Login
Ransomware is Still a Blight on Business
Trends come and go with alarming regularity in cybersecurity. Yet a persistent menace over the past few years has been ransomware. Now mainly targeting organizations rather than consumers, and with increasingly sophisticated tools and tactics at their disposal, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.
Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.
Not going anywhere
Ransomware has been with us for years, but only really hit the mainstream after the global WannaCry and NotPetya incidents of 2017. Unfortunately, that was just the start. Today, no sector is safe. We saw attacks rage across US municipalities, school districts and hospitals in 2019. Most recently, a major outage at a connected technology giant impacted everything from consumer fitness trackers to on-board flight systems.
Such attacks can hit victim organizations hard. There are serious reputational and financial repercussions from major service outages, and the stakes have been raised even further as attackers now often steal data before encrypting victims’ files. A recent incident at a US cloud computing provider has led to data compromise at over 20 universities and charities in the UK and North America, for example. A separate ransomware attack on a managed service provider earlier this year may cost it up to $70m.
The bad guys have shown no sign of slowing down during the pandemic — quite the reverse. Even as hospitals have been battling to save the lives of patients battling COVID-19, they’ve been targeted by ransomware designed to lock mission-critical systems.
No More Ransom
That’s why we need to celebrate public-private partnerships like No More Ransom, which provides helpful advice for victims and a free decryption tool repository. Over the past four years it has helped 4.2 million visitors from 188 countries, preventing an estimated $632 million in ransom demands finding its way into the pockets of cyber-criminals.
At Trend Micro, we’re proud to have been an associate partner from the very start, contributing our own decryption tools to the scores available today to unlock 140 separate ransomware types. Since the start of No More Ransom, Trend Micro tools have been downloaded nearly half a million times, helping over 50,000 victims globally to decrypt more than 77 million files. We simply can’t put a price on this kind of intervention.
https://www.europol.europa.eu/publications-documents/infographic-4th-anniversary-no-more-ransom
Yet while the initiative is a vital response to the continued threat posed by ransomware, it is not all we can do. To truly beat this menace, we need to educate organizations all over the planet to improve their resilience to such malware threats. That means taking simple steps such as:
|
|
I’m also speaking on a panel today hosted by the U.S. Chamber of Commerce on NotPetya and general ransomware attack trends related to the pandemic. Join us to learn more about ransomware from law enforcement agencies, policy makers and businesses.
If your organization has been impacted by ransomware, check the resources available on https://www.nomoreransom.org/ for advice and access to the free decryption tool repository.
The post Ransomware is Still a Blight on Business appeared first on .
If the past couple of months have taught us anything, it’s that partnerships matter in times of crisis. We’re better, stronger and more resilient when we work together. Specifically, public-private partnerships matter in cybersecurity, which is why Trend Micro is always happy to reach out across industry, academia and law enforcement to offer its expertise.
We are again delighted to be working with long-time partner INTERPOL over the coming weeks on a new awareness campaign to help businesses and remote workers stay safe from a deluge of COVID-19 threats.
The new normal
All over the world, organizations have been forced to rapidly adjust to the new normal: social distancing, government lockdowns and mass remote working. While most have responded superbly to the challenge, there’s no denying that IT security teams and remote access infrastructure are being stretched to the limit. There are understandable concerns that home workers may be more distracted, and therefore likely to click on phishing links, and that their PCs and devices may not be as well protected as corporate equivalents.
At the same time, the bad guys have also reacted quickly to take advantage of the pandemic. Phishing campaigns using COVID as a lure have surged, spoofing health authorities, government departments and corporate senders. BEC attacks try to leverage the fact that home workers may not have colleagues around to check wire transfer requests. And remote infrastructure like RDP endpoints and VPNs are being targeted by ransomware attackers — even healthcare organizations that are simultaneously trying to treat critical patients infected with the virus.
Getting the basics right
That’s why Trend Micro has been pushing out regular updates — not only on the latest scams and threats we’re picking up around the globe, but also with advice on how to secure the newly distributed workforce. Things like improved password security, 2FA for work accounts, automatic software updates, regular back-ups, remote user training, and restricted use of VPNs can all help. We’re also offering six months free use of our flagship Trend Micro Maximum Security product to home workers.
Yet there’s always more to do. Getting the message across as far and wide as possible is where organizations like INTERPOL come in. That’s why we’re delighted to be teaming up with the global policing organization to run a new public awareness campaign throughout May. It builds on highly successful previous recent campaigns we’ve collaborated on, to tackle BEC and crypto-jacking.
This time, we’ll be resharing some key resources on social media to alert users to the range of threats out there, and what businesses and home workers can do to stay safe. And we’ll help to develop infographics and other new messages on how to combat ransomware, online scams, phishing and other threats.
We’re all doing what we can during these difficult days. But if some good can come from a truly terrible event like this, then it’s that we show our strength in the face of adversity. And by following best practices, we can make life much tougher for the cybercriminals looking to profit from tragedy.
The post Teaming up with INTERPOL to combat COVID-19 threats appeared first on .
By Kyle Klassen Product Manager – Cloud Native Application Security at Trend Micro
Containers provide many great benefits to organizations – they’re lightweight, flexible, add consistency across different environments and scale easily.
One of the characteristics of containers is that they run in dedicated namespaces with isolated resource requirements. General purpose OS’s deployed to run containers might be viewed as overkill since many of their features and interfaces aren’t needed.
A key tenant in the cybersecurity doctrine is to harden platforms by exposing only the fewest number of interfaces and applying the tightest configurations required to run only the required operations.
Developers deploying containers to restricted platforms or “serverless” containers to the likes of AWS Fargate for example, should think about security differently – by looking upward, looking left and also looking all-around your cloud domain for opportunities to properly security your cloud native applications. Oh, and don’t forget to look outside. Let me explain…
Looking Upward
As infrastructure, OS, container orchestration and runtimes become the domain of the cloud provider, the user’s primary responsibility becomes securing the containers and applications themselves. This is where Trend Micro Cloud One, a security services platform for cloud builders, can help Dev and Ops teams better implement build pipeline and runtime security requirements. Cloud One – Application Security embeds a security library within the application itself to provide defense against web application attacks and to detect malicious activity.
One of the greatest benefits of this technology is that once an application is secured in this manner, it can be deployed anywhere and the protection comes along for the ride. Users can be confident their applications are secure whether deployed in a container on traditional hosts, into EKS on AWS Bottlerocket, serverless on AWS Fargate, or even as an AWS Lambda function!
Looking Left
It’s great that cloud providers are taking security seriously and providing increasingly secure environments within which to deploy your containers. But you need to make sure your containers themselves are not introducing security risks. This can be accomplished with container image scanning to identify security issues before these images ever make it to the production environment.
Enter Deep Security Smart Check – Container Image Scanning part of the Cloud One offering. Scans must be able to detect more than just vulnerabilities. Developer reliance on code re-use, public images, and 3rd party contributions mean that malware injection into private images is a real concern. Sensitive objects like secrets, keys and certificates must be found and removed and assurance against regulatory requirements like PCI, HIPAA or NIST should be a requirement before a container image is allowed to run.
Looking All-Around
Imagine taking the effort to ensure your applications, containers and functions are built securely, comply with strict security regulations and are deployed into container optimized cloud environments only to find out that you’ve still become a victim of an attack! How could this be? Well, one common oversight is recognizing the importance of disciplined configuration and management of the cloud resources themselves – you can’t assume they’re secure just because they’re working.
But, making sure your cloud services are secure can be a daunting task – likely comprised of dozens of cloud services, each with as many configuration options – these environments are complex. Cloud One – Conformity is your cloud security companion and gives you assurance that any hidden security issues with your cloud configurations are detected and prioritized. Disabled security options, weak keys, open permissions, encryption options, high-risk exposures and many, many more best practice security rules make it easy to conform to security best practices and get the most from your cloud provider services.
Look Outside
All done? Not quite. You also need to think about how the business workflows of your cloud applications ingest files (or malware?). Cloud storage like S3 Buckets are often used to accept files from external customers and partners. Blindly accepting uploads and pulling them into your workflows is an open door for attack.
Cloud One – File Storage Security incorporates Trend Micro’s best-in-class malware detection technology to identify and remove files infected with malware. As a cloud native application itself, the service deploys easily with deployment templates and runs as a ‘set and forget’ service – automatically scanning new files of any type, any size and automatically removing malware so you can be confident that all of your downstream workflows are protected.
It’s still about Shared Responsibility
Cloud providers will continue to offer security features for deploying cloud native applications – and you should embrace all of this capability. However, you can’t assume your cloud environment is optimally secure without validating your configurations. And once you have a secure environment, you need to secure all of the components within your control – your functions, applications, containers and workflows. With this practical approach, Trend Micro Cloud One perfectly complements your cloud services with Network Security, Workload Security, Application Security, Container Security, File Storage Security and Conformity for cloud posture management, so you can be confident that you’ve got security covered no matter which way you look.
To learn more visit Trendmicro.com/CloudOne and join our webinar on cloud native application threats https://resources.trendmicro.com/Cloud-One-Webinar-Series-Cloud-Native-Application-Threats.html
The post What do serverless compute platforms mean for security? appeared first on .
The global public cloud services market is on track to grow 17% this year, topping $266 billion. These are impressive figures, and whatever Covid-19 may do short-term to the macro-economy, they’re a sign of where the world is heading. But while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” That is, hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters.
Whilst helping to drive agility, differentiation and growth, this new reality also creates cyber risk. As IT leaders try to chart a course for success, they’re crying out for a more holistic, simpler way to manage hybrid cloud security.
Cloud for everyone
Organizations are understandably keen to embrace cloud platforms. Who wouldn’t want to empower employees to be more productive and DevOps to deliver agile, customer-centric services? But digital transformation comes with its own set of challenges. Migration often happens at different rates throughout an organization. That makes it hard to gain unified visibility across the enterprise and manage security policies in a consistent manner — especially when different business units and departments are making siloed decisions. An estimated 85% of organizations are now using multiple clouds, and 76% are using between two and 15 hybrid clouds.
To help manage this complexity, organisations are embracing containers and serverless architectures to develop new applications more efficiently. However, the DevOps teams using these technologies are focused primarily on time-to-market, sometimes at the expense of security. Their use of third-party code is a classic example: potentially exposing the organization to buggy or even malware-laden code.
A shared responsibility
The question is, how to mitigate these risks in a way that respects the Shared Responsibility model of cloud security, but in a consistent manner across the organization? It’s a problem exacerbated by two further concerns.
First, security needs to be embedded in the DevOps process to ensure that the applications delivered are secure, but not in a way that threatens the productivity of teams. They need to be able to use the tools and platforms they want to, but in a way that doesn’t expose the organization to unnecessary extra risk. Second, cloud complexity can often lead to human error: misconfigurations of cloud services that threaten to expose highly regulated customer and corporate data to possible attacks. The Capital One data breach, which affected an estimated 100 million consumers, was caused partly by a misconfigured Web Application Firewall.
Simplifying security
Fortunately, organizations are becoming more mature in their cloud security efforts. We see customers that started off tackling cyber risk with multiple security tools across the enterprise, but in time developed an operational excellence model. By launching what amount to cloud centers of excellence, they’re showing that security policies and processes can be standardized and rolled out in a repeatable way across the organization to good effect.
But what of the tools security teams are using to achieve this? Unfortunately, in too many cases they’re relying on fragmented, point products which add cost, further complexity and dangerous security gaps to the mix. It doesn’t have to be like this.
Cloud One from Trend Micro brings together workload security, container security, application security, network security, file storage security and cloud security posture management (CSPM). The latter, Cloud One – Conformity offers a simple, automated way to spot and fix misconfigurations and enhance security compliance and governance in the cloud.
Whatever stage of maturity you are at with your cloud journey, Cloud One offers simple, automated protection from a single console. It’s simply the way cloud security needs to be.
The post Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity appeared first on .
If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.
We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!
Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.
While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?
Introducing Rules
If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.
It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?
We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.
What is the Rule?
A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.
Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.
Amazon EC2 Best Practices and Rules
Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:
|
|
See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.
Stay Safe!
The post The AWS Service to Focus On – Amazon EC2 appeared first on .
FreshRSS 