Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Zero-Day Alerts

  • Hacking Team Leak

  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
  • Email Subscription

  • About Us

    Author Archive - Tom Kellermann (Chief Cybersecurity Officer)

    There is one thing stronger than all the armies in the world, and that is an idea whose time has come.” – Victor Hugo

    The world has reached a point of inflection in cybercrime. As cyberspace abounds with cyber privateers, and many nations of the world become havens for these modern-day pirates, it appears that 2013 is the year of hacking for criminal gain.

    In our recently released predictions for 2013, our CTO Raimund Genes illustrated his strategic vision per the future of cybercrime. The predictions highlight improvements in threats we will encounter in 2013, more specifically on the attack vectors used by cybercriminals. Raimund predicts that attackers will shift their strategy from developing sophisticated malware to focusing on the means to infiltrate networks and evade detection.

    As we move to Web 3.0, it is important for us to acknowledge the risk we will face when it comes to our business and digital lifestyles in general. It is also fundamental that we begin to increase our situational awareness per the tactics employed by these actors so as to sustain commerce and finance.

    Read the rest of this entry »

    Posted in Bad Sites, Malware, Mobile, Targeted Attacks | Comments Off on Observations on the Evolution of Cyber Tactics in 2013

    Mainstream media have repeatedly described the threat landscape as constantly evolving, that attacks are becoming more sophisticated and the people behind these are more equipped. This assertion, though certainly true, elicits questions on how sophisticated these targeted attacks are, how a digital insider stays hidden, and how to mitigate these threats.

    By now, we are all aware that traditional defences are no longer effective in addressing these threats. In fact, based on a Trend Micro research, over 90 per cent of enterprise networks contain malware with one new threat created every second. Enterprises are also besieged by other challenges such as:

    • Increasing cloud-based IT environments hounded by the increase use of employee-owned mobile devices in the workplace.
    • Availability of cybercrime tools on the Internet, in turn making the accessible to any potential attacker.
    • Cyber attacks initiated by organized crime gangs are also becoming more sophisticated and precise than ever before.

    The big problem, however, is not just that a digital intruder will attempt to control the network, but that it will propagate, exfiltrate data and maintain its activities hidden. Its ability to evade detection, ultimately, is what makes these targeted attacks more problematic.

    Digital Insiders: One Step Ahead of IT Admins

    Digital insiders are aware on how IT administrators would respond to a possible data breach. Typically, they scout for possible exploitable vulnerabilities and signs of communication with an unknown IP address. To circumvent their efforts, attackers may patch vulnerabilities. This serves another purpose: patching vulnerabilities prevents other hackers to piggy back on their efforts.

    Digital insiders also moves their communication and control inside the ecosystem and impose a ‘sleep cycle’ to avoid easily detectable communication. They may attempt to reach out to an outside IP address once in a while such as with the recent Ixeshe campaign. In the case of the recent Flashback Mac malware, the bad guys may use specialized technique that prevents security researchers from doing malware analysis.

    Thwarting Digital Insiders

    This is a new breed of sophisticated threats that require an advanced persistent response from organizations. To gain an upper hand, firms must be able to spot the unwanted intruder and constantly foil their efforts through:

    1. Correlating and associating cybercrime activities in the wild with what is happening on an enterprise’ network using big data analytics. This enables organizations to spot possible correlations between the two and giving them the needed information to create a concrete action plan.
    2. Multi-level rule-based event correlation such as featured in Trend Micro’s Deep Discovery. Given that these guys are experts in keeping their activities hidden, this is a useful tool to identify any dubious activity inside an organization’s network and point out possible threat actors and monitor their activities.

    In other words, this may require organization to increase their awareness of the activities on their networks and the ability to correlate events to thwart the digital insider’s malicious activities.

    Read the full report How to Thwart the Digital Insider – an Advanced Persistent Response to Targeted Attacks.

    Posted in Targeted Attacks | Comments Off on Advanced Persistent Response Thwarts Malicious Digital Insider

    We often debate who the most sophisticated hackers in the world are. I firmly believe that there is a direct correlation between the chess-playing community and hacking. To this point, I would tip my hat to the Eastern European hacker crews of 2011 and 2012.

    There are three historical factors that distinguish Eastern Europe hackers from those in the rest of the world:

    • An educational culture which has long emphasized mathematics and chess
    • A robust underground economy
    • A well-developed “tradecraft’’ of criminal activity that has adapted well to the Internet age

    The obfuscation techniques and nano-malware we have seen deposited in the financial sector illustrate the evolution of capabilities which are being sold in the arms bazaar of Eastern Europe. In today’s era of professional cyber hacker crews, we must acknowledge that the APT has been privatized and that spinning the cyber chess board is an imperative. Beyond a healthy respect for the stratagems utilized by our adversary, we must move away from over-reliance on perimeter defenses.

    As we spin the chess board within our networks, let us acknowledge that a “knights folk” in cyber security begins with situational awareness and ends with hindering exfiltration. Thus, the fundamentals of cybersecurity in 2012 are: specialized threat detection, threat intelligence, file integrity monitoring, and virtual shielding.

    More on my thoughts regarding Eastern European cyber hacker crews are published in this paper.

    Posted in Targeted Attacks | Comments Off on Spinning The Chessboard


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice