Targeted attacks the ‘new normal,’ says Trend Micro exec
By Gabey Goh December 30, 2014
- Expect at least two major data breach incidents to occur every month in 2015
- Corporate BYOD policies must be ‘living documents’ to accommodate rapid changes
IF there was one surprise for David Siah, it was the fact that despite a rapidly changing IT landscape, targeted attack campaigns were expected to continue to multiply in 2015, becoming the norm rather than the exception.
The Singapore country manager for security vendor Trend Micro was sharing his thoughts with Digital News Asia (DNA) via email, on the main finding of the company’s annual security predictions report, Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible.
“They will no longer originate just from, and set their sights on, countries like the United States, but will come from other countries as well, as we’ve seen attacks from India, Vietnam, and the United Kingdom, among others,” he said.
Pointing to the recent hack of Sony Entertainment Pictures as one such example, Siah said that Trend Micro predicts that two or more major data breach incidents will occur every month in 2015.
“For Sony and other businesses alike, cyber-fraud and cybersecurity is going to be the key component moving forward. This only serves as a reminder for IT administrators to re-analyse and think ahead in terms of securing their network infrastructure.
“Organisations should also constantly monitor their networks for all kinds of threats and exploitable vulnerabilities,” he said.
Siah said businesses need to embrace the paradigm shift and accept the fact that these breaches will occur, rather than simply preventing threats, and that there is a greater need for a 360-degree detection strategy in order to detect, analyse, and respond to threats.
However, he also noted that there has been an increasing awareness and concern from customers about targeted attacks that could happen to their organisations.
“Many have recognised that it should always be assumed that the system has been compromised and that it is about the ability to react, adapt and detect.
“This reinforces the need to have a technology and monitoring service to assist in detecting targeted attacks or advanced persistent threats.
“Some customers also understand that they do not have to handle this alone, and realise that they can outsource this to our partners and us.
“We have also noticed that a large number of customers have also learned of the insufficiencies of traditional security for virtual or cloud data centres, and the need to adjust their approach,” he said.
But users as well need to be vigilant about security and take precautions to ensure that they do not fall victim to cybercriminals.
Siah said that in the second quarter of 2014, Trend Micro discovered that there was an approximate 128% increase in the number of malicious URLs clicked on by Singaporean users.
“Despite Singapore users being targeted more heavily than ever before, user behaviour has stayed more or less the same, which is rather concerning,” he added.
According to Trend Micro, in the first half of 2014, threat actors continued to refine their tactics to stay under the radar while stealing information. Most of the targeted attacks seen in the region during the first half of 2014 used spear-phishing emails as an infection vector.
“Almost 80% of the targeted attack malware arrived via email. Data also showed that Microsoft Office files are the most commonly used attachments.
“Users should know to look out for any suspicious emails, including those being transmitted from unfamiliar senders.
“If users do open a message of this kind, they should take care not to open any attached documents or links contained in the email as these likely contain malware,” Siah said.
In terms of malware, Singapore’s top malware types are mainly adware and serial key generators, a trend similar to Australia and some Western countries. Adware is most prevalent in countries with fast broadband networks and high Internet adoption, like Singapore.
The most used malware in targeted attacks in the first half of 2014 include password-recovery tool PassView, with most victims being concentrated in the Asia Pacific region.
The first IoT breach
Siah (pic) believes that the first attacks we’ll see on smart appliances, as well as wearable and other Internet of Things (IoT) devices, will not be financially motivated.
“They will be more white-hat hacks to highlight security risks and weaknesses so manufacturers can improve their products, particularly the way they handle data.
“If and when these devices are hacked for purposes other than to bring vulnerabilities to light, cybercriminals will likely launch sniffer, denial-of-service (DoS), and man-in-the middle (MiTM) attacks,” he said.
However, as attackers begin to better understand the IoT ecosystem, they will employ scarier tactics such as using ransomware and scareware to extort money from or blackmail device users, he said.
“They can, for instance, hold smart car drivers hostage until they pay up when said vehicles officially hit the road come 2015.
“As such, smart car manufacturers should incorporate network segmentation in their designs to adequately shield users from such threats,” he added.
Banking malware in the spotlight
Siah said that online banking malware was another area which came to prominence this year.
In the second quarter, there was a drop in online banking malware detections; one possible reason for this was the GameOver Zeus botnet disruption in early June, a multinational effort spearheaded by the US Department of Justice and Federal Bureau of Investigation.
GameOver Zeus is a sophisticated type of malware designed specifically to steal banking and other credentials from the computers it infects. It’s predominately spread through spam email or phishing messages.
“Trend Micro revealed that data from Singapore is consistent with that trend, as we experienced a 3% drop in incidences compared to the first quarter,” said Siah.
“However, it should be noted that some of Singapore’s neighbouring countries like Malaysia are included in the top 10 most affected countries. As such, Singaporean users should continue to be vigilant about these types of threats,” he added.
He said that the increase in adware infections might also signify that users, from both an enterprise and end-user perspective, are consuming more ‘free stuff’ on the Internet, where the inherent risk is downloading more components than the application the users expect.
Siah said that as reports of large attacks continue to gain momentum and coverage, cybercriminals may jump onto this opportunity and use this as a social engineering lure to trick users into clicking on suspicious links in spam mails and social media posts.
“Awareness of threats is a must, and so are ever-ready mitigation and remediation plans because no one is safe from compromise,” he said.
Keeping up with mobility in flux
The Bring Your Own Device (BYOD) trend has seen mobile technology being integrated into company processes in every industrial sector. However, security considerations do not just end with policies being put in place.
“Chances are good that since an enterprise first launched its BYOD initiative, the threat landscape would have changed. The mobile platform is becoming increasingly attractive to hackers as they seek to target sensitive corporate and personal user information for fraudulent purposes,” said Siah.
“For this reason, BYOD policies should be living documents that can be adjusted by business leaders as needed to match the group’s changing mobile security needs,” he added.
When it comes to bolstering a company’s BYOD security plans, there are several items to consider, according to Siah:
- Have a policy that is easily understandable for employees
- Ensure that existing rules are being enforced
- Keep a list of employee devices
- Employ a 360-degree detection strategy
Expect more targeted attacks, crimeware: Trend Micro
Security the ‘elephant’ in the IoT/ smart city room: Frost
Malaysia among countries most hit by e-banking malware: Trend Micro
Trend Micro to collaborate with Interpol against cybercrime
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.