The month of October has been the National Cyber Security Awareness Month for the last few years, which is put on by the National Cyber Security Alliance which Trend Micro is a proud partner of. This year we had five weeks in October and each week focused on a different aspect of the security landscape with the last week dealing with cybercrime and law enforcement. In supporting this week I was fortunate enough to host a webinar (now available on-demand) with a Special Agent of the United States Federal Bureau of Investigation Cyber Division. In this webinar he shared the following:
What I wanted to share with you in this article were many of the questions asked by our audience and our answers that I think would benefit you all too. Feel free to watch the webinar on-demand by clicking the link above to hear the excellent information this Special Agent was able to share with us.
The FBI shared that in many instances they have been seeing combination attacks where the criminals contact the target organization with phone calls in an attempt to either gather information on a potential victim to target, or attempt to gain access by posing as a legitimate organization, such as Microsoft technical support. We had a number of questions come in around these situations:
Q. When you get the phone calls from actors saying they work for Microsoft and want you to go to malware sites, what is the best way to deal with them?
Q. Is the FBI interested in the group who keep calling telling us they are, and give various titles, but yesterday it was “Microsoft Technician”, telling me my computer contacted Microsoft because it was infected with viruses, etc? Then they try to talk the victim through performing several commands, eventually allowing them remote control.
Q. Are you seeing that the players are starting to use a combo attack? For instance, a phone call to set the stage for an email in order to get a person to increase their trust for an email attack?
This is where educating your personnel who take outside phone calls about these scams and ensure they at least be very skeptical of these types of calls. Microsoft has published an article about this that includes a link to the FTC to report such instances. These socially engineered initial attack incidents can be difficult to spot as the criminals are getting better at mimicking real people and abusing the trust relationship that people have. The best defense is to arm your employees with knowledge of these techniques and to instill in them a sense of skepticism when receiving these types of calls.
As you could expect, we had a few questions around attribution and how to deal with threat actors who are in countries where it is difficult to take action against them.
Q. How do you indict someone that is sponsored by the Chinese government?
Q. With Russia’s relationship with the USA being poor. It seems hard to deal with hackers from Russia?
Since cybercrime is not found in only one country and is globally dispersed, law enforcement agencies must work together on identifying and arresting the actors perpetrating the crimes. The biggest challenge is when these actors live in countries where the cybercrime laws are not distinct, or in some cases non-existent. There have been cases where these actors have traveled through cooperative regions of the world and arrests have been made. As more countries around the world continue to challenge China and Russia on activities coming out of those countries, we may see more crack downs by the local authorities there. The good news is we’re seeing more and more cross boundary collaboration by law enforcement agencies in arresting cybercriminals as seen by the recent arrests from several Darkweb sites.
In discussing the mitigation topic, the FBI shared that there is a two-way street that has to occur between the victim organization and law enforcement. A few items which should be shared are:
Engaging your security vendor can help in identifying any malware or other threat components that were used in an attack. Many times this information can help identify who or where this attack started from and can be shared with law enforcement in building a case against the threat actors.
The last area which the Special Agent shared was around best practices organizations can take to help mitigate the threats by these actors. I’d like to share some of the areas which Trend Micro supports our customers within these best practices.
The Trend Micro™ Smart Protection Network™ was one of the first infrastructures (2008) to embrace real-time feedback from millions of sensors distributed across the globe and using big data analysis to identify new threats as they occurred. Most attacks are not monolithic and as such, correlating the multiple threat vectors that make up the entire attack allows Trend Micro to protect our customers from all aspects of an attack.
Trend Micro offers Threat Intelligence Services which allows organizations to use our threat data within their organizations. We also offer Deep Security which can help organizations who are moving to the cloud whether through a private, public or hybrid cloud strategy.
The Trend Micro Custom Defense which includes the Deep Discovery family of products supports custom sandboxes that allow an organization to emulate their exact OS/Application to ensure cybercriminals obfuscation techniques are bypassed.
As stated above, the Smart Protection Network has been using big data tools and techniques to manage the volume, variety, and velocity of threats permeating today. Big data is only as good the knowledge and intelligence you can extract from it. By using a combination of big data, data science, and security expertise allows us to quickly process and identify threats from within the billions of data points we receive each day.
This session gave our audience some great insights as we finish the year which saw record numbers of breaches against large scale organizations. Take the time to watch the on-demand webinar so you too can reap the benefits from the FBI’s insights. If you have questions too, feel free to comment and I’ll do my best to answer them.
Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.