Tag Archives: Trend Micro

The Trend Micro Red Code 2017 Key Takeaway Points

At the side of Trend Micro Red Code 2017, Trend Micro and Cyber Security Malaysia gave us a briefing on the key takeaway points from the cybersecurity conference.

The Trend Micro team comprised of Goh Chee Hoh (Trend Micro Malaysia Managing Director). Ryan Flores (Senior Manager, Future Threat Research, Trend Micro AP) and Law Chee Wan (Technical Sales, Trend Micro Malaysia). Cyber Security Malaysia was represented by Dr. Aswami Ariffin (Senior VP, CyberDEF@CSRS).

 

The Trend Micro Red Code 2017 Key Takeaway Points

Cybersecurity Best Practices

  • Keep legacy systems and current secure: There are organizations still using Windows XP, Vista, or 7, for all of which Microsoft has ended support. This means there will no longer be security patches or updates anymore, leaving these systems vulnerable to cyberattacks. The recommendation is to quickly move to a new system or keep the current ones secure with third-party security software.
  • Protect data storage systems: Wherever data is – on-premise, cloud, or in virtualized or hybrid environments – it has to be protected.
  • Detect/prevent breaches: Targeted attacks can breach your organization without ever alerting traditional early warning and defense systems. Fail to spot an incursion, and you could be hit with industry fines, reputation damage and legal costs.
  • Protect information on endpoints: Your organization could have information residing on mobile devices, laptops, and multiple virtual and physical endpoints. The more endpoints, the greater the risk surface.
  • Data encryption: Encrypted data are “useless” to a hacker without the decryption key. It is imperative to encrypt sensitive data for both those in transit and those at rest.
  • Backup of data: It is extremely important to have backups of consumer data. In an event where a breach happens and all information is stolen or encrypted by the hacker, at the very least an organization would still have the backups to carry on daily service, while trying to resolve the issue.
  • Frequent assessments: Regular “checkups” on the capabilities of the system as well as the knowledge and education of employees is important. Trend Micro offers server assessments and also recommends that the people within the organization also be assessed via methods such as sending out test “phishing” emails.

 

Cybersecurity Awareness

  • Cybersecurity awareness programs help get employees up to speed with the latest attacks, safe internet practices, security policies, and how to spot a security threat.
  • Within an organization, there must be security policies governing the use of data and access to certain systems and programs.

 

Multi-Layered Security

To mitigate the risk of infection as effectively as possible, organizations to take a layered approach to security – from the gateway to the network, server and endpoint.

  1. Email and Web Gateway Protection
    This will give a good chance of preventing most ransomware from reaching your users – whether that’s via a phishing email or a malicious website.[adrotate group=”2″]
  1. Endpoint Security
    For a small percentage of ransomware threats that might make it through the web/email gateway protection, endpoint security will monitor for suspicious behavior, enforces application whitelists and features vulnerability shielding to protect against unpatched vulnerabilities that ransomware often takes advantage of.
  1. Network Defense
    This layer guards against ransomware that spreads into the organization via network protocols.
  1. Server Protection
    This is where most of the organization’s critical enterprise data will reside. It is essential to ensure any unpatched vulnerabilities are protected from ransomware via virtual patching, through a security solution which can monitor for lateral movement and file integrity.

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The ROG Rapture GT-AC5300 Gaming Router Revealed!

We were recently invited to the launch of the ROG Rapture GT-AC5300 (Lowest Price) gaming router. This is the improved, gaming-optimised version of the ASUS RT-AC5300 (Lowest Price), which is affectionately known as the “alien spider” router. They both look identical, but the ROG Rapture GT-AC5300 gaming router boasts a number of improvements. Let’s take a look!

 

The ROG Rapture GT-AC5300 Gaming Router Revealed!

The ROG Rapture GT-AC5300 (Lowest Price) is a tri-band gaming router that is based on the famous ASUS RT-AC5300 (Lowest Price) “alien spider” router. Let’s hear from ASUS what are the improvements in this Republic of Gamers (ROG) router!

We also had the opportunity to take a quick look at the ROG Rapture GT-AC5300 (Lowest Price), and compare it to the ASUS RT-AC5300 (Lowest Price) which looks almost identical. The key differentiating features externally – the ROG and ASUS logos, and the number of LAN ports – the ROG router has 8 LAN ports, while the ASUS router only has 4 LAN ports.

Here are the ROG Rapture GT-AC5300 (Lowest Price) gaming router’s key features :

Optimised Gaming Ports

The ROG Rapture GT-AC5300 (Lowest Price) provides two gaming LAN ports that are optimized for gaming devices. All traffic on these ports is given top priority, so your gaming devices — or any other devices you want to connect to these ports — are always at the head of the internet queue!

Game Boost

ASUS Game Boost analyzes network traffic and prioritizes gaming packets, giving games a second level of acceleration for the best possible performance. Game Boost can be activated instantly with a single click on the Gaming Center dashboard, and it supports many consoles, including PS3, PS4, PS4 Pro, PlayStation Vita, Wii U, Nintendo 3DS and Xbox One.

Gamers Private Network

The ROG Rapture GT-AC5300 (Lowest Price) has built-in support for the Gamers Private Network, powered by WTFast, which provides private, optimised internet connections to game servers, minimizing ping and latency to ensure smooth, lag-free gaming.

Fortified Network Security

To defend your network, the ROG Rapture GT-AC5300 (Lowest Price) features Game IPS (Intrusion Prevention System), powered by Trend Micro. It protects your gaming network from external attacks and threats, neutralizing them before they can reach your network or devices. Even if your PC’s security software isn’t turned on — to get around blocked games, for example — Game IPS still protects your network from attacks and intrusions, giving you added peace of mind.

VPN Fusion

The VPN Fusion feature lets you run a VPN and an ordinary internet connection simultaneously! So even if other network users need to use a VPN, you can still enjoy maximum gaming speeds.

[adrotate group=”2″]

Dedicated WiFi Gaming Band

With the ROG Rapture GT-AC5300 (Lowest Price), you can easily allocate one of the two 5 GHz bands to gaming devices, while other devices use the second 5 GHz band or the 2.4 GHz band.

RangeBoost

The RangeBoost feature is a powerful range-enhancing combination of hardware and software that increases coverage while also significantly improving long-range throughput!

Quad-Core Processor

The ROG Rapture GT-AC5300 (Lowest Price) is powered by a 1.8GHz 64-bit quad-core CPU that is more than powerful enough to handle anything you can throw at it, without skipping a beat.

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : How To Catch Hackers Through Subtle Mistakes

For all the benefits that it brings, new technology tends to open up a wealth of opportunities for malicious parties to compromise sensitive data. Even as businesses strive to protect themselves by employing advanced cyber security tools, hackers are keeping pace with developments of their own.

Many organizations focus on alerts of an attack, such as blaring notifications that something just isn’t right. However, a threat could easily be sleeping in their systems right now or attacks could be perpetrated right under their noses in the guise of normal transactions.

In fact, the quieter variety of cyber-attacks is particularly dangerous and underprepared for. Methods are becoming more sophisticated and harder to detect, but there are ways to catch hackers through their subtle mistakes.

How To Catch Hackers Through Subtle Mistakes

1. Look at the evidence

Hackers in movies and television shows have helped perpetuate the myth that cyber-attacks can only be detected when they are caught in the act. Data breach systems can detect when someone breaches and is inside your systems. This tool can help identify and mitigate attacks quickly, reducing potential risk and costs.

But sometimes hackers remain undetected, and that calls for some cyber forensics. While malicious parties can certainly cover their tracks, there is typically a breadcrumb trail left behind. In fact, Hexadite co-founder Barak Klinghofer told USA Today that cyber criminals always leave evidence behind. Organizations can analyze this information to identify how the attack was perpetrated and who did it.

InfoSec analysts take a deep look into attack vectors, the timing of the breach, what information was stolen and to whom the data might be useful. Evidence can create a substantial picture leading to the culprit and mitigating similar attacks in the future. No matter how subtle an attack may be when it happens, organizations still have an opportunity to rectify it afterward by utilizing advanced cyber forensic tools and plugging the gaps.

Cyber forensics can analyze evidence hackers leave behind.

2. Determine the number of actors

EyePyramid, an information-stealing malware, was active earlier this year, and attacks that utilized this malicious software resulted in the theft of 87GB of sensitive data. It also targeted more than 100 email domains and 18,000 email accounts in Italy, the U.S., Europe and Japan. Despite the extent of this attack, it was eventually attributed to a brother-sister team who were using the malware to profit from the stolen data. A Trend Micro report by Martin Roesler found that their identification was a result of operator error. Their habits, quirks and techniques were their ultimate downfall. Cyber security tools must be able to recognize trends within behavior, allowing breached organizations to track down an attack to the source.

“Hackers can make simple mistakes by revealing too much about themselves.”

3. Track social interactions

Hackers are no stranger to using forums and other means to sell their tools. However, even these individuals can make mistakes by simply posting too much online. In July 2014, when Limitless Logger was at its peak, cybercrinimals used it to disable security controls, record keystrokes and exfiltrate account passwords.

Trend Micro research started to dig into information about the original author by looking into them on Hackforums. From information within the posts, it was found that the culprit just completed the first semester in a university as well as contact details for Skype and PayPal accounts. Following the rabbit hole of these clues, public social network profiles were eventually found and Hackforum chat logs confirmed his true name. Hackers can make simple mistakes by revealing too much about themselves. A profile can be made from this data to narrow down the suspect pool and develop other leads to ultimately identify the culprit.

4. Watch for spelling errors

Hackers are human, and that means they make mistakes, especially when trying to phish for credentials. It’s common for employees to easily glance over spelling errors in URLs and messages automatically clicking links without second thought. But that’s not the way that spelling errors signal an attack.

[adrotate banner=”4″]

For example, in early 2016, Bangladesh Bank experienced this firsthand. Hackers breached the institution’s systems and stole payment transfer credentials. These authorizations were used to make nearly three dozen requests to move money from the bank to entities in the Philippines and Sri Lanka, Reuters reported. After the fifth request, a misspelling caught the eye of a routing bank, causing them to look into the transactions. While the error prevented a $1 billion heist, the hackers still managed to get away with $80 million for their efforts.

Organizations can be overwhelmed by the thought of cybercrime. However, there are a number of ways to spot a potential threat and stop it in its tracks. With capable cyber security tools, businesses can have peace of mind that their systems and data are secure.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : Next Gen Payment Technologies

18 March 2016 – Since the boom of e-commerce, credit cards have been the target of many cybercriminals who have designed many malware and phishing schemes to steal banking credentials. The numerous threats that have preyed on the traditional credit card payment system, coupled with new technology, has led to the development of different payment processing technologies that not only allow for more convenient transactions, but also ones that are more secured.

Trend Micro Incorporated released its annual security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. Mobile devices continued being hotbeds for cybercriminals looking to exploit security flaws.

Mobile payments may be convenient for people armed with smartphones that support it, especially right now with the arrival of Visa Checkout in Malaysia that allows you to pay easily on across all your devices but the problem with using popular technology is that threats are always sure to follow, the same way they did with cloud computing and the Android platform.

“What both MasterCard and Visa are trying to do here is consolidate the payment activity that they’re doing online so they have a chance to inject a bit of extra security,” says Eric Skinner, Vice President of Solutions Marketing, Trend Micro Inc. “It’s a great opportunity for them to do more fraud protection and reinforce a more controlled checkout process.”

The attack on mobile devices can range from:

  • Forcing a device’s system to go on endless reboot, draining its battery.
  • Rendering Android devices silent and unable to make calls due to unresponsive screens.
  • Exposing a device’s memory content.
  • Giving hackers the ability to replace legitimate apps with malicious versions in order to steal information from the user.

 

Next Gen Payment Technologies

  • EMV Credit Cards – Also called Chip-and-PIN cards, these cards feature a chip that stores a cryptogram that detects modified transactions. It also requires a PIN for extra authentication.
  • Contactless RFID Credit Cards – This payment technology uses passive Radio Frequency Identification that allows cardholders to wave the cards in front of RF terminals to complete transactions.
  • [adrotate group=”2″]Mobile Wallets – First launched in Japan in 2004, this technology works on NFC enabled smartphones, and has since been implemented by Google and Apple through their mobile platforms.
    • Apple Pay
    • Android Pay
  • New Payment Processing Architectures – three next gen payment architectures designed to improve secure mobile payments.
    • Encryption and tokenization
    • Cloud-based PoS systems
    •  Secure Element systems.

Since personal mobile devices are heavily used in the enterprise setting, it is important for corporate data to never reside in them. But this would be impractical given the need for employee mobility. Enterprises hoping to keep confidential data within their own servers can invest in virtual mobile infrastructure.

A solution like this allows employees to access company files and records without ever having to save the data on their physical gadget. In case an employee device ever gets rendered useless by mobile exploits or compromised by malware, the data remains separate and intact.

Enable your users to safely leverage mobile technology for their work. Mobile Security Solutions from Trend Micro will help you find the balance between empowering mobile employees to be more productive, and protecting their sensitive information. Accomplish both without incurring the expense and time of deploying multiple new applications.

Go Back To > Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro 2015 Security Roundup Details

9 March 2016 – Today, Trend Micro Incorporated released its 2015 security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. The research confirms attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis.

“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” said Raimund Genes, CTO, Trend Micro. “The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organizational security strategies must be prepared to defend against a potentially greater onslaught in 2016. This realization can help the security community better anticipate and respond to what attackers are trying to accomplish.”

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organizations being victimized. Ashley Madison, Hacking Team, the Office of Personal Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed. A majority of data breaches in the U.S. in 2015 (41 percent) were caused by device loss, followed by malware and hacking.
Additional report highlights include:

  • Pawn Storm and Zero-Days – In 2015 there were more than 100 zero-days discovered in addition to the long-running cyberespionage campaign Pawn Storm utilized several zero-day exploits to target high-profile organizations, including a U.S. defense organization, the armed forces of a NATO country and several foreign affairs ministries.
  • Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
  • Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
  • Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57.3 percent of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
  • Data Held Hostage – Crypto-ransomware rose to 83 percent of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
  • Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the U.S. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.
[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Trend Micro Scores Best In 2016 Gartner Report

Kuala Lumpur, 16 February 2016 – Trend Micro Incorporated today announced placement in the “Leaders” segment of the 2016 Gartner Report’s Magic Quadrant for Endpoint Protection Platforms based on ‘completeness of vision’ and ‘ability to execute’ for its EPP offering, protecting user endpoints and servers.

 

Trend Micro Scores Best In 2016 Gartner Report

The company has been named by Gartner as a leader in enterprise security solutions since 2002 . This year, Trend Micro placed farthest to the right in the leader’s quadrant for completeness of vision.

“As threats continue to evolve in sophistication and aggressiveness, we have made it a priority to invest in comprehensive next generation endpoint protection to help global enterprises keep pace,” said Kevin Simzer, executive vice president, sales, marketing & business development, Trend Micro. “Regardless of hybrid, cloud or on-premise deployment, Trend Micro’s proven endpoint offerings align with the business needs of our customers. We believe Gartner’s Magic Quadrant placement of us reinforces that not only are our current efforts on point, but our vision for the future will continue helping to address complex challenges.”

[adrotate group=”2″]

Trend Micro’s endpoint security solutions provide enterprises with comprehensive threat protection and data security across every device and application to defend endpoints in cloud, hybrid and physical environments, helping to protect business reputation and ensure compliance. With multi-layered security and real-time threat intelligence delivered through a lean interface, the solutions are uniquely positioned to confront evolving threats faced by global enterprises.

To further enhance and simplify deployment and ongoing management, the solutions also offer central control and visibility to enable a connected defense across networks, servers and endpoints on varying operating systems, devices and applications.

Go Back To > Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : What CIOs Must NOT Do In 2016

Kuala Lumpur, 4 February 2016 – Last year was a big year for cyber security – and not necessarily in a good way. A few high-profile data breaches made the news, according to Network World, including several that involved health insurance companies (e.g., Anthem and Premera) and one huge breach on an important federal government office (the Office of Personnel Management).

The latter especially was cause for concern, as the confidential information of almost 22 million current and former federal employees was stolen, along with the biometric data of 5 million people.

Data breaches isn’t something that CIOs can ignore or think will never happen to them. According to IBM and the Ponemon Institute, the average consolidated cost of a data breach is now nearly $3.8 million – representing an increase of 23 percent over 2013. As CIOs make their to-do lists for the coming year, they should also consider the list of what they shouldn’t do when it comes to their cyber security strategies.

 

Trend Micro : What CIOs Must NOT Do In 2016

Here are the top five things executives shouldn’t do when they are looking at their security for the coming year:

1. Don’t confuse cyber insurance with security

It’s a good thing to have a financial backup plan when it comes to a business’s most important assets. According to the National Association of Insurance Commissioners, the market for cyber insurance is just starting to take off as more companies realize its usefulness. However, being insured only helps after the fact – and cyber liability policies can’t actually protect mission-critical data. Thus, it’s important to make sure that cyber insurance makes up only one part of the complete security strategy of an organization.

2. Don’t forget to educate employees about cyber security best practices

Employees are often the weakest link in the cyber security chain. As such, it’s crucial for businesses to make sure to tell workers how best to utilize email and the Internet in a way that isn’t going to compromise office networks. For instance, setting up training sessions wherein employees discuss when it’s okay to click on links in emails and what websites they can and can’t visit. This will help curb the amount of phishing scams and malware infiltrating company networks, which saves money and time in the long term.

3. Don’t get complacent

Just because a data breach hasn’t yet occurred for a certain organization doesn’t mean it won’t eventually happen. There are certain industries that are practically guaranteed at least one data breach. For instance, the Ponemon Institute found in 2015 that 91 percent organizations within the health care sector had experienced at least one data breach during a five-year period.

According to Trend Micro, one of the major problems with the proliferation of data breaches in today’s security landscape is that these events are incredibly common. Enterprises and individuals alike are subjected to near-daily news about the latest security incidents, and that has led to people becoming desensitized about having protected information stolen. It’s important, however, that CIOs don’t take their security for granted and make sure they aren’t growing desensitized to the very real threat of cyber attacks.

4. Don’t neglect the company’s disaster response plan

According to CSO contributor Brian Contos, having a disaster response strategy is crucial, yet some businesses don’t have one or don’t believe the ones they have are effective. This can create serious problems down the line, especially considering when businesses go offline for any amount of time, it costs a serious amount of money that could cripple entire companies.

“[H]ow organizations that were victimized handled the breaches [of 2015] is a direct reflection of the plans they had in place,” Contos wrote. “Breach response is more than just a reaction to an infiltration; it needs to be a legitimate course of action that an organization had developed and tested in times of crisis.”

In 2016, CIOs should make sure their companies have effective disaster response plans. This includes creating a strategy and testing it out before a network breach occurs. By making sure both employees and IT equipment are prepared for the inevitability of an intrusion, companies can minimize the impact it has on day-to-day activity.

5. Don’t settle for less than the best cyber security solutions

[adrotate group=”2″]

It doesn’t pay to invest in something that isn’t going to do the job, especially when so much important data is on the line. The realization that a security solution is ineffective has a steep price, especially when it comes after a cyber attack has already been perpetrated against an organization’s systems. Companies can’t afford to install the wrong security software the first time, or any time after that.

Solutions from Trend Micro, like Trend Micro Deep Security, should be at the top of any CIO’s wish list for 2016. By investing in the right cyber security products now, companies won’t have to backpedal in the future, and their security strategies can experience a clear boost.

CIOs should keep these tips in mind for their cyber security strategies in 2016.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : Worst Cyber Threats Facing SMBs

Hackers have plenty of impetus for targeting large enterprises, especially government agencies, financial institutions and health care organizations. Even large entertainment firms such as Sony Pictures, retailers like Target and telecommunications companies including TalkTalk have been exploited by cyber criminals.

That said, the highest valued companies are not the easiest targets, especially since there are relatively few of them compared to the amount of small and medium-sized businesses. Hackers on the prowl will follow any and all leads to a quick payday. Often, this means firing into the crowd, so to speak.

Cyber criminals will have better success going after a larger number of targets than trying to orchestrate advanced targeted attacks against one bigwig organization. Even as cyber criminals continue to become more ambitious, in all likelihood, cyber attackers will continue to go after smaller businesses in 2016. For this reason, it’s worth reviewing some of the biggest cyber threats currently facing SMBs.

 

DDoS attacks

Distributed denial of service attacks represent a huge cyber threat to any business, but especially to SMBs that can only afford limited bandwidth. As hinted at in the name, the purpose of a DDoS attack is to shut down a server, thereby blocking user access to specific Web services or applications. This is accomplished by flooding network intrastate with meaningless traffic. Hence the name, the heavy distribution of requests results in a network crash.

There are countless motives for orchestrating a DDoS attack. For example, it may be executed in an attempt to shut down specific security services, so as to orchestrate a more serious, supplementary attack. However, more often than not, the goal is extortion. Hackers will flood a network, and will send ransom notes to the company stating that they won’t ease up until a certain amount of money has been paid to them. This is precisely what happened to ProtonMail in late 2015. Cyber attackers shut down the company’s central data center, and then requested a ransom of 15 Bitcoins, the rough equivalent of $6,000. In response to pressure from third parties, ProtonMail paid the ransom. However, the cyber criminals did not ease up.

The first main takeaway here is that DDoS attacks remain a significant threat to all organizations, but especially companies that offer Web-based services, and in particular, SMBs that might not have significant bandwidth. The second lesson from the incident is that any SMB that falls prey to an attack should not pay a ransom. Recovery will be time consuming, and will most likely impact revenue. However, paying cyber criminals a ransom only for them to continue the attack will result in even more lost money. When it comes to prevention, network vigilance is key. Any early signs of an impending DDoS attack may make it possible to mitigate the effects. Laying out a smart network infrastructure that can evenly distribute barrage of traffic may also alleviate some of the strain.

 

Striking the point of sale

Point-of-sale malware is not a new cyber threat, but it’s one that has become especially prominent in the past few years. According to Trend Micro, SMBs were hit particularly hard in 2015, having accounted for 45 percent of all scenarios involving POS malware. Everything from restaurants to boutiques to small service providers are heavily targeted, mainly because cyber security is not quite as strong for these companies. Not to mention, smart, sneaky new strains of POS malware are always being created.

For example, Trend Micro researchers recently discovered a form of malware that seeks out POS systems in a network. Dubbed “Black Atlas,” the malware does not appear to target specific companies in any particular industry. However, SMBs are the most likely to be affected.

Other POS threats come in the form of skimmers. These are basically rigged payment processing units that are designed to collect card information, which is then sold on the Dark Web. Part of the reason this is such a big problem for SMBs is because smaller businesses are more likely to purchase less-expensive, poorly vetted card payment systems. Some of these are actually pre-configured with skimmers. In fact, Trend Micro noted that in China, cyber criminals can actually receive text messages every time a skimmer successfully plunders payment information.

In order to avoid being snagged by a POS malware scam, SMBs are encouraged to always purchase verified, well-known payment processing systems. This will significantly reduce the threat of skimmers. Defending against POS malware is slightly more complicated as strains continue to become more elaborate, and generally more difficult to detect. There have been several cases in the past few months of hotel chains having customer payment information stolen as a direct result of POS malware.

The good news, however, is that the use of EMV chip technology significantly reduces the chances of payment information being pilfered. Rather than using the same code for every transaction – as magnetic stripes do – these chips generate a single-use script for each purchase, so that even if hackers to manage to collect this information, it is essentially useless.

Therefore, SMBs are encouraged to make the shift to EMV card processing systems as soon as possible, especially considering that as of October 2015, liability for stolen payment data shifted to merchants. Any business that does not have EMV card reading technology, and is hacked, can therefore be held accountable for the ensuing damages. Many small businesses can hardly afford to become the victim of a POS malware ploy, let along cover subsequent legal damages.

 

Phishing scams

Phishing scams will always be a problem for companies of all sizes. As long as corporations continue to fall for these ploys, hackers will work tirelessly to bring down their targets, which include SMBs. Much like DDoS attacks, modern phishing scams often take the extortion angle. One of the most prominent, recent examples is the notorious CryptoLocker strain. There are various forms of encryption malware, and many of them start off as phishing scams.

[adrotate group=”2″]

Basically, an employee might receive an email with a request to download a certain PDF or XML. In theory, an aware user should be cognizant of the danger involved with downloading a shady file, but on a particularly busy day, a phishing email may trick even the most wary of workers. Upon opening the cleverly disguised executable, files on the network are locked down. What typically follows is a payment request in order to decrypt the files.

Other phishing ploys might target social media portals, so as to take control of an account. For an SMB that relies on its Web presence to drive traffic to brick-and-mortar locations – for example, a restaurant, bar or mechanic shop – a hacked company Facebook page isn’t exactly choice marketing. Regardless of the targeted medium, a phishing scam can cause serious productivity setbacks for SMBs.

When it comes to securing against phishing scams and cyber threats in general, employee vigilance is hugely important. Granted, even this won’t always be enough to prevent a business from becoming the victim of a cyber attack. For the real tricky threats, SMBs will have to rely on threat protection.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro Leads Server Security Market For 6th Year

DALLAS, 21 January 2016 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software solutions, today announced it has once again affirmed its leadership in the global server security market, according to industry analyst firm IDC.

In a market sized at over $800M in 2014, Trend Micro has grown its revenue share for server security to 30.3%, outpacing both the market and competitors. For the sixth year in a row, the company has occupied the top spot for server security globally.

“IDC predicts the server security market to continue growing in importance, with virtualization, cloud and hybrid deployments driving the need for a modern approach to security,” says Bill McGee, senior vice president cloud and data center, Trend Micro. “Our leadership position in this market is a reflection of our focus on addressing hybrid cloud needs for our customers, delivering a comprehensive set of controls that can be centrally managed and automated for reduced operational impact across leading environments like VMware, Amazon Web Services and Microsoft Azure.”

Trend Micro’s market-leading Deep Security platform protects virtual desktops and servers, cloud, and hybrid architectures against zero-day malware and other threats while minimizing operational impact from resource inefficiencies and emergency patching.

[adrotate group=”2″]

“When choosing a security solution, today’s enterprises are looking for comprehensive security capabilities that address all of their critical issues,” says Chris Christiansen, program vice president, security products and services, IDC. “Working with a trusted leader in server security is always a good choice – and Trend Micro has led the server security market for six years in a row.”

Trend Micro offers the Deep Security platform as both software and as a service, enabling customers to align their purchasing with their data center and cloud strategy. Representative of Trend Micro’s commitment to the cloud market, Trend Micro Deep Security is also available on the AWS and Azure marketplaces, providing customers with additional purchasing flexibility.

“Almost all information security shops are outgunned every single day. We need a partner like Trend Micro to give us the firepower to fight back,” says Todd Forgie, vice president of IT and managed services, MEDHOST. “Trend Micro picks up outbreaks that other solutions miss. That’s why we decided to go pure-play with Trend Micro and we have not looked back.”

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!