure as you make them. There are enough tools available today to make your cloud environment – and the majority of your IT spend – at least as secure as your non-cloud legacy systems.

You can secure your cloud data and applications today, especially knowing that attackers are already cloud-aware and delivering vulnerabilities as a service. Here are a few best practices for securing your cloud environment:

  • Employ the principle of least privilege: Access is only given to users who need it, rather than leaving permissions open to anyone.
  • Understand your part of the Shared Responsibility Model: While cloud service providers have built in security, the companies using their services are responsible for securing their data.
  • Monitor your cloud infrastructure for misconfigured and exposed systems: Tools are available to identify misconfigurations and exposures in your cloud environments.
  • Educate your DevOps teams about security: Security should be built in to the DevOps process.

To read the complete Trend Micro Research report, please visit: https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security.

For additional information on Trend Micro’s approach to cloud security, click here: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html.

The post Cloud Transformation Is The Biggest Opportunity To Fix Security appeared first on .

Cloud Native Application Development Enables New Levels of Security Visibility and Control

By Trend Micro

We are in unique times and it’s important to support each other through unique ways. Snyk is providing a community effort to make a difference through AllTheTalks.online, and Trend Micro is proud to be a sponsor of their virtual fundraiser and tech conference.

In today’s threat landscape new cloud technologies can pose a significant risk. Applying traditional security techniques not designed for cloud platforms can restrict the high-volume release cycles of cloud-based applications and impact business and customer goals for digital transformation.

When organizations are moving to the cloud, security can be seen as an obstacle. Often, the focus is on replicating security controls used in existing environments, however, the cloud actually enables new levels of visibility and controls that weren’t possible before.

With today’s increased attention on cyber threats, cloud vulnerabilities provide an opportunistic climate for novice and expert hackers alike as a result of dependencies on modern application development tools, and lack of awareness of security gaps in build pipelines and deployment environments.

Public clouds are capable of auditing API calls to the cloud management layer. This gives in-depth visibility into every action taken in your account, making it easy to audit exactly what’s happening, investigate and search for known and unknown attacks and see who did what to identify unusual behavior.

Join Mike Milner, Global Director of Application Security Technology at Trend Micro on Wednesday April 15, at 11:45am EST to learn how to Use Observability for Security and Audit. This is a short but important session where we will discuss the tools to help build your own application audit system for today’s digital transformation. We’ll look at ways of extending this level of visibility to your applications and APIs, such as using new capabilities offered by cloud providers for network mirroring, storage and massive data handling.

Register for a good cause and learn more at https://www.allthetalks.org/.

The post Cloud Native Application Development Enables New Levels of Security Visibility and Control appeared first on .

What do serverless compute platforms mean for security?

By Trend Micro

By Kyle Klassen Product Manager – Cloud Native Application Security at Trend Micro

Containers provide many great benefits to organizations – they’re lightweight, flexible, add consistency across different environments and scale easily.

One of the characteristics of containers is that they run in dedicated namespaces with isolated resource requirements. General purpose OS’s deployed to run containers might be viewed as overkill since many of their features and interfaces aren’t needed.

A key tenant in the cybersecurity doctrine is to harden platforms by exposing only the fewest number of interfaces and applying the tightest configurations required to run only the required operations.

Developers deploying containers to restricted platforms or “serverless” containers to the likes of AWS Fargate for example, should think about security differently – by looking upward, looking left and also looking all-around your cloud domain for opportunities to properly security your cloud native applications. Oh, and don’t forget to look outside. Let me explain…

Looking Upward

As infrastructure, OS, container orchestration and runtimes become the domain of the cloud provider, the user’s primary responsibility becomes securing the containers and applications themselves. This is where Trend Micro Cloud One™, a security services platform for cloud builders, can help Dev and Ops teams better implement build pipeline and runtime security requirements.  Cloud One – Application Security embeds a security library within the application itself to provide defense against web application attacks and to detect malicious activity.

One of the greatest benefits of this technology is that once an application is secured in this manner, it can be deployed anywhere and the protection comes along for the ride. Users can be confident their applications are secure whether deployed in a container on traditional hosts, into EKS on AWS Bottlerocket, serverless on AWS Fargate, or even as an AWS Lambda function!

Looking Left

It’s great that cloud providers are taking security seriously and providing increasingly secure environments within which to deploy your containers. But you need to make sure your containers themselves are not introducing security risks. This can be accomplished with container image scanning to identify security issues before these images ever make it to the production environment.

Enter Deep Security Smart Check – Container Image Scanning part of the Cloud One offering. Scans must be able to detect more than just vulnerabilities. Developer reliance on code re-use, public images, and 3rd party contributions mean that malware injection into private images is a real concern. Sensitive objects like secrets, keys and certificates must be found and removed and assurance against regulatory requirements like PCI, HIPAA or NIST should be a requirement before a container image is allowed to run.

Looking All-Around

Imagine taking the effort to ensure your applications, containers and functions are built securely, comply with strict security regulations and are deployed into container optimized cloud environments only to find out that you’ve still become a victim of an attack! How could this be? Well, one common oversight is recognizing the importance of disciplined configuration and management of the cloud resources themselves – you can’t assume they’re secure just because they’re working.

But, making sure your cloud services are secure can be a daunting task – likely comprised of dozens of cloud services, each with as many configuration options – these environments are complex. Cloud One – Conformity is your cloud security companion and gives you assurance that any hidden security issues with your cloud configurations are detected and prioritized. Disabled security options, weak keys, open permissions, encryption options, high-risk exposures and many, many more best practice security rules make it easy to conform to security best practices and get the most from your cloud provider services.

Look Outside

All done? Not quite. You also need to think about how the business workflows of your cloud applications ingest files (or malware?).  Cloud storage like S3 Buckets are often used to accept files from external customers and partners.  Blindly accepting uploads and pulling them into your workflows is an open door for attack.

Cloud One – File Storage Security incorporates Trend Micro’s best-in-class malware detection technology to identify and remove files infected with malware. As a cloud native application itself, the service deploys easily with deployment templates and runs as a ‘set and forget’ service – automatically scanning new files of any type, any size and automatically removing malware so you can be confident that all of your downstream workflows are protected.

It’s still about Shared Responsibility

Cloud providers will continue to offer security features for deploying cloud native applications – and you should embrace all of this capability.  However, you can’t assume your cloud environment is optimally secure without validating your configurations. And once you have a secure environment, you need to secure all of the components within your control – your functions, applications, containers and workflows. With this practical approach, Trend Micro Cloud One™ perfectly complements your cloud services with Network Security, Workload Security, Application Security, Container Security, File Storage Security and Conformity for cloud posture management, so you can be confident that you’ve got security covered no matter which way you look.

To learn more visit Trendmicro.com/CloudOne and join our webinar on cloud native application threats https://resources.trendmicro.com/Cloud-One-Webinar-Series-Cloud-Native-Application-Threats.html

 

 

 

 

The post What do serverless compute platforms mean for security? appeared first on .

Shift Well-Architecture Left. By Extension, Security Will Follow

By Raphael Bottino, Solutions Architect

A story on how Infrastructure as Code can be your ally on Well-Architecting and securing your Cloud environment

By Raphael Bottino, Solutions Architect — first posted as a medium article
Using Infrastructure as Code(IaC for short) is the norm in the Cloud. CloudFormation, CDK, Terraform, Serverless Framework, ARM… the options are endless! And they are so many just because IaC makes total sense! It allows Architects and DevOps engineers to version the application infrastructure as much as the developers are already versioning the code. So any bad change, no matter if on the application code or infrastructure, can be easily inspected or, even better, rolled back.

For the rest of this article, let’s use CloudFormation as reference. And, if you are new to IaC, check how to create a new S3 bucket on AWS as code:

Pretty simple, right? And you can easily create as many buckets as you need using the above template (if you plan to do so, remove the BucketName line, since names are globally unique on S3!). For sure, way simpler and less prone to human error than clicking a bunch of buttons on AWS console or running commands on CLI.

Pretty simple, right? And you can easily create as many buckets as you need using the above template (if you plan to do so, remove the BucketName line, since names are globally unique on S3!). For sure, way simpler and less prone to human error than clicking a bunch of buttons on AWS console or running commands on CLI.

Well, it’s not that simple…

Although this is a functional and useful CloudFormation template, following correctly all its rules, it doesn’t follow the rules of something bigger and more important: The AWS Well-Architected Framework. This amazing tool is a set of whitepapers describing how to architect on top of AWS, from 5 different views, called Pillars: Security, Cost Optimization, Operational Excellence, Reliability and Performance Efficiency. As you can see from the pillar names, an architecture that follows it will be more secure, cheaper, easier to operate, more reliable and with better performance.

Among others, this template will generate a S3 bucket that doesn’t have encryption enabled, doesn’t enforce said encryption and doesn’t log any kind of access to it–all recommended by the Well-Architected Framework. Even worse, these misconfigurations are really hard to catch in production and not visibly alerted by AWS. Even the great security tools provided by them such as Trusted Advisor or Security Hub won’t give an easy-to-spot list of buckets with those misconfigurations. Not for nothing Gartner states that 95% of cloud security failures will be the customer’s fault¹.

The DevOps movement brought to the masses a methodology of failing fast, which is not exactly compatible with the above scenario where a failure many times is just found out whenever unencrypted data is leaked or the access log is required. The question is, then, how to improve it? Spoiler alert: the answer lies on the IaC itself 🙂

Shifting Left

Even before making sure a CloudFormation template is following AWS’ own best practices, the first obvious requirement is to make sure that the template is valid. A fantastic open-source tool called cfn-lint is made available by AWS on GitHub² and can be easily adopted on any CI/CD pipeline, failing the build if the template is not valid, saving precious time. To shorten the feedback loop even further and fail even faster, the same tool can be adopted on the developer IDE³ as an extension so the template can be validated as it is coded. Pretty cool, right? But it still doesn’t help us with the misconfiguration problem that we created with that really simple template in the beginning of this post.

Conformity⁴ provides, among other capabilities, an API endpoint to scan CloudFormation templates against the Well-Architected Framework, and that’s exactly how I know that template is not adhering to its best practices. This API can be implemented on your pipeline, just like the cfn-lint. However, I wanted to move this check further left, just like the cfn-lint extension I mentioned before.

The Cloud Conformity Template Scanner Extension

With that challenge in mind, but also with the need for scanning my templates for misconfigurations fast myself, I came up with a Visual Studio Code extension that, leveraging Conformity’s API, allows the developer to scan the template as it is coded. The Extension can be found here⁵ or searching for “Conformity” on your IDE.

After installing it, scanning a template is as easy as running a command on VS Code. Below it is running for our template example:

This tool allows anyone to shift misconfiguration and compliance checking as left as possible, right on developers’ hands. To use the extension, you’ll need a Conformity API key. If you don’t have one and want to try it out, Conformity provides a 14-day free trial, no credit card required. If you like it but feels that this time period is not enough for you, let me know and I’ll try to make it available to you.

But… What about my bucket template?

Oh, by the way, if you are wondering how a S3 bucket CloudFormation template looks like when following the best practices, take a look:

   
A Well-Architected bucket template

Not as simple, right? That’s exactly why this kind of tool is really powerful, allowing developers to learn as they code and organizations to fail the deployment of any resource that goes against the AWS recommendations.

References

[1] https://www.gartner.com/smarterwithgartner/why-cloud-security-is-everyones-business

[2] https://github.com/aws-cloudformation/cfn-python-lint

[3] https://marketplace.visualstudio.com/items?itemName=kddejong.vscode-cfn-lint

[4] https://www.cloudconformity.com/

[5] https://marketplace.visualstudio.com/items?itemName=raphaelbottino.cc-template-scanner

The post Shift Well-Architecture Left. By Extension, Security Will Follow appeared first on .

Why CISOs Are Demanding Detection and Response Everywhere

By Leah MacMillan

Over the past three decades, we’ve had time at Trend Micro to observe the industry trends that have the biggest impact on our customers. And one of the big things we’ve seen is that threats move largely in tandem with changes to IT infrastructure. This matters today because most organizations are transforming the way they run and manage their infrastructure—a daunting task on its own.

But with digital transformation also comes an expanded corporate attack surface, driving security leaders to demand enhanced visibility, detection & response across the entire enterprise — this is not just about the endpoint.

Transforming business

Over the past five years, there has been a major shift in the way IT infrastructure is delivered, and with that shift, increasing complexity. A big part of this change has been the use of the cloud, reflected in Gartner’s prediction that the market will grow to over $266 billion in 2020. Organizations everywhere are leveraging the cloud and DevOps to rapidly deliver new and differentiated applications and services for their customers, partners and employees. And the use of containers and microservices across a multi-cloud and hybrid environment is increasingly common.

In addition to leveraging public cloud services like IaaS, organizations are also rapidly adopting SaaS applications like Office 365, and expanding their use of mobile and collaborative applications to support remote working. Some are even arguing that working patterns may never be the same again, following the changes forced on many employers by the Covid-19 pandemic.

Combine these changes with networks that continue to extend to include branch offices and add new areas to protect like operational technology including industrial systems, and we can certainly see that the challenges facing the modern enterprise look nothing like they did a few years ago.

Under fire, under pressure

All of these infrastructure changes make for a broader attack surface that the bad guys can take advantage of, and they’re doing so with an increasingly wide range of tools and techniques. In the cloud there is a new class of vulnerabilities introduced through a greater use of open source, containers, orchestration platforms, supply chain applications and more. For all organizations, the majority of threats still prey upon the user, arriving via email (over 90% of the 52.3 billion we blocked in 2019), and they’re no longer just basic phishing attempts. There’s been an uptick in fileless events designed to bypass traditional security filters (we blocked 1.4 million last year). And Business Email Compromise (BEC) and ransomware continue to evolve, the latter causing major outages across local government, healthcare and other vulnerable sectors.

Organizations are often left flat-footed because they don’t have the in-house skills to secure a rapidly evolving IT environment. Mistakes get made, and configuration errors can allow the hackers to sneak in.

Against this backdrop, CISOs need visibility, detection and response capabilities across the extended enterprise. But in too many cases, teams are struggling because they have:

  • Too many security tools, in silos. Security leaders want to consolidate the 10, 20 or even 50+ security technologies currently in use across their organizations. And ideally, they need capabilities that work seamlessly together, sharing threat intelligence across security layers, and delivering a fully connected threat defense.
  • Too few people. Global cybersecurity skills shortages have now exceeded four million, with existing teams often overwhelmed by alerts, allowing serious threats to fly under the radar
  • Increased compliance pressures. CISOs are under pressure to comply with a number of regulations, and the impacts of non-compliance are increasingly strict. While newer, more demanding compliance requirements like GDPR and the California Consumer Privacy Act aim to protect data, they also present operational challenges for cloud teams with complex, manual and time consuming audits. Not to mention new regulations have teeth, with fines that can have a serious impact on the bottom line.  For example, as of March 2020, 227 GDPR fines had been levied, totalling over 466 million euros.

Beyond the endpoint

While endpoint detection and response (EDR) has become a popular response to some of these problems over recent years, the reality is that cyber-attacks are rarely straightforward and limited to the endpoint (as noted in the email statistic above). Security teams actually need visibility, detection, and response across the entire IT environment, so they can better contextualize and deal with threats.

This is what Trend Micro XDR offers. It provides visibility across not just endpoints but also email, servers, cloud workloads and networks, applying AI and expert security analytics to correlate and identify potential threats. The result is fewer, higher fidelity alerts for stretched IT security teams to deal with. Recognizing the skills shortage reality, we also offer a managed XDR service that augments in-house SOC activities with the power of Trend Micro security experts.

Detection and response is too important to be limited to the endpoint. Today’s CISOs need visibility, detection, and response everywhere.

The post Why CISOs Are Demanding Detection and Response Everywhere appeared first on .

5 reasons to move your endpoint security to the cloud now

By Chris Taylor

As the world has adopts work from home initiatives, we’ve seen many organizations accelerate their plans to move from on-premises endpoint security and Detection and Response (EDR/XDR) solutions to Software as a Service versions. And several customers who switched to the SaaS version last year, recently wrote us to tell how glad to have done so as they transitioned to working remote. Here are 5 reasons to consider moving to a cloud managed solution:

 

  1. No internal infrastructure management = less risk

If you haven’t found the time to update your endpoint security software and are one or two versions behind, you are putting your organization at risk of attack. Older versions do not have the same level of protection against ransomware and file-less attacks. Just as the threats are always evolving, the same is true for the technology built to protect against them.

With Apex One as a Service, you always have the latest version. There are no software patches to apply or Apex One servers to manage – we take care of it for you. If you are working remote, this is one less task to worry about and less servers in your environment which might need your attention.

  1. High availability, reliability

With redundant processes and continuous service monitoring, Apex One as a Services delivers the uptime you need with 99.9% availability. The operations team also proactively monitors for potential issues on your endpoints and with your prior approval, can fix minor issues with an endpoint agent before they need your attention.

  1. Faster Detection and Response (EDR/XDR)

By transferring endpoint telemetry to a cloud data lake, detection and response activities like investigations and sweeping can be processed much faster. For example, creating a root cause analysis diagram in cloud takes a fraction of the time since the data is readily available and can be quickly processed with the compute power of the cloud.

  1. Increased MITRE mapping

The unmatched power of cloud computing also enables analytics across a high volume of events and telemetry to identify a suspicious series of activities. This allows for innovative detection methods but also additional mapping of techniques and tactics to the MITRE framework.  Building the equivalent compute power in an on- premises architecture would be cost prohibitive.

  1. XDR – Combined Endpoint + Email Detection and Response

According to Verizon, 94% of malware incidents start with email.  When an endpoint incident occurs, chances are it came from an email message and you want to know what other users have messages with the same email or email attachment in their inbox? You can ask your email admin to run these searches for you which takes time and coordination. As Forrester recognized in the recently published report: The Forrester Wave™ Enterprise Detection and Response, Q1 2020:

“Trend Micro delivers XDR functionality that can be impactful today. Phishing may be the single most effective way for an adversary to deliver targeted payloads deep into an infrastructure. Trend Micro recognized this and made its first entrance into XDR by integrating Microsoft office 365 and Google G suite management capabilities into its EDR workflows.”

This XDR capability is available today by combining alerts, logs and activity data of Apex One as a Service and Trend Micro Cloud App Security. Endpoint data is linked with Office 365 or G Suite email information from Cloud App Security to quickly assess the email impact without having to use another tool or coordinate with other groups.

Moving endpoint protection and detection and response to the cloud, has enormous savings in customer time while increasing their protection and capabilities. If you are licensed with our Smart Protection Suites, you already have access to Apex One as a Service and our support team is ready to help you with your migration. If you are an older suite, talk to your Trend Micro sales rep about moving to a license which includes SaaS.

 

The post 5 reasons to move your endpoint security to the cloud now appeared first on .

Principles of a Cloud Migration – Security, The W5H

By Jason Dablow
cloud

Whosawhatsit?! –  WHO is responsible for this anyways?

For as long as cloud providers have been in business, we’ve been discussing the Shared Responsibility Model when it comes to customer operation teams. It defines the different aspects of control, and with that control, comes the need to secure, manage, and maintain.

While I often make an assumption that everyone is already familiar with this model, let’s highlight some of the requirements as well as go a bit deeper into your organization’s layout for responsibility.

During your cloud migration, you’ll no doubt come across a variety of cloud services that fits into each of these configurations. From running cloud instances (IaaS) to cloud storage (SaaS), there’s a need to apply operational oversight (including security) to each of these based on your level of control of the service.  For example, in a cloud instance, since you’re still responsible for the Operating System and Applications, you’ll still need a patch management process in place, whereas with file object storage in the cloud, only oversight of permissions and data management is required. I think Mark Nunnikhoven does a great job in going into greater detail of the model here: https://blog.trendmicro.com/the-shared-responsibility-model/.

shared responsibility model

I’d like to zero in on some of the other “WHO”s that should be involved in security of your cloud migration.

InfoSec – I think this is the obvious mention here. Responsible for all information security within an organization. Since your cloud migration is working with “information”, InfoSec needs to be involved with how they get access to monitoring the security and risk associated to an organization. 

Cloud Architect – Another no-brainer in my eyes but worth a mention; if you’re not building a secure framework with a look beyond a “lift-and-shift” initial migration, you’ll be doomed with archaic principles leftover from the old way of doing things. An agile platform built for automating every operation including security should be the focus to achieving success.

IT / Cloud Ops – This may be the same or different teams. As more and more resources move to the cloud, an IT team will have less responsibilities for the physical infrastructure since it’s now operated by a cloud provider. They will need to go through a “migration” themselves to learn new skills to operate and secure a hybrid environment. This adaptation of new skills needs to be lead by…

Leadership – Yes, leadership plays an important role in operations and security even if they aren’t part of the CIO / CISO / COO branch. While I’m going to cringe while I type it, business transformation is a necessary step as you move along your cloud migration journey. The acceleration that the cloud provides can not be stifled by legacy operation and security ideologies. Every piece of the business needs to be involved in accelerating the value you’re delivering your customer base by implementing the agile processes including automation into the operations and security of your cloud.

With all of your key players focused on a successful cloud migration, regardless of what stage you’re in, you’ll reach the ultimate stage: the reinvention of your business where operational and security automation drives the acceleration of value delivered to your customers.

This blog is part of a multi-part series dealing with the principles of a successful cloud migration.  For more information, start at the first post here: https://blog.trendmicro.com/principles-of-a-cloud-migration-from-step-one-to-done/

The post Principles of a Cloud Migration – Security, The W5H appeared first on .

This Week in Security News: 5 Reasons to Move Your Endpoint Security to the Cloud Now and ICEBUCKET Group Mimics Smart TVs to Steal Ad Money

By Jon Clay (Global Threat Communications)

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 5 reasons your organization should consider moving to a cloud managed solution. Also, read about a massive online fraud operation that has been mimicking smart TVs to fool online advertisers and gain unearned profits from online ads.

 

Read on:

Letter from the CEO: A Time of Kindness and Compassion

As a global company with headquarters in Japan, Trend Micro has been exposed to COVID-19 from the very early days when it first erupted in Asia. During these difficult times, Trend Micro has also witnessed the amazing power of positivity and kindness around the world. In this blog, read more about the importance of compassion during these unprecedented times from Trend Micro’s CEO, Eva Chen.

What Do Serverless Compute Platforms Mean for Security?

Developers deploying containers to restricted platforms or “serverless” containers to the likes of AWS Fargate, for example, should think about security differently – by looking upward, looking left and also looking all-around your cloud domain for opportunities to properly security your cloud native applications. 

April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit

Microsoft released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era began, with a whopping 113 vulnerabilities. Microsoft has seen a 44% increase in the number of CVEs patched between January to April 2020 compared to the same time period in 2019, according to Trend Micro’s Zero Day Initiative – a likely result of an increasing number of researchers looking for bugs and an expanding portfolio of supported products.

5 Reasons to Move Your Endpoint Security to the Cloud Now

As the world adopts work from home initiatives, we’ve seen many organizations accelerate their plans to move from on-premises endpoint security and detection and response (EDR/XDR) solutions to SaaS versions. In this blog, learn about 5 reasons you should consider moving to a cloud managed solution.

Why Running a Privileged Container is Not a Good Idea

Containers are not, by any means, new. They have been consistently and increasingly adopted in the past few years, with security being a popular related topic. It is well-established that giving administrative powers to server users is not a good security practice. In the world of containers, we have the same paradigm. In this article, Trend Micro’s Fernando Cardoso explains why running a privileged container is a bad idea.

Why CISOs Are Demanding Detection and Response Everywhere

Over the past three decades, Trend Micro has observed the industry trends that have the biggest impact on its customers. One of the big things we’ve noticed is that threats move largely in tandem with changes to IT infrastructure. As digital transformation continues to remain a priority, it also comes with an expanded corporate attack surface, driving security leaders to demand enhanced visibility, detection and response across the entire enterprise — not just the endpoint.

Shift Well-Architecture Left. By Extension, Security Will Follow

Using Infrastructure as Code (IaC) is the norm in the cloud. From CloudFormation, CDK, Terraform, Serverless Framework and ARM, the options are nearly endless. IaC allows architects and DevOps engineers to version the application infrastructure as much as the developers are already versioning the code. So, any bad change, no matter if on the application code or infrastructure, can be easily inspected or, even better, rolled back.

Work from Home Presents a Data Security Challenge for Banks

The mass relocation of financial services employees from the office to their couch, dining table or spare room to stop the spread of the deadly novel coronavirus is a significant data security concern, according to several industry experts. In this article, learn how managers can support security efforts from Trend Micro’s Bill Malik.

Principles of a Cloud Migration – Security, The W5H

For as long as cloud providers have been in business, discussing the Shared Responsibility Model has been priority when it comes to customer operation teams. It defines the different aspects of control, and with that control, comes the need to secure, manage, and maintain. In this blog, Trend Micro highlights some of the requirements and discusses the organization’s layout for responsibility.

Coronavirus Update App Leads to Project Spy Android and iOS Spyware

Trend Micro discovered a potential cyberespionage campaign, dubbed Project Spy, that infects Android and iOS devices with spyware. Project Spy uses the COVID-19 pandemic as a lure, posing as an app called ‘Coronavirus Updates’. Trend Micro also found similarities in two older samples disguised as a Google service and, subsequently, as a music app. Trend Micro noted a small number of downloads of the app in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada and Russia.

Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems

Trend Micro has observed suspicious activities caused by adware, with common behaviors that include access to random domains with alternating consonant and vowel names, scheduled tasks, and in-memory execution via WScript that has proven to be an effective method to hide its operations. In this blog, Trend Micro walks through its analysis of three adware events linked to and named as Dealply, IsErIk and ManageX. 

ICEBUCKET Group Mimicked Smart TVs to Steal Ad Money

Cybersecurity firm and bot detection platform White Ops has discovered a massive online fraud operation that for the past few months has been mimicking smart TVs to fool online advertisers and gain unearned profits from online ads. White Ops has named this operation ICEBUCKET and has described it as “the largest case of SSAI spoofing” known to date.

Fake Messaging App Installers Promoted on Fraudulent Download Sites, Target Russian Users

Fake installers of popular messaging apps are being propagated via fraudulent download sites, as disclosed in a series of tweets by a security researcher from CronUp. Trend Micro has also encountered samples of the files. The sites and the apps are in Russian and are aiming to bait Russian users.

“Twin Flower” Campaign Jacks Up Network Traffic, Downloads Files, Steals Data

A campaign dubbed “Twin Flower” has been detected by Jinshan security researchers in a report published in Chinese and analyzed by Trend Micro. The files are believed to be downloaded unknowingly when visiting malicious sites or dropped into the system by another malware. The potentially unwanted application (PUA) PUA.Win32.BoxMini.A files are either a component or the main executable itself of a music downloader that automatically downloads music files without user consent.

Undertaking Security Challenges in Hybrid Cloud Environments

Businesses are now turning to hybrid cloud environments to make the most of the cloud’s dependability and dynamicity. The hybrid cloud gives organizations the speed and scalability of the public cloud, as well as the control and reliability of the private cloud. A 2019 Nutanix survey shows that 85% of its respondents regard the hybrid cloud as the ideal IT operating model.

How to Secure Video Conferencing Apps

What do businesses have to be wary of when it comes to their video conferencing software? Vulnerabilities, for one. Threat actors are not shy about using everything they have in their toolbox and are always on the lookout for any flaw or vulnerability they can exploit to pull off malicious attacks. In this blog, learn about securing your video conferencing apps and best practices for strengthening the security of work-from-home setups.

Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices

In the last blog of this four-part series, Trend Micro delves deeper into regular monitoring and maintenance of home network security, to ensure you’re getting the best protection that Trend Micro Home Network Security can provide your connected home.

Surprised by the ICEBUCKET operation that has described as “the largest case of SSAI spoofing” known to date? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: 5 Reasons to Move Your Endpoint Security to the Cloud Now and ICEBUCKET Group Mimics Smart TVs to Steal Ad Money appeared first on .

“We Need COBOL Programmers!” No, You Probably Don’t

By William "Bill" Malik (CISA VP Infrastructure Strategies)

Editor’s note: While this topic isn’t entirely security-specific, Trend Micro leader William Malik, has career expertise on the trending topic and shared his perspective.

——

There was a provocative report recently that the Governor of New Jersey told reporters that the state of New Jersey needed COBOL programmers. The reason was that the number of unemployment claims had spiked, and the legacy system running unemployment claims had failed. That 40-year-old system was written in COBOL, so the conclusion was that the old language had finally given out. Hiring COBOL programmers would let the State update and modernize the application to handle the increase in load.

This might be the problem, but it probably is not. Here’s why.

  1. Software doesn’t wear out, and it doesn’t rust. Any code that’s been running for 40 years is probably rock solid.
  2. Computers have a fixed amount of specific resources: processing power, memory, network capacity, disk storage. If any of these is used up, the computer cannot do any more work.
  3. When a computer application gets more load than it can handle, things back up. Here’s a link to a process that works fine until excessive load leads to a system failure. https://www.youtube.com/watch?v=NkQ58I53mjk Trigger warning – this may be unsettling to people working on assembly lines, or on diets.
  4. Adding more resources must fit the machine architecture proportionately.
  5. Incidentally, throwing a bunch of people at an IT problem usually makes things worse.

From these points, we learn the following lessons.

Software Doesn’t Wear Out

Logic is indelible. A computer program is deterministic. It will do exactly what you tell it to do, even if what you tell it to do isn’t precisely what you meant it to do. Code never misbehaves – but your instructions may be incorrect. That’s why debugging is such a hard problem.

Incidentally, that’s also why good developers usually make lousy testers. The developer focuses her mind on one thing – getting a bunch of silicon to behave. The tester looks for faults, examines edge conditions, limit conditions, and odd configurations of inputs and infrastructure to see how things break. The two mindsets are antithetical.

Once a piece of software has been in production long enough, the mainline paths are usually defect free. In fact, the rest of the code may be a hot mess, but that stuff doesn’t get executed so those defects are latent and do not impact normal processing. Ed Adams published a report in 1984 titled “Optimizing Preventative Service for Software Products” (https://ieeexplore.ieee.org/document/5390362, originally published in the IBM Journal of Research and Development, v 28, n 1). He concluded that once a product has been in production for a sufficient time, it was safer to leave it alone. Installing preventative maintenance was likely to disrupt the system. Most IT organizations know this, having learned the hard way. “If it ain’t broke, don’t fix it” is the mantra for this wisdom.

As a corollary, new software has a certain defect rate. Fixes to that software typically have a defect rate ten times greater. So if a typical fix is large enough, you put in a new bug for every bug you take out.

Computers Are Constrained

All computers have constraints. The relative amount of resources mean some computers are better for some workloads than others. For mainframes, the typical constraint is processing power. That’s why mainframes are tuned to run at 100% utilization, or higher. (How do you get past 100% utilization? Technically, of course, you can’t. But what the measurements are showing you is how much work is ready to run, waiting for available processing power. The scale actually can go to 127%, if there’s enough work ready.)

Different types of computers have different constraints. Mainframes run near 100% utilization – the CPU is the most expensive and constrained resource. PCs on the other hand never get busy. No human can type fast enough to drive utilization above a few percent. The constrained resource on PCs is typically disk storage. That’s why different types of computers do better at different types of work. PCs are great for user interface stuff. Mainframes are perfect for chewing through a million database records. By chance we developed mainframes first; that’s not an indictment of either type, Both are useful.

Computers Can Run Out of Resources

Any IT infrastructure has a design point for load. That is, when you put together a computer you structure it to meet the likely level of demand on the system. If you over-provision it, you waste resources that will never be used. If you under-provision it, you will not meet your service level agreements. So when you begin, you must know what the customers – your users – expect in terms of response time, number of concurrent transactions, database size, growth rates, network transaction load, transaction mix, computational complexity of transaction types, and so on. If you don’t specify what your targets are for these parameters, you probably won’t get the sizing right. You will likely buy too much of one resource or not enough of another.

Note that cloud computing can help – it allows you to dynamically add additional capacity to handle peak load. However, cloud isn’t a panacea. Some workloads don’t flex that much, so you spend extra money for flexibility for a capability that you can provide more economically and efficiently if it were in-house.

Add Capacity in Balance

When I was in high school our physics teacher explained that temperature wasn’t the same as heat. He said “Heat is the result of a physical or chemical reaction. Temperature is simply the change in heat over the mass involved.” One of the kids asked (snarkily) “Then why don’t drag racers have bicycle tires on the back?” The teacher was caught off guard. The answer is that the amount of heat put into the tire is the same regardless of its size, but the temperature was related to the size of the area where the tire touched the road. A bicycle tire has only about two square inches on the pavement, a fat drag tire has 100 square inches or more. So putting the same amount of horsepower spinning the tire will cause the bicycle tire’s temperature to rise about 50 times more than the gumball’s will.

When you add capacity to a computing system, you need to balance related capacity elements or you’ll be wasting money. Doubling the processor’s power (MHz or MIPS) without proportionately increasing the memory or network capacity simply moves the constraint from one place to another. What used to be a system with a flat-out busy CPU now becomes a system that’s waiting for work with a queue at the memory, the disk drive, or the network card.

Adding Staff Makes Things Worse

Increasing any resource creates potential problems of its own, especially of the system’s underlying architecture is ignored. Fore the software development process (regardless of form) one such resource is staff. The book “The Mythical Man-Month” by Fred Brooks (https://www.barnesandnoble.com/w/the-mythical-man-month-frederick-p-brooks-jr/1126893908) discusses how things go wrong.

The core problem is adding more people require strong communications and clear goals. Too many IT projects lack both. I once was part of an organization that consulted on a complex application rewrite – forty consultants, hundreds of developers, and very little guidance. The situation degenerated rapidly when the interim project manager decided we shouldn’t waste time on documentation. A problem would surface, the PM would kick off as task force, hold a meeting, and send everybody on their way. After the meeting, people would ask what specific decisions had been reached, but since there were no minutes, nobody could be sure. That would cause the PM to schedule another meeting, and so on. Two lessons I learned concerns meetings:

  1. If you do not have agenda, you do not have a meeting.
  2. If you do not distribute minutes, you did not have a meeting.

When you add staff, you must account for the extra overhead managing the activities of each person, and establish processes to monitor changes that every participant must follow. Scrum is an excellent way of flattening potentially harmful changes. By talking face to face regularly, the team knows everything that’s going on. Omit those meetings or rely on second-hand reports and the project is already off the rails. All that remains is to see how far things go wrong before someone notices.

In Conclusion …

If you have a computer system that suddenly gets a huge spike in load, do these things first:

  1. Review the performance reports. Look at changes in average queue length, response time, transaction flight time, and any relevant service level agreements or objectives.
  2. Identify likely bottlenecks
  3. Model the impact of additional resources
  4. Apply additional resource proportionately
  5. Continue to monitor performance

If you are unable to resolve the capacity constraints with these steps, examine the programs for internal limitations:

  1. Review program documentation, specifications, service level objectives, workload models and predictions, data flow diagrams, and design documents to understand architectural and design limits
  2. Determine what resource consumption assumptions were built per transaction type, and expected transaction workload mix
  3. Verify current transaction workload mix and resource consumption per transaction type
  4. Design program extension alternatives to accommodate increased concurrent users, transactions, resource demands per transaction class
  5. Model alternative design choices, including complexity, size, and verification (QA cost)
  6. Initiate refactoring based on this analysis

Note that if you do not have (or cannot find) the relevant documentation, you will need to examine the source code. At this point, you may need to bring in a small set of experts in the programming language to recreate the relevant documentation. Handy hint: before you start working on the source code, regenerate the load modules and compare them with the production stuff to identify any patches or variance between what’s in the library and what’s actually in production.

Bringing in a bunch of people before going through this analysis will cause confusion and waste resources. While to an uninformed public it may appear that something is being done, the likelihood is that what is actually being done will have to be expensively undone before the actual core problem can be resolved. Tread lightly. Plan ahead. State your assumptions, then verify them. Have a good plan and you’ll work it out. Remember, it’s just ones and zeros.

What do you think? Let me know in the comments below, or @WilliamMalikTM.

The post “We Need COBOL Programmers!” No, You Probably Don’t appeared first on .

Trend Micro Integrates with Amazon AppFlow

By Trend Micro

The acceleration of in-house development enabled by public cloud and Software-as-a-Service (SaaS) platform adoption in the last few years has given us new levels of visibility and access to data. Putting all of that data together to generate insights and action, however, can substitute one challenge for another.

Proprietary protocols, inconsistent fields and formatting combined with interoperability and connectivity hurdles can turn the process of answering simple questions into a major undertaking. When this undertaking is a recurrent requirement then that effort can seem overwhelming.

Nowhere is this more evident than in security teams, where writing code to integrate technologies is rarely a core competency and almost never a core project, but when a compliance or security event requires explanation, finding and making sense of that data is necessary.

Amazon is changing that with the release of AppFlow. Trend Micro Cloud One is a launch partner with this new service, enabling simple data retrieval from your Cloud One dashboard to be fed into AWS services as needed.

Amazon AppFlow is an application integration service that enables you to securely transfer data between SaaS applications and AWS services in just a few clicks. With AppFlow, you can data flows between supported SaaS applications, including Trend Micro, and AWS services like Amazon S3 and Redshift, and run flows on a schedule, in response to a business event, or on demand. Data transformation capabilities, such as data masking, validation, and filtering, empower you to enrich your data as part of the flow itself without the need for post-transfer manipulation. AppFlow keeps data secure in transit and at rest with the flexibility to bring your own encryption keys.

Audit automation

Any regularly scheduled export or query of Cloud One requires data manipulation before an audit can be performed.

You may be responsible for weekly or monthly reports on the state of your security agents. To create this report today, you’ve written a script to automate the data analysis process. However, any change to the input or output requires new code to be written for your script, and you have to find somewhere to actually run the script for it to work.

As part of a compliance team, this isn’t something you really have time for and may not be your area of expertise, so it takes significant effort to create the required audit report.

Using Amazon AppFlow, you can create a private data flow between RedShift, for example, and your Cloud One environment to automatically and regularly retrieve data describing security policies into an easy to digest format that can be stored for future review. Data flows can also be scheduled so regular reports can be produced without recurring user input.

This process also improves integrity and reduces overall effort by having reports always available, rather than needing to develop them in response to a request.

This eliminates the need for custom code and the subsequent frustration from trying to automate this regularly occurring task.

Developer Enablement

Developers don’t typically have direct access to security management consoles or APIs for Cloud One or Deep Security as a Service. However, they may need to retrieve data from security agents or check the state of agents that need remediation. This requires someone from the security team to pull data for the developer each time this situation arises.

While we encourage and enable DevOps cultures working closely with security teams to automate and deploy securely, no one likes unnecessary steps in their workflow. And having to wait on the security team to export data is adding a roadblock to the development team.

Fortunately, Amazon AppFlow solves this issue as well. By setting up a flow between Deep Security as a Service and Amazon S3, the security team can enable developers to easily access the necessary information related to security agents on demand.

This provides direct access to the needed data without expanding access controls for critical security systems.

Security Remediation

Security teams focus on identifying and remediating security alerts across all their tools and multiple SaaS applications. This often leads to collaborating with other teams across the organization on application-specific issues that must be resolved. Each system and internal team has different requirements and they all take time and attention to ensure everything is running smoothly and securely.

At Trend Micro, we are security people too. We understand the need to quickly and reliably scale infrastructure without compromising its security integrity. We also know that this ideal state is often hindered by the disparate nature of the solutions on which we rely.

Integrating Amazon AppFlow with your Cloud One – Workload Security solution allows you to obtain the security status from each agent and deliver them to the relevant development or cloud team. Data from all machines and instances can be sent on demand to the Amazon S3 bucket you indicate. As an added bonus, Amazon S3 can trigger a Lambda to automate how the data is processed, so what is in the storage bucket can be immediately useful. And all of this data is secured in transit and at rest by default, so you don’t have to worry about an additional layer of security controls to maintain.

Easy and secure remediation that doesn’t slow anyone down is the goal we’re collectively working toward.

It is always our goal to help your business securely move to and operate in the cloud. Our solutions are designed to enable security teams to seamlessly integrate with a DevOps environment, removing the “roadblock” of security.

As always, we’re excited to be part of this new Amazon service, and we believe our customers can see immediate value by leveraging Amazon AppFlow with their existing Trend Micro cloud solutions.

The post Trend Micro Integrates with Amazon AppFlow appeared first on .

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

By Jason Dablow
cloud

Teaching you to be a Natural Born Pillar!

Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of security; the key principles required before your first workload moves.  The Well-Architected Framework Security Pillar will be the baseline for this article since it thoroughly explains security concepts in a best practice cloud design.

If you are not familiar with the AWS Well-Architected Framework, go google it right now. I can wait. I’m sure telling readers to leave the article they’re currently reading is a cardinal sin in marketing, but it really is important to understand just how powerful this framework is. Wait, this blog is html ready – here’s the link: https://wa.aws.amazon.com/index.en.html. It consists of five pillars that include best practice information written by architects with vast experience in each area.

Since the topic here is Security, I’ll start by giving a look into this pillar. However, I plan on writing about each and as I do, each one of the graphics above will become a link. Internet Magic!

There are seven principles as a part of the security framework, as follows:

  • Implement a strong identity foundation
  • Enable traceability
  • Apply security at all layers
  • Automate security best practices
  • Protect data in transit and at rest
  • Keep people away from data
  • Prepare for security events

Now, a lot of these principles can be solved by using native cloud services and usually these are the easiest to implement. One thing the framework does not give you is suggestions on how to set up or configure these services. While it might reference turning on multi-factor authentication as a necessary step for your identity and access management policy, it is not on by default. Same thing with file object encryption. It is there for you to use but not necessarily enabled on the ones you create.

Here is where I make a super cool (and free) recommendation on technology to accelerate your learning about these topics. We have a knowledge base with hundreds of cloud rules mapped to the Well-Architected Framework (and others!) to help accelerate your knowledge during and after your cloud migration. Let us take the use case above on multi-factor authentication. Our knowledge base article here details the four R’s: Risk, Reason, Rationale, and References on why MFA is a security best practice.

Starting with a Risk Level and detailing out why this is presents a threat to your configurations is a great way to begin prioritizing findings.  It also includes the different compliance mandates and Well-Architected pillar (obviously Security in this case) as well as descriptive links to the different frameworks to get even more details.

The reason this knowledge base rule is in place is also included. This gives you and your teams context to the rule and helps further drive your posture during your cloud migration. Sample reason is as follows for our MFA Use Case:

“As a security best practice, it is always recommended to supplement your IAM user names and passwords by requiring a one-time passcode during authentication. This method is known as AWS Multi-Factor Authentication and allows you to enable extra security for your privileged IAM users. Multi-Factor Authentication (MFA) is a simple and efficient method of verifying your IAM user identity by requiring an authentication code generated by a virtual or hardware device on top of your usual access credentials (i.e. user name and password). The MFA device signature adds an additional layer of protection on top of your existing user credentials making your AWS account virtually impossible to breach without the unique code generated by the device.”

If Reason is the “what” of the rule, Rationale is the “why” supplying you with the need for adoption.  Again, perfect for confirming your cloud migration path and strategy along the way.

“Monitoring IAM access in real-time for vulnerability assessment is essential for keeping your AWS account safe. When an IAM user has administrator-level permissions (i.e. can modify or remove any resource, access any data in your AWS environment and can use any service or component – except the Billing and Cost Management service), just as with the AWS root account user, it is mandatory to secure the IAM user login with Multi-Factor Authentication.

Implementing MFA-based authentication for your IAM users represents the best way to protect your AWS resources and services against unauthorized users or attackers, as MFA adds extra security to the authentication process by forcing IAM users to enter a unique code generated by an approved authentication device.”

Finally, all the references for each of the risk, reason, and rationale, are included at the bottom which helps provide additional clarity. You’ll also notice remediation steps, the 5th ‘R’ when applicable, which shows you how to actually the correct the problem.

All of this data is included to the community as Trend Micro continues to be a valued security research firm helping the world be safe for exchanging digital information. Explore all the rules we have available in our public knowledge base: https://www.cloudconformity.com/knowledge-base/.

This blog is part of a multi-part series dealing with the principles of a successful cloud migration.  For more information, start at the first post here: https://blog.trendmicro.com/principles-of-a-cloud-migration-from-step-one-to-done/

The post Principles of a Cloud Migration – Security, The W5H – Episode WHAT? appeared first on .

Trend Micro’s Top Ten MITRE Evaluation Considerations

By Trend Micro

The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market.

The insight garnered from these evaluations is incredibly useful.  But let’s admit, for everyone except those steeped in the analysis, it can be hard to understand. The information is valuable, but dense. There are multiple ways to look at the data and even more ways to interpret and present the results (as no doubt you’ve already come to realize after reading all the vendor blogs and industry articles!) We have been looking at the data for the past week since it published, and still have more to examine over the coming days and weeks.

The more we assess the information, the clearer the story becomes, so we wanted to share with you Trend Micro’s 10 key takeaways for our results:

1. Looking at the results of the first run of the evaluation is important:

  • Trend Micro ranked first in initial overall detection. We are the leader in detections based on initial product configurations. This evaluation enabled vendors to make product adjustments after a first run of the test to boost detection rates on a re-test. The MITRE results show the final results after all product changes. If you assess what the product could detect as originally provided, we had the best detection coverage among the pool of 21 vendors.
  • This is important to consider because product adjustments can vary in significance and may or may not be immediately available in vendors’ current product. We also believe it is easier to do better, once you know what the attacker was doing – in the real world, customers don’t get a second try against an attack.
  • Having said that, we too took advantage of the retest opportunity since it allows us to identify product improvements, but our overall detections were so high, that even removing those associated with a configuration change, we still ranked first overall.

  • And so no one thinks we are just spinning… without making any kind of exclusions to the data at all, and just taking the MITRE results in their entirety, Trend Micro had the second highest detection rate, with 91+% detection coverage.

2. There is a hierarchy in the type of main detections – Techniques is most significant

  • There is a natural hierarchy in the value of the different types of main detections.
    • A general detection indicates that something was deemed suspicious but it was not assigned to a specific tactic or technique.
    • A detection on tactic means the detection can be attributed to a tactical goal (e.g. credential access).
    • Finally, a detection on technique means the detection can be attributed to a specific adversarial action (e.g. credential dumping).
  • We have strong detection on techniques, which is a better detection measure. With the individual MITRE technique identified, the associated tactic can be determined, as typically, there are only a handful of tactics that would apply to a specific technique. When comparing results, you can see that vendors had lower tactic detections on the whole, demonstrating a general acknowledgement of where the priority should lie.
  • Likewise, the fact that we had lower general detections compared to technique detections is a positive. General detections are typically associated with a signature; as such, this proves that we have a low reliance on AV.
  • It is also important to note that we did well in telemetry which gives security analysts access to the type and depth of visibility they need when looking into detailed attacker activity across assets.


https://attackevals.mitre.org/APT29/detection-categories.html 

3. More alerts does not equal better alerting – quite the opposite

  • At first glance, some may expect one should have the same number of alerts as detections. But not all detections are created equal, and not everything should have an alert (remember, these detections are for low level attack steps, not for separate attacks.)
  • Too many alerts can lead to alert fatigue and add to the difficulty of sorting through the noise to what is most important.
  • When you consider the alerts associated with our higher-fidelity detections (e.g. detection on technique), you can see that the results show that Trend Micro did very well at reducing the noise of all of the detections into a minimal volume of meaningful/actionable alerts.

4. Managed Service detections are not exclusive

  • Our MDR analysts contributed to the “delayed detection” category. This is where the detection involved human action and may not have been initiated automatically.
  • Our results shows the strength of our MDR service as one way for detection and enrichment. If an MDR service was included in this evaluation, we believe you would want to see it provide good coverage, as it demonstrates that the team is able to detect based on the telemetry collected.
  • What is important to note though is that the numbers for the delayed detection don’t necessarily mean it was the only way a detection was/could be made; the same detection could be identified by other means. There are overlaps between detection categories.
  • Our detection coverage results would have remained strong without this human involvement – approximately 86% detection coverage (with MDR, it boosted it up to 91%).

5. Let’s not forget about the effectiveness and need for blocking!

  • This MITRE evaluation did not test for a product’s ability to block/protect from an attack, but rather exclusively looks at how effective a product is at detecting an event that has happened, so there is no measure of prevention efficacy included.
  • This is significant for Trend, as our philosophy is to block and prevent as much as you can so customers have less to clean up/mitigate.

6. We need to look through more than the Windows

  • This evaluation looked at Windows endpoints and servers only; it did not look at Linux for example, where of course Trend has a great deal of strength in capability.
  • We look forward to the expansion of the operating systems in scope. Mitre has already announced that the next round will include a linux system.

7. The evaluation shows where our product is going

  • We believe the first priority for this evaluation is the main detections (for example, detecting on techniques as discussed above). Correlation falls into the modifier detection category, which looks at what happens above and beyond an initial detection.
  • We are happy with our main detections, and see great opportunity to boost our correlation capabilities with Trend Micro XDR, which we have been investing in heavily and is at the core of the capabilities we will be delivering in product to customers as of late June 2020.
  • This evaluation did not assess our correlation across email security; so there is correlation value we can deliver to customers beyond what is represented here.

8. This evaluation is helping us make our product better

  • The insight this evaluation has provided us has been invaluable and has helped us identify areas for improvement and we have initiate product updates as a result.
  • As well, having a product with a “detection only” mode option helps augment the SOC intel, so our participation in this evaluation has enabled us to make our product even more flexible to configure; and therefore, a more powerful tool for the SOC.
  • While some vendors try to use it against us, our extra detections after config change show that we can adapt to the changing threat landscape quickly when needed.

9. MITRE is more than the evaluation

  • While the evaluation is important, it is important to recognize MITRE ATT&CK as an important knowledge base that the security industry can both align and contribute to.
  • Having a common language and framework to better explain how adversaries behave, what they are trying to do, and how they are trying to do it, makes the entire industry more powerful.
  • Among the many things we do with or around MITRE, Trend has and continues to contribute new techniques to the framework matrices and is leveraging it within our products using ATT&CK as a common language for alerts and detection descriptions, and for searching parameters.

10. It is hard not to get confused by the fud!

  • MITRE does not score, rank or provide side by side comparison of products, so unlike other tests or industry analyst reports, there is no set of “leaders” identified.
  • As this evaluation assesses multiple factors, there are many different ways to view, interpret and present the results (as we did here in this blog).
  • It is important that individual organizations understand the framework, the evaluation, and most importantly what their own priorities and needs are, as this is the only way to map the results to the individual use cases.
  • Look to your vendors to help explain the results, in the context that makes sense for you. It should be our responsibility to help educate, not exploit.

The post Trend Micro’s Top Ten MITRE Evaluation Considerations appeared first on .

Principles of a Cloud Migration – Security W5H – The When

By Jason Dablow
cloud

If you have to ask yourself when to implement security, you probably need a time machine!

Security is as important to your migration as the actual workload you are moving to the cloud. Read that again.

It is essential to be planning and integrating security at every single layer of both architecture and implementation. What I mean by that, is if you’re doing a disaster recovery migration, you need to make sure that security is ready for the infrastructure, your shiny new cloud space, as well as the operations supporting it. Will your current security tools be effective in the cloud? Will they still be able to do their task in the cloud? Do your teams have a method of gathering the same security data from the cloud? More importantly, if you’re doing an application migration to the cloud, when you actually implement security means a lot for your cost optimization as well.

NIST Planning Report 02-3

In this graph, it’s easy to see that the earlier you can find and resolve security threats, not only do you lessen the workload of infosec, but you also significantly reduce your costs of resolution. This can be achieved through a combination of tools and processes to really help empower development to take on security tasks sooner. I’ve also witnessed time and time again that there’s friction between security and application teams often resulting in Shadow IT projects and an overall lack of visibility and trust.

Start there. Start with bringing these teams together, uniting them under a common goal: Providing value to your customer base through agile secure development. Empower both teams to learn about each other’s processes while keeping the customer as your focus. This will ultimately bring more value to everyone involved.

At Trend Micro, we’ve curated a number of security resources designed for DevOps audiences through our Art of Cybersecurity campaign.  You can find it at https://www.trendmicro.com/devops/.

Also highlighted on this page is Mark Nunnikhoven’s #LetsTalkCloud series, which is a live stream series on LinkedIn and YouTube. Seasons 1 and 2 have some amazing content around security with a DevOps focus – stay tuned for Season 3 to start soon!

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html.

Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

The post Principles of a Cloud Migration – Security W5H – The When appeared first on .

Teaming up with INTERPOL to combat COVID-19 threats

By Trend Micro

If the past couple of months have taught us anything, it’s that partnerships matter in times of crisis. We’re better, stronger and more resilient when we work together. Specifically, public-private partnerships matter in cybersecurity, which is why Trend Micro is always happy to reach out across industry, academia and law enforcement to offer its expertise.

We are again delighted to be working with long-time partner INTERPOL over the coming weeks on a new awareness campaign to help businesses and remote workers stay safe from a deluge of COVID-19 threats.

The new normal

All over the world, organizations have been forced to rapidly adjust to the new normal: social distancing, government lockdowns and mass remote working. While most have responded superbly to the challenge, there’s no denying that IT security teams and remote access infrastructure are being stretched to the limit. There are understandable concerns that home workers may be more distracted, and therefore likely to click on phishing links, and that their PCs and devices may not be as well protected as corporate equivalents.

At the same time, the bad guys have also reacted quickly to take advantage of the pandemic. Phishing campaigns using COVID as a lure have surged, spoofing health authorities, government departments and corporate senders. BEC attacks try to leverage the fact that home workers may not have colleagues around to check wire transfer requests. And remote infrastructure like RDP endpoints and VPNs are being targeted by ransomware attackers — even healthcare organizations that are simultaneously trying to treat critical patients infected with the virus.

Getting the basics right

That’s why Trend Micro has been pushing out regular updates — not only on the latest scams and threats we’re picking up around the globe, but also with advice on how to secure the newly distributed workforce. Things like improved password security, 2FA for work accounts, automatic software updates, regular back-ups, remote user training, and restricted use of VPNs can all help. We’re also offering six months free use of our flagship Trend Micro Maximum Security product to home workers.

Yet there’s always more to do. Getting the message across as far and wide as possible is where organizations like INTERPOL come in. That’s why we’re delighted to be teaming up with the global policing organization to run a new public awareness campaign throughout May. It builds on highly successful previous recent campaigns we’ve collaborated on, to tackle BEC and crypto-jacking.

This time, we’ll be resharing some key resources on social media to alert users to the range of threats out there, and what businesses and home workers can do to stay safe. And we’ll help to develop infographics and other new messages on how to combat ransomware, online scams, phishing and other threats.

We’re all doing what we can during these difficult days. But if some good can come from a truly terrible event like this, then it’s that we show our strength in the face of adversity. And by following best practices, we can make life much tougher for the cybercriminals looking to profit from tragedy.

The post Teaming up with INTERPOL to combat COVID-19 threats appeared first on .

Principles of a Cloud Migration – Security W5H – The WHERE

By Jason Dablow
cloud

“Wherever I go, there I am” -Security

I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward.  It’s one of my favorite conversations to have since I’m not just talking about Trend Micro solutions and how they can help organizations be successful, but more so on how a business approaches the creation of their security policy to achieve a successful center of operational excellence.  While I will talk more about the COE (center of operational excellence) in a future blog series, I want to dive into the core of the discussion – where do we add security in the cloud?

We started discussing how to secure these new cloud native services like hosted services, serverless, container infrastructures, etc., and how to add these security strategies into their ever-evolving security policy.

Quick note: If your cloud security policy is not ever-evolving, it’s out of date. More on that later.

A colleague and friend of mine, Bryan Webster, presented a concept that traditional security models have been always been about three things: Best Practice Configuration for Access and Provisioning, Walls that Block Things, and Agents that Inspect Things.  We have relied heavily on these principles since the first computer was connected to another. I present to you this handy graphic he presented to illustrate the last two points.

But as we move to secure cloud native services, some of these are outside our walls, and some don’t allow the ability to install an agent.  So WHERE does security go now?

Actually, it’s not all that different – just how it’s deployed and implemented. Start by removing the thinking that security controls are tied to specific implementations. You don’t need an intrusion prevention wall that’s a hardware appliance much like you don’t need an agent installed to do anti-malware. There will also be a big focus on your configuration, permissions, and other best practices.  Use security benchmarks like the AWS Well-Architected, CIS, and SANS to help build an adaptable security policy that can meet the needs of the business moving forward.  You might also want to consider consolidating technologies into a cloud-centric service platform like Trend Micro Cloud One, which enables builders to protect their assets regardless of what’s being built.  Need IPS for your serverless functions or containers?  Try Cloud One Application Security!  Do you want to push security further left into your development pipeline? Take a look at Trend Micro Container Security for Pre-Runtime Container Scanning or Cloud One Conformity for helping developers scan your Infrastructure as Code.

Keep in mind – wherever you implement security, there it is. Make sure that it’s in a place to achieve the goals of your security policy using a combination of people, process, and products, all working together to make your business successful!

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html.

Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

The post Principles of a Cloud Migration – Security W5H – The WHERE appeared first on .

Securing Smart Manufacturing

By William "Bill" Malik (CISA VP Infrastructure Strategies)
IIoT

“Alexa, turn on the TV.”

”Get it yourself.”

This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.

Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.

Software development has long been a team effort. Not since the 1970s have companies sought out the exceptional talented solo developer whose code was exquisite, flawless, ineffable, undocumented, and impossible to maintain.  Now designs must be clear across the team, and testing requires close collaboration between architects, designers, developers, and production. Teams identify business requirements, then compose a solution from components sourced from publically shared libraries. These libraries may contain further dependencies on yet other third-party code of unknown provenance. Simplified testing relies on the quality of the shared libraries, but shared library routines may have latent (or intentionally hidden) defects that do not come to life until in a vulnerable production environment. Who tests GitHub? The scope of these vulnerabilities is daunting. Trend Micro just published a report, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” that surveys the Industry 4.0 attack surface.

Within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. Industrial robots provide a clear example. Industrial robots are tireless, precision machines programmed to perform exacting tasks rapidly and flawlessly. What did industry do before robots? Factories either relied on hand-built products or on non-programmable machines that had to be retooled for any change in product specifications. Hand-built technology required highly skilled machinists, who are expensive and require time to deliver. See Figure 1 for an example.

Figure 1: The cost of precision

Non-programmable robots require factory down time for retooling, a process that can take weeks. Before programmable industrial robots, automobile factories would deliver a single body style across multiple years of production. Programmable robots can produce different configurations of materials with no down time. They are used everywhere in manufacturing, warehousing, distribution centers, farming, mining, and soon guiding delivery vehicles. The supply chain is automated.

However, the supply chain is not secure. The protocols industrial robots depend on assumed the environment was isolated. One controller would govern the machines in one location. Since the connection between the controller and the managed robots was hard-wired, there was no need for operator identification or message verification. My controller would never see your robot. My controller would only connect to my robot, so the messages they exchanged needed no authentication. Each device assumed all its connections were externally verified. Even the safety systems assumed the network was untainted and trustworthy. No protocols included any security or privacy controls. Then Industry 4.0 adopted wireless communications.

The move, which saved the cost of laying cable in the factory, opened those networks to eavesdropping and attacks. Every possible attack against industrial robots is happening now. Bad guys are forging commands, altering specifications, changing or suppressing error alerts, modifying output statistics, and rewriting logs. The consequences can be vast yet nearly undetectable. In the current report on Rogue Robots, our Forward-looking Threat Research team, collaborating with the Politecnico di Milano (POLIMI), analyzes the range of specific attacks today’s robots face, and the potential consequences those attacks may have.

Owners and operators of programmable robots should heed the warnings of this research, and consider various suggested remedies. Forewarned is forearmed.

The Rogue Robots research is here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/rogue-robots-testing-industrial-robot-security.

The new report, Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis, is here: https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems.

What do you think? Let me know in the comments below, or @WilliamMalikTM.

The post Securing Smart Manufacturing appeared first on .

From Bugs to Zoombombing: How to Stay Safe in Online Meetings

By Trend Micro

The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

What are the risks?

Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

  • Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats
  • Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media
  • Hiding malware in legitimate-looking video apps, links and files
  • Theft of sensitive data from meeting recordings stored locally or in the cloud.

Zooming in on trouble

Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

Video conferencing alternatives

So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

Some video conferencing options alongside Zoom, WebEx, and Teams include:

  • Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls.
  • FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users.
  • Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth.
  • Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users).
  • Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version.
  • Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

How do I stay safe?

Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

  • Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest.
  • Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom).
  • Don’t share any meeting IDs online.
  • Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list.
  • Lock the meeting once it’s started to stop anyone new from joining.
  • Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary.
  • Play a sound when someone enters or leaves the room.
  • Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content.
  • Disable “file transfers” to block possible malware.
  • Keep your systems patched and up-to-date so there are no bugs that hackers can target.
  • Only download conferencing apps from official iOS/Android stores and manufacturer websites.
  • Never click on links or open attachments in unsolicited mail.
  • Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen.
  • Use a password manager for video conferencing app log-ins.
  • Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available.
  • Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

How Trend Micro can help

Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

❌