Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Ryan Certeza (Technical Communications)

    Cybersecurity is an important part of our daily lives, whether people are aware of it or not. Building awareness that being secure online is everyone’s responsibility is a key part of fighting cybercrime. This is why one of the themes of this year’s National Cyber Security Awareness Month is the  ‘Stop. Think. Connect™’ campaign, which promotes this very message.

    Learning how to be secure online is difficult without knowing about how one can be infected. So how do today’s users become victims of various threats online?

    How do users become victims?

    There are multiple methods that lead to users becoming victims of online threats. Examples include email – where we get spam, including spam with malicious attachments or links to malicious websites. Threats also arrive via social media, where cybercriminals can spam users with posts and instant messages, that also contain lead to various threats.

    While the threats have changed over the years, many of the methods used to deliver these threats are not fundamentally different from previous techniques. Cybercriminals still rely on email to send millions upon millions of spam every day; feedback from the Smart Protection Network indicates that almost two-thirds of email is spam. Malicious websites – including phishing sites and survey scams – are still very much in circulation.

    These techniques – and other forms of social engineering – still work, unfortunately. Users, for example, have difficulty spotting a phishing scam. Others may not recognize the security issues of adware and “free” apps. Others may not recognize the risks that users of mobile banking face. Other long-standing tactics like spam, Trojanized apps from third-party app stores,  and compromised sites are still a problem today. Just about everything we do online has some form of risk attached to it, and users need to be aware of these risks.

    How can users avoid becoming victims?

    The most important part in staying safe online is recognizing that there is a threat. Many of these threats rely on the user not knowing about them to work. An informed user will not fall victim to many threats. Informed users can also help their friends avoid these scams as well.

    In conjunction with NCSAM, we will be discussing various aspects of today’s online threat landscape. Look out for various entries that discuss today’s threats, and what is being done to help combat these on a daily basis.

    Posted in Social | Comments Off on National Cybersecurity Awareness Month: How Do Users Become Victims?

    The first half of this year has been quite eventful for the mobile threat landscape. Sure, we had an idea the state of affairs from 2013 would continue on to this year, but we didn’t know just to what extent. From ballooning mobile malware/high risk app numbers to vulnerabilities upon vulnerabilities, let’s recap just what happened in the past six months and see if we can learn anything from them for the six months ahead.

    So, what did happen in the first half of 2014? Well, to summarize:

    • 2 million and counting: After only six months of reaching 1 million, the combined amount of mobile malware/high risk apps has doubled, to 2 million. That’s a growth of 170,000 apps PER month.
    • The first coin mining mobile malware: ANDROIDOS_KAGECOIN, a malicious app that turned any infected mobile device into a Bitcoin/Dogecoin/Litecoin miner was discovered in March.
    • The first mobile ransomware: ANDROIDOS_LOCKER locked phones by way of obstructing screens with a large UI window. It was discovered in May.
    • Deep Web: Cybercriminals also began to use TOR in their malicious apps, to cover their trails.
    • Operation Emmental: last July we successfully uncovered a cybercriminal operation that countered online banking’s 2-factor authentication. We dubbed this after the famous cheese Emmental.

    A handful of major vulnerabilities were also discovered during this half of 2014, ranging from the Android Custom Permission vulnerability to the iOS Goto Fail vulnerability. Platform-agnostic vulnerability Heartbleed also made the news, affecting not just desktops but basically any platform that could connect to the web and load HTTP:// websites.

    Hugely-popular events were also taken advantage of by cybercriminals through social engineering – the 2014 FIFA World Cup, for example, heralded the coming of fake game apps sporting the event’s name, with each one sporting malicious routines. Flappy Bird, the addictive game that had the entire mobile gaming scene taking attention, also garnered its own share of malicious clones.

    That’s the first half of 2014 in a nutshell, with the most noteworthy events encapsulated. Can we learn anything from them in time to prepare for the next six months? Yes, of course – one lesson we can easily derive here is that we can always expect cybercriminals to take advantage of legitimate services that help make our lives more convenient online – and sometimes, they use it in ways we’ll never expect them to. So we need to look at new services coming out and, after seeing if they CAN be used maliciously, prepare for that inevitability. It helps to be prepared, after all.

    Another lesson for the second half of 2014 is that people need to take mobile threats much more seriously. It’s no longer just a passing fad or something we can just forget about – it’s here, it’s happening, and like social engineering it’s going to be a part of our lives until the next breakthrough in technology comes along. Users, business owners, professionals need to protect themselves from becoming a victim – and all it takes are some best practices and a security solution.

    For more information regarding the mobile threat landscape and how it fared in the first half of 2014, we’d like to point readers towards the latest issue of our Monthly Mobile Report, titled The Mobile Landscape Roundup: 1H 2014. You’ll see the events summarized above, but in more detail, along with other news events and definitely a lot more stats.

    Posted in Mobile, Vulnerabilities | Comments Off on Mobile Security Roundup 1H 2014

    Ever since the mobile boom, smartphones have become an integral part of our lives, enough that they’ve become virtually indispensable in today’s fast-paced world. Not only do they serve to connect us to our friends and loved ones wherever they may be, but they also allow us to do our daily tasks and chores all with a single tap of a screen. We’ve formed such an unbreakable relationship with our smartphones that cybercriminals have included them in their list of targets to attack for monetary gain. For better or for worse, smartphones have become an important part of our daily toolset for life.

    From the way the winds of change are blowing, however, it seems that smartphones are about to become a bigger part of our lives, and that’s with the Internet of Everything involved. With the unveiling of iOS 8, Apple also revealed HomeKit, an app service that will help the user manage third-party IoE-enabled devices in their home. With HomeKit, users will be able to group certain devices by the rooms they’re installed in, and set parameters/controls unique to each ‘room’ grouping. This allows for users to be able to modify settings easily, either in a room-to-room basis or more granular. As of this writing, Google has yet to come up with their equivalent, but we can be sure to see it in the coming days.

    With this development, we can already see how it’s going to be quite the next big thing, in terms of overall convenience and cool factor. What’s more convenient – and honestly, exciting – about controlling the myriad elements in your home with the gadget you do nearly everything on? Scenarios like your refrigerator texting you while you’re outdoors, reminding you that you’re low on eggs – or remotely turning off an appliance you suddenly remembered only after leaving your home – has universal appeal, and smartphone makers are trying to get us to that future.

    But that’s only one side of the coin. The other side, unfortunately, is that introducing the smartphone to your automated home ecosystem may not be the most secure of decisions. This is because the many security pitfalls of the platform – that we’ve talked about at length in this blog – may carry over to the IoE-enabled devices in your home, and thus make you vulnerable to cybercriminal attacks. A cybercriminal hacking into your phone to subscribe you to premium services? Already done. A cybercriminal hacking into your security system THROUGH your phone, deactivating it so they can rob you blind? Very possible!

    This is the gist of our latest Mobile Monthly Report, titled “Mobile Security and the Internet of Everything: The Smartphone Remote Hub Problem”. We explore just what the ramifications are, security-wise, in making your smartphone the ‘remote hub’ or ‘universal remote’ of the automated home network. We also look into what early adopters can do to help protect themselves, in case they have already done the deed. We also have June’ mobile malware and adware stats for our readers to peruse.

    Smartphones may be the end-all and be-all in convenience, but with how they’re hot in the eyes of cybercriminals, we need to apply them carefully. You can check out the latest MMR here.

    Posted in Internet of Things, Mobile | Comments Off on The Role of Smartphones in the Internet of Everything

    Sporting events are getting more and more connected, and the just-concluded World Cup is no exception. Brazilian telecom provider Oi made sure that no expense was spared in ‘connecting’ the World Cup , and even claimed that this year’s event is in fact the most connected in the history of the World Cup.

    Oi claims that they provided connections to all twelve host stadiums across Brazil, resulting with 32 terabytes of data being generated by the media, sponsors, volunteers and FIFA officials in just ten days.  More than 152,000 unique devices (smartphones, tablets and laptops) have been connected to the public Wi-Fi networks installed in the host stadiums.

    Online users all over the world looked for news and updates about the World Cup and made themselves targets for cybercriminals and their socially-engineered threats. Public Wi-Fi networks may keep sports fans online, but their insecurity may lead to them being hacked and their personal information being siphoned.

    World Cup-themed threats have popped up left and right, from phishing websites to spam to malicious mobile apps. One particular phishing scheme managed to snare more than 3,000 users in a span of 72 hours. Most of the victims came from connected countries such as the US (19%) , Japan (14%), Germany(12%) and France (9%).

    Figure 1. Phishing website targeting World Cup fans

    Figure 2. Phishing site victim count

    This message lured users into handing over their login details using a fake US$200 prize, as well as a legitimate promo with a hefty cash prize. The promo itself was themed to take advantage of the World Cupand this in itself may have resulted in such a large amount of victims in a small amount of time.

    We’re not saying that sporting events becoming more and more connected is inherently a bad thing. However, being connected in this day and age without being secure IS inviting trouble. While telecom providers can help, the ultimate responsibility of being secure is on users. They must protect themselves so that at the end of the event, they’re left with fond memories and souvenirsnot malware infections that will result in depleted bank accounts and compromised devices.

    In order to help drive this message homeof sports fans looking after themselves in terms of online securitywe decided to run a survey on our Race to Security website and see just the kind of sports fans our visitors and readers mostly are. From there, we figured out the most common type of fan among our readers, and how they should secure themselves. We’ve also made sure to include tips for everyone to take heed of no matter what kind of fan they are. To find out the results and more information about protecting yourself during sport events, check our latest infographic, What The Race To Security Survey Says.

    Posted in Bad Sites, Malware, Mobile, Social | Comments Off on Being Secure In The Most Connected World Cup Ever

    Evolution is a continuous process, and nothing can exemplify the process better in our industry than the threats we defend against. From simple pranks and nuisances, they’ve become thieves of information, violators of privacy, destroyers of reputations and even saboteurs of businesses, all for the sake of money. They’ve also become tools for activists and terrorists of the cyber variety, used to make strong statements against governments or organizations.

    But as such threats evolve, so must the security solutions that defend against them, or be left in the dust. This is our ethos in Trend Micro – that the protection we provide for our customers not only improve with every version we come out with, but continuously evolve into more powerful, more efficient and more impenetrable to cybercriminal attacks.

    Our latest infographic, Trend Micro Endpoint Security Technology Evolution: A Complete Approach to Security, illustrates this. Using the visualization of a tree taking root and sprouting branches from its tree trunk, we catalog the evolution of cybercrime as well as the technologies we developed to address those malicious evolutions.

    Take malware, for example, one of the main tools of cybercrime.From its primal state as a prank program to how it’s become a money-making machine, we’ve not only developed one but three technologies to address it:

    • Signature-based Scanning, which identifies, isolates and deletes malware by matching it to a specific malware signature/pattern;
    • Heuristic Behavior Scanning, which detects polymorphic malware  through its malicious behavior, and;
    • File Reputation Services, which identifies and blocks malware through their history, sources, behavior and reputation.

    Each of these technologies work in conjunction with each other, as well as those that address the other tools of cybercrime – to provide a well-rounded and balanced approach to security that families and businesses deserve.


    Posted in Exploits, Malware, Mobile | Comments Off on Endpoint Security: Evolving With The Threats They Mitigate


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice