Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware.
According to the International Telecommunications Union’s (ITU) 2018 Global Cybersecurity Index, only half of countries around the globe had a government cybersecurity strategy in 2017, which rose to 58 percent in 2018.
A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.
A hacker or group of hackers broke into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.
Departures of top officials at the Secret Service and Department of Homeland Security (DHS) will add to an already difficult public-private disconnect on cybersecurity, especially since Kirstjen Nielsen has a rare set of cybersecurity skills that helped the DHS protect companies in critical industries.
Microsoft has notified affected Outlook users of a security breach that allowed hackers access to email accounts from January 1 to March 28, 2019.
Do you think the leadership turnover at DHS and the Secret Service will hurt US cybersecurity plans? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
On April 6, 2019, a ten-bit counter rolled over. The counter, a component of many older satellites, marks the weeks since Jan 1, 1980. It rolled over once before, in the fall of 1999. That event was inconsequential because few complex systems relied on GPS. Now, more systems rely on accurate time and position data: automated container loading and unloading systems at ports, for example. The issue was not with the satellites or with the cranes.
The problem highlights the pervasive disconnect between the worlds of IT and OT. Satellites are a form of industrial control system. Engineers follow the same set of principles designing satellites as they do designing any other complex programmable machine. Safety first, service availability next.
In the 1990s satellites suffered a series of failures, prompting the US General Accounting Office (GAO) to review satellite security. The report (at https://www.gao.gov/products/GAO-02-781) identifies two classes of problems that might befall satellites, shown in these two figures.
Figure 1: Unintentional Threats to Satellites
Figure 2: Intentional Threats to Satellites
This analysis is incomplete. It omits an entire class of problems: software design defects and code bugs. The decision to use a 10-bit counter to track the passing weeks is a design defect. The useful life of a satellite can be 40 years or more. A 10-bit counter runs from 0 to 1,023, then rolls over to zero. Since the are 52 weeks in a year, the counter does not quite make it to 20 years. This design specification was dramatically under-sized. More recent designs use a 13-bit counter, which will not roll over for almost 160 years. That provides an adequate margin.
As for code bugs, satellites suffer them just like any other programmable system. The Socrates network tracks satellites to project potential collisions. In 2009, Socrates predicted that two satellites, a defunct Soviet-era communications satellite and the Iridium constellation satellite #33, were projected to pass 564 meters apart. In reality, they collided, creating over 2,000 pieces of debris larger than 1 cm in size. Whether the defect arose from buggy code or inadequate precision in observations, the satellites collided. Either way, there is a software defect here. The question is, is the software inaccurate, or is it creating precision that does not exist? If the instruments doing the measurement have a margin of error, the report should include that data. By stating that the satellites will pass 564 meters apart, the value implies a precision of ½ meter either way – between 563.5 meters and 564.5 meters. If the precision is within half a kilometer, the software should state that specifically – “Possible collision – distance between objects under 1 KM.” If the input data is precise, then the code is calculating the trajectories incorrectly. Either is a code bug.
These two types of defects are neither unintentional (code and designs do not degrade over time) nor intentional (no saboteur planted the defect). The third class of defect results from inconsistent design specifications (the satellite can live for 40 years but the counter rolls over in 20) or poor coding practices (creating a level of precision unsupported by the measurements, or calculating the trajectories incorrectly). These are software defects.
There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats are just around the corner—or are already here.
For example, in early January of this year, a Western Australian mother voiced her worries when she discovered that the baby monitor she recently purchased was compromised. The monitor allowed her to log in with a QR code and a generic password in order to watch her child through a camera. Though she followed the instructions for installation, upon opening the monitoring website she was greatly alarmed to see a vision of a stranger’s bedroom, rather than her child’s.
Though you might not have prepared for it, it’s increasingly clear you need to take steps to protect yourself, your children, your privacy, and your new smart devices from these kinds of emerging privacy threats, as well as others. As a first precaution, you should always remember to change the default passwords on all your networked devices, starting with your router, creating strong new ones and securing them safely whenever possible with a password manager. You should then pick the best endpoint and network security solutions you can find to protect all the networked devices in your home.
Trend Micro Password Manager provides a password manager that lets you generate and sync strong passwords across your PCs, Macs, Android, and iOS devices.
Finally, Trend Micro Home Network Security is specifically designed to protect all your new “smart” connected devices in the home. It filters incoming and outgoing traffic to provide an extra layer of protection against intrusions or hacking of the home network. It protects your router and a wide range of smart devices, including security cameras, child monitoring devices, smart TVs, refrigerators, smart speakers, and even smart doorbells and thermostats, from emerging IoT threats—and the list goes on.
With our endpoint and network security solutions, we’ve got you covered! Click the links above for more details on our solutions.
Anyone who has been in cybersecurity for any length of time knows, the threat landscape is constantly changing and requires regularly monitoring of news, blogs, podcasts, and other ways to ensure you know what is happening today. I have tried to bring this information to the public since starting my monthly threat webinar series in July of 2015. Over the years, I’ve been able to share information about the different aspects of the threat landscape from advanced persistent threats (APT) to zero-day exploits and everything in-between. My focus with these webinars is to share information about how these threats work and the technologies available to defend against them. I regularly have experts join me on these webinars too, so you don’t have to just listen to me all the time.
However, my main goal is to help you better understand what you are up against in your fight against threat actors and their ways of attacking you, your employees, systems and networks. I also ask for requests on topics you want me to cover in the future using a survey option within our webinar platform we use. Each of the webinars is live and allows you to ask questions to be answered either during the live event or afterwards via an email. We also record each of these webinars and you can watch them on-demand, as we know your time is valuable and sometimes you cannot attend it live or you want to share with your colleagues. Note – if you sign up for any of the on-demand webinars, you will receive an email with the upcoming month’s webinar topic. The April 2019 webinar will cover Bug Bounties and How They Help and you can sign up to attend here.
Webinars are one way we can help you stay educated and up-to-date about the industry and what’s happening today, as well as what we expect to happen next. You can also follow our other blogs, like Security Intelligence or Security News, for the latest from Trend Micro Research. We also have great explanatory videos on our Trend Micro YouTube channel.
Feel free to leave a comment below if there are any topics you’d like me to cover in upcoming months or if you simply want to say hello. I look forward to seeing you on one of my next webinars.
Meanwhile, Microsoft Store also deleted eight cryptojacking apps, which included Fast-search Lite, FastTube, and Clean Master, among others. When downloaded and installed, the apps activated the Google Tag Manager in their domain servers, which then triggered the cryptomining scripts. Cryptojacking is a type of malicious activity that uses someone else’s device for illegally mining cryptocurrency—in this case, your device, if you installed one or more of these apps.
With reports like these of malicious and fraudulent apps being posted on different online stores, users need to make sure their Android and Windows devices are secured from such threats. While Google and Microsoft do their best to guard against such apps, users shouldn’t take for granted that even official stores are completely clean of them.
The solution is to install app protection on your devices. Trend Micro Mobile Security for Android is a leading security product that protects your mobile device against loss, data theft, and viruses. It proactively scans apps you wish to install from the Google Play Store and tells you if they’re safe. You can also manually scan apps already installed and delete them if they’re found to be malicious.
Similarly, Trend Micro Security (TMS) will protect you from malicious or infected apps on Windows machines. Apps downloaded from Microsoft Store are scanned by TMS on disk for malicious code or infections, during the installation process, and upon execution. Any malicious files in such apps are deleted from your device.
Go to Trend Micro Security for Home for more information on our endpoint security solutions, or to buy Trend Micro Security products for your desktop and mobile devices.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity and data concerns in 5G. Also, learn about cybercriminal threats during tax season.
Trend Micro has announced enhancements to its Deep Security and Cloud App Security products designed to extend protection to virtual machines on the Google Cloud Platform, Kubernetes platform protection, container image scanning integration with the Google Kubernetes Engine (GKE) and Gmail on the G Suite.
A cyber espionage group believed to be out of Iran and known for targeting telecommunications providers and government bodies in the Middle East has added to its arsenal malware for targeting Android devices.
During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.
What security techniques or technologies is your enterprise using to prepare for new advancements like 5G? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Trend Micro and the Ponemon Institute teamed up to produce a new Cyber Risk Index (CRI), which will be updated every six months. Today I want to dive a bit deeper into the results found in the inaugural survey that went out to more than 1,000 IT professionals and executives within organizations based in the USA. I also want to identify some differences between the responses given by the different sized organizations, broken out by small, medium, and enterprise.
Before we go into these details, I want to simply explain how the CRI was calculated. The CRI is made up of two components, the Cyber Preparedness Index (how prepared are you to combat threats) and the Cyber Threat Index (your experience dealing with threats). The formula is as follows:
CRI = CPI – CTI
The CRI is on a -10 to +10 scale with -10 being the highest risk. Below are the results based on organization size.
The results seem to line up with what most would expect – small businesses have the highest cyber risk, medium businesses with less cyber risk and enterprises having the least cyber risk based on the factors that make up the index. Let’s now look at some of the more detailed results from the survey.
Key Survey Results
The top risk reported for cyber preparedness was interesting, as small business and enterprise respondents face the same primary concern:
Small business & Enterprise: My organization’s IT security function has the ability to know the physical location of business-critical data assets and applications.
Medium business: My organization’s enabling security technologies are sufficient to protect data assets and IT infrastructure.
To some extent, this primary risk may not be surprising. In a small business, there isn’t usually a lot of IT function and in an enterprise, the network tends to be very big and broad so knowing where these assets are physically located can be a difficult task. On the other hand, the medium-sized businesses may not have sufficient budget to allow them to afford some of the key components that make up a very secure environment.
On the other end of the CRI – the Cyber Threat Index – we reaffirm that threats are universal. Businesses of all sizes are dealing with cyber threats every day. Here are some of the most interesting takeaways from the survey:
Small business respondents stated:
26% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months, while 11% have had 7-10 and 6% reported more than 10 such instances in the past year.
34% said it’s very likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months.
Medium business respondents stated:
19% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months. 14% reported 7-10 such incidents, and 8% have faced more than 10
35% said it’s very likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months.
Enterprise respondents stated:
19% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months. Another 15% have had 7-10, but only 3% said they’ve had more than 10.
39% said it’s likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months – only 29% said very likely
As you see above, it is almost inevitable that an attack will occur in the next 12 months and that it will be successful. These responses show why all organizations have a high cyber threat environment today.
The intent of the CRI is to give organizations an understanding of their risk levels and insights into many areas of their security posture. From the results, they can make changes to their security infrastructure, policies, and educating their employees and board members to help minimize their risk in the future. As we continue to run the CRI survey every six months, we hope to see gradual improvement in the results.
Stay tuned for more insights from the survey in future blogs. If you want to check out the current results and take a mini version of the survey, go to our landing page here.
Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations.
One of the many reasons of Gmail’s popularity is its security. Google makes use of multiple antivirus engines to help identify malware that may be missed by antivirus signatures. Authentication features, like 2-step verification and single sign-on, and email security policies like secure transport (TLS) enforcement are also being offered within Gmail/G suite.
There’s another aspect of security that is evolving and hard to detect. Business Email Compromise (BEC) and unknown malware/zero-days are top threats threatening email users globally. The baseline security included with G Suite is designed to protect against known malware, which only accounts for 5 percent of malware. It is crucial to consider third-party tools to protect your organization from the other 95 percent of malware and other types of email threats.
Trend Micro Cloud App Security now protects Gmail within G Suite, in addition to Google Drive. It is an API-based service protecting Gmail, Microsoft® Office 365 Exchange Online and other cloud file sharing services. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through G Suite/Office 365 scanning. In 2018, Cloud App Security caught 8.9 million high-risk email threats missed by Office 365 security.
Trend Micro Cloud App Security protects Gmail from three types of threats:
1. Unknown malware/zero-days: G Suite/Gmail uses antivirus engines to detect known malware.
As the second layer of filtering, Trend Micro Cloud App Security catches unknown malware using multiple advanced techniques (e.g. machine learning-based anti-malware, document exploit detection, and behavioral analysis using sandboxes). In fact, Trend Micro’s sandbox technology has been recommended by NSS Labs 5 years in a row.
2. BEC attacks: The most common type of BEC attack is CEO fraud – an email impersonating the CEO asks an employee to conduct a wire transfer, usually to a bank account overseas. BEC attacks are difficult to detect as cyber criminals use social engineering to trick users, and no attachment or malicious URL is in the email. Gmail protects against inbound emails spoofing your domain, which is a common tactic used by BEC messages. After the email passes Google’s scanning, Trend Micro Cloud App Security would use artificial intelligence to stop email fraud, and conduct unique authorship analysis by checking the writing style of the high profile users. The simple but hard to catch BEC attacks require multi-layered defense for the best protection.
3. Threats already exist in your organization: For threats that have passed through an organization’s security measures, it’s critical to have the capability to perform discovery and remediation. Trend Micro Cloud App Security offers a unique manual scan capability allowing admins to scan and protect Gmail mailboxes and Google Drive on-demand. The manual scan capability is available on Drive now and will be available on Gmail in July, 2019.
Trend Micro Cloud App Security is the easy solution which deploys in minutes, requires no MX record routing, and is transparent to users. Get a free trial now to see how many threats are passing your G suite environment.
At Trend Micro we’ve spent the past three decades successfully solving problems for our customers. It’s helped us to become a leading provider of services to secure the connected world. But we’re not done there. We also want to find and learn from the technology innovators and problem-solvers of tomorrow.
That’s why our venture arm, Trend Forward Capital, is inviting ambitious start-ups to send in their submissions for the first pitch-off contest to be held at our North American HQ in Dallas. Submissions for the Forward Thinker Award are due by April 24th, and with only five lucky applicants selected to attend the event on May 20, the standard will need to be high.
Finding talent, closing skills gaps
Trend Micro’s mission is Securing Our Connected World. But we also recognize that, as important as it is, there’s a wealth of innovation happening outside the security sphere. Smart and connected technologies offer an unparalleled opportunity to make us all safer, healthier, more social and productive.
We’re in it for the long haul: teaming up to offer as much support as they need – from go-to-market expertise, to cybersecurity solutions and global resources. In this respect, you can view the pitch-off and the wider Trend Forward Capital mission as part of our global commitment to close skills gaps. Start-ups might have the ideas and the drive, but often need fine-tuning and support to help nurture their skills and expand their in-house know-how.
In return, we get to plug-in and learn from some of the most exciting companies around, who are pushing the boundaries of what’s possible across the globe.
Focus on Dallas
Trend Forward Capital has run successful pitch-off competitions at the past two CES conferences. But this is the first time we’ve taken the idea to the Dallas Fort Worth region. Why now? Because the area has become a thriving hotbed of entrepreneurial ideas and business growth. And as it plays host to our own North American headquarters, we wanted to cement our commitment to local start-up talent.
As mentioned, just five finalists will be chosen to pitch on May 20. They’ll have to impress an all-star line-up of judges including Trend Micro co-founder and CEO, Eva Chen; Marwan Forzley, CEO of one of our start-up success stories, Veem; Thomas Whiteaker, Partner at IBM Ventures; Shmuel Kliger, Founder and President of Turbonomic, as well as Will Akins, Manager of WeWork Labs Dallas.
There’ll be a $10,000 reward for the winner of the Forward Thinker Award, who will also be considered for pre-selection for the 2020 CES contest, including two passes to the show. All five finalists receive a year’s free cybersecurity protection with Trend Micro.
Trend Forward Capital has spent the past two years helping some of the most innovative companies around to reach the next stage of growth. If you’re a Dallas-based start-up, apply to the Forward Thinker Award today and you could be the next.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about security threats directed at smart manufacturing environments. Also, learn why malware installed from the Android app store increased by 100% last year.
Members of the security teams at IBM Collaboration Solutions (ICS) and Industry Solutions, made a great impression when they spoke about capture the flag (CTF) events they were building for students and the IT industry.
In previous attacks, XLoader posed as Facebook, Chrome and other apps to trick users into downloading its malicious app. Trend Micro researchers found a new variant that uses a different way to lure users.
Are you surprised to learn that there was a 100% malware increase in Google Play for 2018? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.