• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   FBI Insights On Fighting Cybercrime

FBI Insights On Fighting Cybercrime

  • Posted on:November 12, 2014
  • Posted in:Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

The month of October has been the National Cyber Security Awareness Month for the last few years, which is put on by the National Cyber Security Alliance which Trend Micro is a proud partner of. This year we had five weeks in October and each week focused on a different aspect of the security landscape with the last week dealing with cybercrime and law enforcement. In supporting this week I was fortunate enough to host a webinar (now available on-demand) with a Special Agent of the United States Federal Bureau of Investigation Cyber Division. In this webinar he shared the following:

  1. Identifying & Countering Advanced Cyber Threats
  2. Mitigation Through Collaboration

What I wanted to share with you in this article were many of the questions asked by our audience and our answers that I think would benefit you all too. Feel free to watch the webinar on-demand by clicking the link above to hear the excellent information this Special Agent was able to share with us.

The FBI shared that in many instances they have been seeing combination attacks where the criminals contact the target organization with phone calls in an attempt to either gather information on a potential victim to target, or attempt to gain access by posing as a legitimate organization, such as Microsoft technical support. We had a number of questions come in around these situations:

Q. When you get the phone calls from actors saying they work for Microsoft and want you to go to malware sites, what is the best way to deal with them?

Q. Is the FBI interested in the group who keep calling telling us they are, and give various titles, but yesterday it was “Microsoft Technician”, telling me my computer contacted Microsoft because it was infected with viruses, etc? Then they try to talk the victim through performing several commands, eventually allowing them remote control.

Q. Are you seeing that the players are starting to use a combo attack? For instance, a phone call to set the stage for an email in order to get a person to increase their trust for an email attack?

This is where educating your personnel who take outside phone calls about these scams and ensure they at least be very skeptical of these types of calls. Microsoft has published an article about this that includes a link to the FTC to report such instances. These socially engineered initial attack incidents can be difficult to spot as the criminals are getting better at mimicking real people and abusing the trust relationship that people have. The best defense is to arm your employees with knowledge of these techniques and to instill in them a sense of skepticism when receiving these types of calls.

As you could expect, we had a few questions around attribution and how to deal with threat actors who are in countries where it is difficult to take action against them.

Q. How do you indict someone that is sponsored by the Chinese government?

Q. With Russia’s relationship with the USA being poor. It seems hard to deal with hackers from Russia?

Since cybercrime is not found in only one country and is globally dispersed, law enforcement agencies must work together on identifying and arresting the actors perpetrating the crimes. The biggest challenge is when these actors live in countries where the cybercrime laws are not distinct, or in some cases non-existent. There have been cases where these actors have traveled through cooperative regions of the world and arrests have been made. As more countries around the world continue to challenge China and Russia on activities coming out of those countries, we may see more crack downs by the local authorities there. The good news is we’re seeing more and more cross boundary collaboration by law enforcement agencies in arresting cybercriminals as seen by the recent arrests from several Darkweb sites.

In discussing the mitigation topic, the FBI shared that there is a two-way street that has to occur between the victim organization and law enforcement. A few items which should be shared are:

Engaging your security vendor can help in identifying any malware or other threat components that were used in an attack. Many times this information can help identify who or where this attack started from and can be shared with law enforcement in building a case against the threat actors.

The last area which the Special Agent shared was around best practices organizations can take to help mitigate the threats by these actors. I’d like to share some of the areas which Trend Micro supports our customers within these best practices.

  • Real-time threat intelligence

The Trend Microā„¢ Smart Protection Networkā„¢ was one of the first infrastructures (2008) to embrace real-time feedback from millions of sensors distributed across the globe and using big data analysis to identify new threats as they occurred.Ā  Most attacks are not monolithic and as such, correlating the multiple threat vectors that make up the entire attack allows Trend Micro to protect our customers from all aspects of an attack.

  • Cloud security services

Trend Micro offers Threat Intelligence Services which allows organizations to use our threat data within their organizations.Ā  We also offer Deep Security which can help organizations who are moving to the cloud whether through a private, public or hybrid cloud strategy.

  • Pervasive sandboxing

The Trend Micro Custom Defense which includes the Deep Discovery family of products supports custom sandboxes that allow an organization to emulate their exact OS/Application to ensure cybercriminals obfuscation techniques are bypassed.

  • Analytics for ā€œbig dataā€

As stated above, the Smart Protection Network has been using big data tools and techniques to manage the volume, variety, and velocity of threats permeating today.Ā  Big data is only as good the knowledge and intelligence you can extract from it.Ā  By using a combination of big data, data science, and security expertise allows us to quickly process and identify threats from within the billions of data points we receive each day.

This session gave our audience some great insights as we finish the year which saw record numbers of breaches against large scale organizations.Ā  Take the time to watch the on-demand webinar so you too can reap the benefits from the FBI’s insights.Ā  If you have questions too, feel free to comment and I’ll do my best to answer them.

Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.

Related posts:

  1. Hawaii law enforcement requests cybercrime-fighting tools
  2. Trend Micro and INTERPOL: Teaming Up Again to Fight Global Cybercrime
  3. Trend Micro at RSA 2015: Joining Forces with Law Enforcement against Cybercrime
  4. Victim Insights around the Russian Hack

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, ę—„ęœ¬, ėŒ€ķ•œėÆ¼źµ­, å°ē£
  • Latin America Region (LAR): Brasil, MĆ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Ɩsterreich / Schweiz, Italia, Š Š¾ŃŃŠøŃ, EspaƱa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.