Trend Cloud Security Blog – Cloud Computing Experts
Currently Browsing: Cyber crime
Spear Phishing and Advanced Targeted Attacks
Posted by Erica Benton in Cyber crime, Security Nov 28th, 2012 | 2 Comments As the saying goes, everything old is new again. Spear phishing may be a timeworn technique, but it continues to be effective even in today’s Web 2.0 landscape. In modern hacking, the practice is finding resurgence as an infiltration method for advanced targeted attacks. Recent research shows that spear phishing is now the #1 method of introducing APTs to corporate and government environments. A whopping 91% of advanced targeted attacks reviewed arrive via spear phished emails. In Spear Phishing Email: Most Favored APT Attack Bait, this new report digs into the use of spear phishing to introduce... The Knight Fork: Defining Cyber Defense in 2013
Posted by Erica Benton in Cloud, Cyber crime Nov 5th, 2012 | No Comments “A knight’s fork: an attack by one chess piece (as a knight) on two pieces simultaneously.” - Merriam-Webster Dictionary When was the last time you played chess? If you are responsible for Cybersecurity you are unwittingly playing it every day. Tom Kellerman uses this ancient sport to look at the strategies and tactics of modern hackers in his latest paper ”The Knight Fork: Defining Defense in 2013.” In it, he reviews the innovation and evolution of Advanced Persistent Threats, and recommends tactics for developing a custom defense against targeted attacks — a “cyber... Changing Seasons in Security bring APTs to Forefront
Posted by Tom Kellermann in Cloud-based Security, Cyber crime Oct 8th, 2012 | No Comments Birds are beginning to leave their nests and fly south as winter slowly encroaches. The migration of our feathered friends ushers in the new season. As the seasons change so to have the targeted attacks in 2012. The surge of targeted attacks against remote users is exacerbating the Cybersecurity landscape. Remote access compromises are again the primary attack vector employed this year. The modus operandi of targeting remote user devices to bypass the network security controls has become commonplace. These elite hacker crews applaud our widespread adoption of mobile devices as they fully recognize... Operation Ghostclick: Cracking down on Cyber Criminals
Posted by Jon Clay in Cyber crime Oct 8th, 2012 | No Comments Rove Digital was a company formed by a criminal organization in Estonia with two business models: one to portray itself as a legitimate business on the surface, but the second and main purpose was to profit from cyber-criminal activities, which they were extremely successful at and did for many years. At GovSec West this week, I will be presenting a detailed view into the timeline and activities which Rove Digital used over a period of 8 years before law enforcement was able to shut them down. Operation Ghostclick was formed by the FBI, Estonia Police, the Office of Inspector General and a number... TweetChat: Advanced Persistent Threats
Posted by Erica Benton in Cloud-based Security, Cyber crime Oct 2nd, 2012 | 1 Comment Ready to join the conversation? We’re hosting a LIVE TweetChat on October 9, 2012, at 9am PDT, to discuss Advanced Persistent Threats, the development of these sophisticated attacks, and how companies can approach preventing, recognizing and resolving modern hacks. Participants: Rik Ferguson, Trend Micro Director, Security Research (@rik_ferguson) Richard Stiennon, security industry analyst and author (@cyberwar) Erica Benton (blog editor, moderating as @TrendMicro) and YOU! How you can participate – and WIN! Please use the hashtag #TrendChat on Twitter to send your questions to... How to Thwart the Digital Insider: an Advanced Persistent Response to targeted attacks
Posted by Tom Kellermann in Cyber crime, Deep Security, Security Aug 13th, 2012 | No Comments One of the oft-repeated themes in media reporting of cyber security events is that the “threat landscape is constantly evolving,” that attacks are becoming increasingly sophisticated and targeted and the men and women behind them are better resourced than ever before. Trend Micro research has found that over 90 percent of enterprise networks contain active, malicious malware with one new threat created every second. It’s certainly true, but begs for a deeper and more nuanced analysis. How are these attacks getting more sophisticated? How can a digital insider lay hidden, undetected within... Do You Encrypt Your Data? A Plea to Businesses from an Identity Theft Victim
Posted by Christine Drake in Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats Feb 2nd, 2012 | 1 Comment Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs. How did they get my personal information? Working in the security industry, I’m pretty careful. I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the... What Are the True Dangers of the Cloud?
Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation. There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical... The State of Cloud and Virtualization Security
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization Jun 5th, 2011 | 1 Comment For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results. We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big... Ambient Cloud News: Skype protocol has been reverse engineered
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud Jun 2nd, 2011 | Comments Off This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud. This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol? In an open source world, slapping a lawsuit on... 
Subscribe
