Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    February 2013
    S M T W T F S
    « Jan   Mar »
  • Email Subscription

  • About Us

    Archive for February 19th, 2013

    It’s another big information security story day at the New York Times. Three weeks ago after their big story detailing the Advanced Persistent Threats (APT) attack against their network, today they have a story detailing the ongoing espionage and corporate espionage against companies and organizations around the world.

    It’s a very interesting and very detailed story. It’s well worth the read. And from the overall goal of protecting people, it’s extremely valuable from an industry perspective for sharing a wealth of information that can be used to provide protections broadly. You can be sure our analysts are going through the report and ensuring we have protections for anything we don’t already protect against.

    But for customers, I would argue that while this story is entertaining, last week’s 2012 Advanced Persistent Threat (APT) Awareness Study released by ISACA is a more important read because it has more relevant information on how to protect your company or organization. The New York Times article is a good read but the ISACA report can help keep you from ending up in the next New York Times story.

    The important thing that we saw in this survey is a serious disconnect between people worrying about APT attacks and understanding how they work. 63% said they were likely or very likely to be the target of an APT attack. But at the same time almost as many, 53.4%, said that APT attacks are “similar” to conventional threats. This means that only a little under 10% (9.6% to be exact) of respondents see this as a threat and understand that this is a different kind of threat and requires a fundamentally different kind of approach to meet it.

    When stories like this hit, customers often ask “Am I protected against this attack”? What they really mean in most cases is “Are your signatures up-to-date to catch this attack?” The right answer to that question is that it doesn’t matter: these attacks are designed to be undetected by signature-based endpoint security. We saw this in the attack against the New York Times. In fact, we believe that these attacks generally are tested against signature-based endpoint products to ensure they’re not detected. Yes, we do protect against much of the malware outlined in the report and are building new protections for new malware. But this underscores that reactive, signature-based endpoint security can only be a piece of your overall posture to protect against APTs. These are custom attacks and defending against them requires a different approach, a custom defense that employs advanced detection technologies that can discover an attack before real damage can be done.

    Read the rest of this entry »


    In my last blog post, I covered several topics around how cybercriminals use your stolen information and why these criminals want your information. That entry, along with this entry, is part of a blog series intended to cover the expanding economies in relation to cybercrime, as well as some facts and recommendations to help safeguard your data against information theft.

    In the first part of the two-part intelligence brief series, I will tackle the existing “trust model” in the underground cybercrime arena and some profiling of the gateways/actors that sell these goods.

    Information Theft Business Model

    It’s no secret that scammers are out there to make a quick buck. However, what’s often not known or discussed is how they engage the market to sell their goods.

    These scammers must first engage the market with their goods. They often reach out to Pastebin, underground forums, and several other sites designed to peddle their wares. Furthermore, they also use a popular tactic of posting their “ads” on legitimate forums and sites. This step can be considered the aspect of “gaining your customers”. The next step is establishing a pricing model to fit the marketplace.

    Price Discrimination vs. Penetration Pricing

    During the past five years, there have been a number of incidents outlining price discrimination on underground forums. Price discrimination exists when a provider sells identical goods or services at different prices for several reasons. There are realistically four degrees of price discrimination, all with varying discriminatory fashions.

    However, in the past two years, there has been a shift away from price discrimination and to a more penetration pricing model. Penetration pricing is a tactic used by a seller to attract new buyers in multiple different ways.

    In the penetration pricing model, scammers enter the market and sell their wares at a much lower price to gain market space, and then slowly increase their price until it meets market value with the other sellers. Many of the vendors participating in selling stolen goods enjoy a good market for selling these goods after using this model. Utilizing this will often lead to increased sales volume and higher inventory turnover.

    This penetration pricing upswing has likely occurred as there were many new entrants into the underground marketplace selling goods. These new entrants weren’t following maximum price rules or by unique buyer attributes.

    These scammers are also enjoying a fairly uninhibited marketplace since the ease of hiding their nefarious activities has dramatically improved. For those familiar, see onion routing, and that will easily explain one of the many ways these actors hide their tracks.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice