At Trend Micro we’ve been protecting our customers around the world for 30 years. So what’s the secret to staying at the cutting edge of the industry for all this time? By investing significant resources into forward-looking threat research, we’ve been able to anticipate where the black hats are going next. Over the coming weeks we’ll be showcasing some of our most recent research, at both the world-famous Hack in the Box (HITB) and RSA Conference.
Only by continuing to anticipate the threats of the future, can we mitigate the cyber risks of today —whether that’s online fraud in the travel industry, or sophisticated IoT attacks.
Consumers hit hard
Although much of our work is focused on protecting governments, enterprises, SMBs and service providers around the world, the threats we uncover and anticipate can also have a major impact on consumers. At HITB, we’ll be discussing two such reports:
1) Taking you for a ride
Cyber-fraud targeting the travel and hospitality sectors is increasingly big business for the bad guys. Industry estimates suggest over $1 billion in annual losses for the airline industry through ticket fraud – losses that number four times that for consumers. What’s more, the percentage of travellers tricked by fraudulent websites has jumped four-fold from 2015-2017 to reach 22%, according to the American Hotel & Lodging Association (AHLA).
You can find almost anything on the dark web: from narcotics to firearms and even false passports. Increasingly, underground sites are also filled with illegal travel services paid for via stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of coupons. Everything from flights and hotel accommodation to theme park tickets, tours, taxi rides and restaurant loyalty cards are available if you look in the right places. Underground travel agencies offer flights and hotel rooms at up to half price.
Trend Micro researchers have uncovered the secrets of this illicit trade, how it’s impacting consumers and businesses, and what industry players can do to fight back. We’ll be revealing all at HITB.
2) The sound of a cyber-attack
Sometimes the most innocuous-looking devices can be leveraged by cyber-criminals to launch attacks. Connected speakers are increasingly ubiquitous, both in homes and business premises. But what about the security risks? Trend Micro decided to investigate, and found a series of vulnerabilities in some well-known brands — including default configuration flaws, open diagnostic tool availability, API vulnerabilities, and more.
Hackers could leverage these to infiltrate corporate networks and spear phish users with malware. They could even work out whether a premises or house is unoccupied and physically rob the owners using geolocation information and usage logs. Manufacturers, consumers and enterprise IT administrators must all play their part in mitigating these risks. We’ll explain more at HITB.
Industrial IoT: the latest threats
The Internet of Things (IoT), of course, extends far beyond connected speakers. In fact, it increasingly permeates every aspect of our lives. Gartner forecasts there will be over 20 billion connected devices in use worldwide by 2020. For organizations, the rewards can be huge, offering process efficiencies, productivity gains and innovative new services to leverage internally and in customer-facing scenarios.
However, this emerging world is fraught with risk, as our Chief Cybersecurity Officer, Ed Cabrera, will demonstrate at RSA Conference when he discusses the impact of industrial IoT (IIoT) exploits. Networks of smart devices and industrial robots offer manufacturers unprecedented opportunities to improve efficiency and productivity, reduce overheads and drive profits. But inherent weaknesses in architecture and implementation could allow attackers to spread ransomware, hijack industrial robots, sabotage processes, and steal sensitive IP.
Ed will discuss Trend Micro and Politecnico di Milano’s groundbreaking research in this area, run an attack demo on a working industrial robot, and reveal steps organizations can take to reduce their threat exposure.
Only by arming organizations with this kind of knowledge can we finally hope to take the fight to the bad guys. That’s why we’ll continue to press our global team of researchers to dig deeper in finding the intelligence we need to make the digital world a safer place.
Ticket to Ride: Abusing the Travel and Hospitality Industry for Profit: Vladimir Kropotov, Fyodor Yarochkin, Mayra Fuentes, Lion Gu
LOCATION: Track 1
DATE: April 12, 2018
COMMSEC: The Sound of a Targeted Attack: Attacking IoT Speakers: Stephen Hilt
LOCATION: Track 4 / CommSec
DATE: April 12, 2018
Insecure Cities and Rogue Robots: The Impact of Industrial IoT Exploits: Ed Cabrera
Moscone Center, San Francisco