Flying Under the Radar: How Hackers Use Protection Strategies for Attack

It's a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy. This approach has been taken - oftentimes quite successfully - in an array of settings, including the cybersecurity realm. Security researchers are constantly...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 5, 2017

This week marked the first time an airline misplaced my bags for a significant period of time. Inclement weather forced me to not only change my flight, but also change airlines. Unfortunately, my luggage didn’t get the memo. I dealt with two airlines to find my bags, and I eventually received my...

How IOC Sharing Will Help Us Build a More Secure Healthcare Sector

At Trend Micro we work hard every day to reduce the risk posed by cyber attacks from hacktavists, transnational cybercriminals, and cyber espionage groups. Nowhere is this more pertinent than in the healthcare industry, where everything from data breaches to ransomware attacks impacting medical...

How vulnerability research benefits both vendors and customers

Zero-day vulnerabilities - newly discovered exploits that haven't been previously identified - are now emerging more often. Worse still is the fact that these dangerous flaws sometimes aren't pinpointed until hackers have already exploited them. According to a prediction from Cybersecurity Ventur...

Bridging the Skills Gap with Trend Micro’s Capture the Flag (CTF) Competition

We all know the IT security industry is suffering from chronic skills gaps and shortages around the world. In the US things are no different, with an estimated talent shortfall of around 40,000 jobs for information security analyst roles alone. While various initiatives have been proposed, few ha...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 29, 2017

“Anything that can go wrong will go wrong.” It’s not exactly clear how Murphy’s Law originated, but it seems to always make an appearance at the one time you can’t afford for anything to go wrong. Your laptop starts to malfunction right as you need to finish a project this happened to yours truly...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Decade Long Partnership = Global Partner Innovation Award

Here at Trend Micro we highly value the relationships we’ve build with our partners, especially those that have spanned several years. However, it’s particularly gratifying when those partners choose to recognize our work with an award. So, excuse us while we toot our own horn’s for a bit...

The Jetson’s Cyber Concerns – Future Smart Cities Cybersecurity Checklist

As cities continue to grow smarter, they will also become easier to hack. With millions if not billions of dollars going into research for urban domains and the Internet of Things IoT, there will be more opportunities to utilize technology to define, access and improve smart city services and...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 22, 2017

For those of you who follow the National Football League NFL, do you remember Super Bowl 47? I wasn’t exactly thrilled about the teams that played since I’m not a 49ers or Ravens fan. What was interesting about the game is that it was halted for over half an hour in the third quarter because of a...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day

For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening...

The Latest on WannaCry, UIWIX, EternalRocks and ShadowBrokers

Ransomware has gained global attention over the course of the last two weeks due to the huge spread of WannaCry. Following the initial attacks, we’ve seen UIWIX, Adylkuzz and now EternalRocks come onto the scene leveraging the same core set of vulnerabilities. The common thread between the three...

Challenges with Critical Infrastructure: IoT, Smart Cities Under Attack

Internet of Things technology is now more widespread than many people realize. Systems that fall under the IoT umbrella are popping up in an array of settings, even outside consumer circles. Today, every group from enterprise businesses to city governments is utilizing intelligent, internet- and...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017

“Are you crying? ARE YOU CRYING? There’s no crying! THERE’S NO CRYING IN BASEBALL!” Those famous words from Jimmy Dugan portrayed by Tom Hanks in the 1992 movie A League of their Own, ring true in the world of baseball. Unfortunately, in the cyber security world, there has been some crying this...

Protecting Your Small Business From WannaCry

May 12, 2017 saw the world’s first ever worm-based ransomware attack, WannaCry. Typically ransomware spreads via email as spam and phishing attacks, and relies on human intervention to initiate the infection. However, WannaCry is different in that it combines ransomware with a recently published...

Ransomware: What Are the Bad Guys After and How Do I Stop Them?

If the past few days of WannaCry ransomware activity have taught us anything it’s that cybercriminals pose a clear and present danger to organizations and their customers all over the world. But have you ever wondered exactly what the bad guys are after when they launch their online attacks at yo...

Why “Just Patch It!” Isn’t as Easy as You Think

At the Zero Day Initiative ZDI, we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks...

WannaCry and the Executive Order

Last week, The White House released its long awaited Executive Order EO, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, ironically enough during the same week we experienced the largest single ransomware attack that, by some estimates, has affected more than...

WannaCry & The Reality Of Patching

Editors note: For the latest WannaCry information as it relates to Trend Micro products, please read this support article. The WannaCry ransomware variant of 12-May-2017 has been engineered to take advantage of the most common security challenges facing large organizations today. Starting with on...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017

Although I’m still dreaming of the sandy beaches of Cancun, it’s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine DV package delivered earlier this week, we also issued an out-of-band DV package to...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Is Your Security Team Setup To Fail?

The ingredients for strong cybersecurity aren’t a secret. In fact, they haven’t changed significantly over the past 20 years—the ingredients are available to almost every organization out there. On the surface, doing security isn’t that hard: | Patch quickly and frequently. Use reasonable securit...

Teaming Up with HITRUST to Raise Cybersecurity Standards in Healthcare

From cash-hungry hackers to state-sponsored spies and careless insiders, there’s no shortage of cyber threats facing healthcare organizations HCOs today. At Trend Micro, we’ve been protecting organizations operating in the industry for years, but the challenges facing these customers show no sign...

Accelerating AI Research to Improve Threat Protection

Once the realm of science fiction, artificial intelligence AI is now very much science fact. The potential of this ground-breaking technology – and related disciplines including deep learning and machine learning – is so great that even governments in the UK and US have released reports on its...

Transforming the Cyber Health of Small HCOs Across the US

When we talk about healthcare breaches, there are some big-name incidents. Yet in reality there’s a huge number of smaller providers who are in the hackers’ sights and maybe don’t have the resources or expertise to adequately defend themselves. With ransomware threatening to shut down systems and...

Randstad Group Selects Trend Micro to Protect its Public Cloud Infrastructure

The Randstad Group is currently in the process of consolidating and centralizing its IT infrastructure across 30 IT departments, and will be providing service to more than 40 operating countries across four continents. To ensure the new infrastructure will have optimal security the company select...

Pawn Storm – A Look Into this Cyberespionage Actor Group

In April 2017 my monthly threat webinar focused on a cyberespionage group our Forward-Looking Threat Researcher, Feike Hacquebord, has been following for many years and recently published a report into the most recent two years of activities. In this post I want to focus on their tools and tactic...

The Unified Cloud

Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 1, 2017

As you read this blog, I am probably sitting on a beach in Cancun, Mexico getting a nice tan and not thinking about security well, maybe just a little. A couple of days before I left, I had to deal with the inevitable. It never fails – every time I am about to go on vacation, the urgency of thing...

Leading by Example at the HITRUST Annual Healthcare Cybersecurity Conference

If we’ve learned anything from the past year in cybersecurity, it’s that cybercriminals do not discriminate when it comes to their victims. Hospital systems have been forced to shut down for crucial periods, denying patients vital treatment as healthcare organizations struggle to contain the...

Trend Micro Smart Protection Complete Receives 5-Star Review from SC Magazine

The best days are the ones you wake up to good news you weren’t expecting, right? Well, earlier this month we woke up to find out the Trend Micro Smart Protection Complete had received a five-star rating and “Best Buy” recommendation from one of the security industries leading publications at SC...

OAuth Phishing On The Rise

Recently there was a significant volume of new phishing emails aimed at capturing access to Google accounts…specifically your email and contacts. You can read more about it at The Verge, Quartz, and Ars Technica. This phish is a great—evil !?!—example of a sophisticated attempt to gain access to ...

Industrial Robots are Hackable: How Do We Fix Them?

Discuss cyber attacks involving robots and many people might think you’re talking about the latest Hollywood blockbuster to hit the screens. The reality, however, is that industrial robotic systems now form a vital cog in the manufacturing process of everything from silicon chips to cars and even...

How organizations can protect against new CERBER variations

TrendMicro Ransomware hit hard in 2016, with big attacks, large payouts and many new strains developed to thwart security measures. At the end of last year, Locky and CERBER ransomware families seemed to be neck and neck for market dominance. But that changed as CERBER evolved to offer new...

The continuing threat of POS malware

Point-of-sale systems have seen numerous changes in recent years. From the shift to chip-card readers and the inclusion of new technology for contactless mobile payments, POS systems aren't just for swiping cards anymore. At the same time, two important factors haven't changed - the criticality o...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 24, 2017

There was a time when a person’s motivation to hack something was for financial reasons or for street cred. But now we’re seeing organizations that have other motivations. Pawn Storm is a cyber-espionage organization whose motives include foreign and domestic espionage, and influence on...

Trend Micro and INTERPOL: Teaming Up Again to Fight Global Cybercrime

At Trend Micro we have a long history of partnering with law enforcement whenever called upon. We believe that the skills and resources of the private sector can offer allow law enforcement to surge and scale on any particular threat. Combatting the threat posed by transnational cyber criminal...

Machine learning and the fight against ransomware

Ransomware is now everywhere. The number of emails containing ransomware rose 6,000 percent since 2015, and in 2016, 40 percent of all spam emails had one of these malicious programs hidden within, according to IBM. Other reports highlight the sophistication of ransomware nowadays and it's...

A Storm’s a Coming: How businesses can defend against threat actor groups like Pawn Storm

Pawn Storm aka Sednit5, Fancy Bear, APT28, Sofacy and STRONTIUM8 might sound like Instagram accounts, top-secret spy programs or recently passed legislation, but in reality they are all different names for the same successful cyber espionage group or threat actor group. These actors often use...

Pawn Storm: The Power of Social Engineering

In our latest report on Pawn Storm a.k.a. APT28, Fancy Bear, Strontium, etc., researchers expose the scope and scale of the cyber espionage group’s attacks but more importantly their cyber tradecraft. Our researchers have observed activity going back seven years targeting government, military,...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017

I’ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

4 ways mobile devices still threaten your business

Mobile devices have been commonly used in corporate environments for decades - bulky portable telephones, heavy laptops and PDAs. Then along came Apple and the smartphone, and soon everyone either had personal smartphone or expected their employers to provide one. Since then, enterprise mobility...