Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Masayoshi Someya (Security Evangelist)

    A recent report published by Amtrak’s Office of the Inspector General revealed that an employee of the passenger rail company had been selling passenger data for two decades. The buyer of this data was none other than the Drug Enforcement Agency, which paid the employee $854,460 over the period. Iowa’s senior senator, Check Grassley, sent a letter to the DEA raising serious concerns over the incident.

    The most significant part of this security breach is the fact that this former employee was able to sell personally identifiable information of Amtrak passengers since 1995. In other words, this misconduct was being carried out without being noticed by even a single person for two decades. Through this unauthorized sale of customer data, the employee received $854,460 in total from DEA.

    The DEA was supposed to be able to receive the customer data in question upon request, and for free, via a joint taskforce that included both Amtrak and the DEA. In short, the American taxpayers paid for information that they should have received free. After the incident came to light, instead of being punished, this employee chose to retire.

    How the security breach was identified in the first place is not included in the OIG report. Considering the fact that one employee was able to carry out a series of misconduct for such a long time, serious questions need to be asked – what kind of internal control and audit were in place? What kinds of security measures were implemented to prevent such breach?

    Survey: One in five respondents were breached from the inside

    Whether caused by cyber attacks or malicious employees, data breach continues to make headlines worldwide. A Trend Micro survey that was carried out in March 2014 among 1,175 Japanese IT security professionals and decision makers revealed that 233 or 19.8% of them experienced data breaches from internal systems in 2013. In other words, one in five respondents were breached from the inside.

    A total of 778 respondents (almost two-thirds of those surveyed) confirmed that they had experienced security breach of some kind. 28 respondents (3.6%) added that the stolen data that had been used or manipulated elsewhere. These statistics only represent security breaches among businesses in Japan, but it is likely that statistics might be more or less similar elsewhere, even if not the same. Data breach is no longer “someone else’s problem”.

    Organization-wide efforts needed

    We are used to talking about data breaches being caused by cybercriminals or accidents by employees. However, this incident –together with recent data breach done by contractor using smartphones in Japan– highlights how significant the threat can be from malicious insiders.

    Organizations need to invest their efforts into developing security policies and guidelines, and making these understood to their employees. Staff training and awareness efforts can also help in the fight against data breach. These efforts should also be aimed at discouraging employees from even thinking about compromising their company’s data.

    When it comes to targeted attacks, the assumption must be that breaches will happen. Businesses now need to realize and invest in security based upon the assumption that insider threats will happen.

    For more details on various targeted attacks, as well as best practices for enterprises, you may visit our Threat Intelligence Resources on Targeted Attacks.

    Posted in Targeted Attacks | Comments Off on Risks from Within: Learning from the Amtrak Data Breach

    As announced on July 19, 2011, Google started delivering a service that warns users of possible malware infection.

    According to Google’s blog article, an investigation was started after observing abnormal traffic coming to its site while performing regular maintenance. The investigation revealed that the abnormal traffic came from PCs that have been infected by a particular malware. The number of infected PCs has been reported to be a few million.

    As a result of Google’s own investigation, it was found that the said PCs were infected by particular FAKEAV variants. Their system settings have been tampered with so that access to Google can only be made through particular proxies. Google started warning users of possible malware infection if access to its site was made through these proxies.

    Already Used by FAKEAV?

    Google’s move to take a step further to warn users is commendable from a security perspective. We foresee that Google will continue to take certain actions to make this service secure. Displaying a warning message that says, “Your PC may be infected with virus,” however, is a tactic that is already being widely used by various malware such as FAKEAV.

    The unfortunate reality is that useful and valuable services tend to get manipulated and this warning message from Google may be copied by bad guys in their attempt to infect more users’ systems with FAKEAV. Rogue antivirus software that look just like Microsoft’s free security software is an example of such manipulation. We may then end up seeing some users ignore this legitimate warning message from Google or others click a fake warning message and become victims of malware.

    Read the rest of this entry »


    Last June 17, 2011, the Japanese Parliament approved a revised proposal for criminal law against creating and keeping malware aka the Cybercrime Law.

    The key point about this revised criminal law is that malware writers will be penalized if a malware was created and distributed under the following circumstances:

    1. Without a legitimate reason
    2. With the purpose of running it on someone’s computer without the person’s consent

    In other words, it’s about “malicious intent.”

    Up until now, creating and owning malware with malicious intent cannot be penalized by law in Japan. For example, the creator of the Harada virus was found guilty not for creating and distributing malware but for violating the copyright for TV animation and for libel by using his friends’ personal information and photos. The same person created the Octopus and Squid viruses while on probation and was later arrested in 2010 for suspicion of property damage as the viruses rendered victims’ hard disks unusable.

    In other words, there was no direct way to punish malware writers in Japan until now.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice