Setting The Stage - Trend Micro
Setting the Stage:Landscape Shifts Dictate FutureThreat Response StrategiesTrendLabsSM 2015 Annual Security Roundup
ContentsTREND MICRO LEGAL DISCLAIMERThe information provided herein is for generalinformation and educational purposes only. It is notintended and should not be construed to constitutelegal advice. The information contained herein maynot be applicable to all situations and may notreflect the most current situation. Nothing containedherein should be relied on or acted upon withoutthe benefit of legal advice based on the particularfacts and circumstances presented and nothingherein should be construed otherwise. Trend Microreserves the right to modify the contents of thisdocument at any time without prior notice.Translations of any material into other languagesare intended solely as a convenience. Translationaccuracy is not guaranteed nor implied. If anyquestions arise related to the accuracy of atranslation, please refer to the original languageofficial version of the document. Any discrepanciesor differences created in the translation are notbinding and have no legal effect for compliance orenforcement purposes.Although Trend Micro uses reasonable effortsto include accurate and up-to-date informationherein, Trend Micro makes no warranties orrepresentations of any kind as to its accuracy,currency, or completeness. You agree that accessto and use of and reliance on this document andthe content thereof is at your own risk. TrendMicro disclaims all warranties of any kind, expressor implied. Neither Trend Micro nor any partyinvolved in creating, producing, or delivering thisdocument shall be liable for any consequence,loss, or damage, including direct, indirect, special,consequential, loss of business profits, or specialdamages, whatsoever arising out of access to, useof, or inability to use, or in connection with the useof this document, or any errors or omissions in thecontent thereof. Use of this information constitutesacceptance for use in an “as is” condition.4Dissecting Breaches7Pawn Storm Zero-Daysand Other Vulnerabilities10Deep Web andUnderground Explorations13Smart Technology Nightmares15Angler, the King of Exploit Kits18Data Held Hostage21Takedowns versus DRIDEX23Threat Landscape in Review
A broader and deeper threat landscape greeted 2016—a playing fieldshaped by the introduction of new technologies and attack modelsfrom the year before. 2015 laid the groundwork for what we can nowconsider the new status quo in cybersecurity.Familiar challenges got more complicated given recent changesin attackers’ modus operandi. Data breaches, for example, did notjust end with compromised confidential data being leaked to thepublic. Instead, we saw how exposed data was further utilized inmore damaging schemes. Attacks using zero-days still prevailed,with advancements in exploit kits allowing attackers to use them inongoing cyberespionage campaigns like Pawn Storm.In global cybercrime, different underground markets continued togrow not only in breadth but in depth. Crimeware offerings, portals,and cybercriminal training evolved to match the demands of theirrespective countries. Fledgling marketplaces emerged alongside theirmore mature counterparts—established underground regions thatfound ways to take advantage of darknets and the Deep Web.Developments in 2015 had also created a much broader attacksurface. This is partly due to the proliferation of the Internet of Things(IoT). Smart devices have been security concerns for organizationssince their conception, and with the number of successful hacksreported over the past months, it is only a matter of time beforecybercriminals and attackers find ways to use these weak points forlarge-scale operations.The stage is set. With these paradigms now in place, traditionalmethods of protecting data and assets may need to be reconsidered,especially when creating critical security strategies that will governorganizations in the years to come.
TrendLabs 2015 Annual Security RoundupDissecting BreachesSeveral high-profile organizations came under fire in 2015 when breaches led to the exposure of critical dataand put their clients and employees at risk. Although incidents of this magnitude have become common,as of last year, we noted the more active use of compromised data for online extortion and cyber attacks.For instance, people whose names were linked to the Ashley Madison data dump received blackmail letters1coercing them to pay bribes in exchange for their anonymity. These cases happened only a few days after30 million of the site’s member records were released.2,3The Italian surveillance company, Hacking Team was also a victim of a massive breach. Around 400gigabytes of company emails and documents were taken and dumped online.4 Included in these dumpswere a number of zero-day vulnerabilities and exploits we discovered. This allowed attackers to use the datain attacks against entities in Korea and Japan, while also compromising a number of websites in Taiwan andHong Kong.52015 offered no respite from data breaches in the healthcare industry. Protected health information (PHI) of80 million Anthem consumers, including names, addresses, birth dates, income data, and Social Securitynumbers were compromised. A month after, health insurer Premera Blue Cross6 also suffered from a majordata breach—exposing up to 11 million customers’ banking account numbers and other sensitive data suchas patient treatment information.Breaches have also found their way to the federal level. An estimate of around 21.5 million records7 gotstolen from the U.S. Office of Personal Management’s (OPM) in two separate but related incidents. Thedata included the employment history, residence, medical and financial history, and even the fingerprints ofsome 5.6 million federal employees.8These high-profile incidents are consistent with our data breach analysis. In our research paper “Follow theData: Dissecting Data Breaches and Debunking the Myths,”9 healthcare and government sectors are someof the most affected industries in terms of breaches. Other sectors include education, retail, and finance.4 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupAnthemPremera Blue CrossJANFebruary 1080M records (personal information)March 2011M records (personal informationand financial data)FEBUCLA Health SystemMay 54.5M records (personal informationand medical records)MARIRS Washington DCAPRCareFirst BlueCross BlueShieldMay 201.1M records (personal information)Japan Pension ServiceMay 26100K records (financial data)MAYJune 11M records (personal information)OPMJune 421.5M records (personal information)JUNHacking TeamJuly 7Undetermined number (trade secrets)Ashley MadisonJULJuly 2137M records (personal information)Excellsus BlueCross BlueShieldAUGSystema SoftwareSeptember 211.5M records (medical records)September 1010M records (personal informationand financial data)SEPScottradeExperianOCTOctober 115M records (personal information)October 14.6M records (personal information)NOVVtechSecretary of State BrianNovember 306.4M records (email addresses)November 186M records (personal 5’s biggest data breaches5 Setting the Stage: Landscape Shifts Dictate Future Threat Response StrategiesBusiness ServiceKemps
TrendLabs 2015 Annual Security hnology2.6%Insurance1.6%Media1.4%Others6.8%The healthcare industry is the most affected sector in data breaches.Around 41% of data breaches in the US have been caused by device loss. Remote device wipe, diskencryption, the use of virtual infrastructure, and enforcement of stricter policies can help mitigate suchcases. But for those that involve malware and hacking, breach detection and network security solutions arerequired.System administrators and managers need solutions that allow them to monitor network traffic acrossall ports to spot any anomalies and prevent attackers before they can advance. Custom sandboxing, onthe other hand, would give them the capabilities needed to single out malware, identify C&C activity, andpinpoint other tell-tale signs of impending or ongoing attacks.6 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupPawn Storm Zero-Daysand Other VulnerabilitiesIn our continuous monitoring of Pawn Storm,10 a long-running cyberespionage campaign, we discoveredit using zero-day exploits to target high-profile entities. In July, email messages were sent to a US defenseorganization and the armed forces of a North Atlantic Treaty Organization (NATO) country that contained aURL hosting a Java exploit—the first one seen in nearly two years.11 This was followed up in October whenthe people behind Pawn Storm used an Adobe Flash zero-day exploit in spear phishing emails sent toseveral foreign affairs ministries across the globe.12Other noteworthy zero-days were discovered during the days succeeding the Hacking Team breach. Wefound a new zero-day vulnerability in Internet Explorer (CVE-2015-2425),13 two Flash Player zero-dayvulnerabilities (CVE-2015-512214 and CVE-2015-512315), and one particular Flash zero-day that was used inlimited attacks in Japan and Korea. This said zero-day (CVE-2015-5119)16 was also integrated into both theAngler Exploit Kit and Nuclear Exploit Pack.Zero-days can be used on any target. We have seen this in the way they have been incorporated in spearphishing campaigns launched against individuals and organizations. We know they can be added intoknown exploit kits that abuse a wide array of users. If a system is unpatched and exposed to such threats,compromise is almost certain. Organizations looking to protect their networks and data should considervirtual patching as an interim solution. Virtual patches can protect vulnerable systems from unknown exploitsin the absence of an official patch, especially with operating systems (OS) and applications which are nolonger being supported by the vendor.7 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security Player*FREAKAndroidManifestFile*January 22CVE-2015-0310January 22CVE-2015-0311February 2CVE-2015-0313March 15CVE-2015-0204April 6CVE-2015-0313ApacheCordova*SamsungSwift r*May 27CVE-2015-1835June 19June racleJavaSE*InternetExplorer*Windows*July 11CVE-2015-8122July 11CVE-2015-5123July 11CVE-2015-2590July 14CVE-2015-2425July y 29CVE-2015-3861July 31CVE-2015-3824August 4CVE-2015-3823August 11CVE-2015-3839August eFlashPlayer*Stagefright*BaiduAugust 17CVE-2015-3842September 6CVE-2015-5749October 13CVE-2015-7645October 15CVE-2015-6600November 1iOS SiriNetflix,Tencent*November 18December 3June 26July 7CVE-2015-5119PCMobileZero-dayUsed in Operation PawnStorm* Discovered by Trend Micro2015 in vulnerabilities8 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupMobile devices continued being hotbeds for cybercriminals looking to exploit security flaws. Android’sMediaServer component took a lot of hits in 2015. Vulnerabilities found in the component can be exploitedto perform attacks using arbitrary code execution. Such attacks could force a device’s system to go onendless reboot, draining its battery.17,18 It can also be used to render Android devices silent and unable tomake calls due to unresponsive screens.19 A vulnerability in Android’s manifest file may also cause devicesto experience constant rebooting, making the device totally useless.20Some other Android vulnerabilities include the Android debugger Debuggered vulnerability21 we discoveredin June. It can be utilized to expose a device’s memory content. The Android Installer Hijacking vulnerability,22meanwhile, gives hackers the ability to replace legitimate apps with malicious versions in order to stealinformation from the user.The Samsung SwiftKey Keyboard vulnerability23 (CVE-2015-4640 and CVE-2015-464124) had a pre-loadedmalicious code masquerading as additional language packs that put over 600 million Samsung Galaxyseries phones at risk. We also uncovered the Apache Cordova25 mobile API framework flaw, which remotelyexploits applications with a mere click of a URL.Although the state of Apple security is relatively better than of Android’s, Apple’s trusted walled gardenalso took some hits in 2015. The emergence of vulnerabilities like iOS Quicksand and AirDrop proved thatiOS users could potentially be hit with exploits. The malicious code XcodeGhost26, while technically not avulnerability, was also able to affect several users in China and the US.Since personal mobile devices are heavily used in the enterprise setting, it is important for corporate data tonever reside in them. But this would be impractical given the need for employee mobility. Enterprises hopingto keep confidential data within their own servers can invest in virtual mobile infrastructure. A solution likethis allows employees to access company files and records without ever having to save the data on theirphysical gadget. In case an employee device ever gets rendered useless by mobile exploits or compromisedby malware, the data remains separate and intact.9 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupDeep Web andUnderground ExplorationsThe arrest and sentencing of Silk Road founder Ross Ulbricht—the man responsible for heading the billiondollar narcotics black market27—drew a lot of interest to the Deep Web, more specifically, to darknets.Although many of the sites found on the Deep Web were originally designed to protect user anonymity andfoster the free exchange of information that is normally restricted in certain regions, some of them havebeen repurposed for cybercriminal use. In 2015, we saw cybercriminal markets branch out into the deeperrecesses of the Deep Web.As for cybercriminal underground economies, China remained a global leader in terms of innovation. Chinesecybercriminals developed PoS (point of sale), ATM (automated teller machine), and pocket skimmers tosteal credit card information. These crimeware offerings reflect the country’s retail sector migrating tononcash payment systems. The Chinese also created leaked-data search engines that allow the queryingof information found in data dumps resulting from breaches.28 Another advanced marketplace, the Russianunderground, showed enhancements through sales automation. This improvement made it easier for threatactors to find whichever stolen information they want.29Younger underground markets slowly gained ground in 2015. This was mostly due to lax laws againstcybercrime and increasing interest in coding and software development. The Brazilian cybercriminalunderground, for example, began offering training services to cybercriminal aspirants.30 Some of thesetutorials included how to set up botnets and how to execute payment card theft. Most of the transactions inthis region were publicly advertised via social media sites, showing a blatant disregard for law enforcement.The underground in Japan was quite the opposite. While Brazil thrived on being blatant, Japanesecybercriminals made their business exclusive by closing off outsiders through localized screening methods.31Illegal contraband and paraphernalia like drugs, child pornography, and high-caliber weaponry were presentin the flourishing Japanese underground despite the country’s strict laws against the said goods.10 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupRUSSIACANADAUNITED STATESJAPANGERMANYCHINABRAZILGlobal underground trends in 2015RUSSIAOneofJAPANcybercriminalThe Japanese underground is a new marketplacemarktplaces, the Russian underground continuesthemostestablishedcharacterized by the taboo and the vindictive. Itsto open its doors to anyone interested in launchingofferings are often found behind gated bulletintheir own enterprise by offering them optimizedboards that screen users, creating a highly exclusivecrimeware tools and even partnerships.localized environment.CHINAGERMANYThe Chinese underground continues to pioneerDeemed the fastest developing underground withinnew innovations—hardware and channels likethe European Union, the German underground isportable PoS skimmers and data leaked-datagettingsearch engines—that drive cybercriminal trends incrimeware designed to target citizens in the region.the region.knownforofferinglocallyproducedBRAZILUNITED STATESThe Brazilian underground is populated by young,North American underground sites can be easilybold individuals with no regard for the law. They usefound in the Surface Web, open and visible to bothpopular social media sites like Facebook and othercybercriminals and law enforcement. Its fiercelypublic forums and apps to openly flaunt and promotecompetitive nature drives down prices, makingtheir illegal activities.them favorable for newbie cybercriminals.CANADAWhile it is not as large or well-developed as otherunderground communities, there is a viableCanadianundergroundcommunityprimarilyfocused on the sale of fake or stolen documentsand credentials.11 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupAlthough relatively small compared to other cybercriminal markets, the German underground appearedto be already well-developed. Aside from using of escrows as middlemen for transactions, many Germancybercriminals relied on Packstations32 or delivery services that allowed them to conveniently do dead dropsin locations across the country. In North America, its underground continued to grow. Ransomware, narcotics,and even murder-for-hire services were all made available on the Surface Web, visible to cybercriminals andtheir customers as well as to law enforcement.33Each region’s cybercriminal underground trends have bearing in the real world. The offerings found in thesemarketplaces reflect the emerging and ongoing threats prevalent in each region. The production of creditcard skimmers in China, for example, spells trouble for small businesses in the country. Most of thesedevices work against business owners who may unknowingly purchase tainted PoS machines and loseincome in the process. Knowing these trends could help local law enforcement protect their citizens better.By partnering with security researchers, they can gain valuable sources of threat intelligence concerningboth the cybercriminal underground and illegal transactions in the Deep Web.12 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies
TrendLabs 2015 Annual Security RoundupSmart Technology NightmaresThe successful hacks on IoT devices in 2015 put an end to speculations regarding their susceptibility toattacks. Although there have been a number of previous reports on compromised baby monitors34 andsmart refrigerators,35 it was only last year when researchers proved smart cars could be tampered with inreal time.Our own research on Škoda Auto’s SmartGate System in Fabia III cars36 revealed that an attacker couldalter the car’s system if the vehicle were within its Wi-Fi network range. The system flaw could also allowany attacker to track the driver’s whereabouts and even lock out the driver from accessing the SmartGatesystem.Similar researches echoed these findings. A report analyzing the flaws of several 2010 Ford Escape andToyota Prius37 units proved that these vehic
TrendLabs 2015 Annual Security Roundup 8 Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies 2015 in vulnerabilities PC Mobile Zero-day Used in Operation PawnStorm * Discovered by Trend Micro January 22 CVE-2015-0310 January 22 CVE-2015-0311 February 2 CVE-2015-0313 March 15 CVE-2015-0204 April 6 CVE-2015-0313 May 27 .
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
ABOUT TREND MICRO Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through
MARCH 1973/FIFTY CENTS o 1 u ar CC,, tonics INCLUDING Electronics World UNDERSTANDING NEW FM TUNER SPECS CRYSTALS FOR CB BUILD: 1;: .Á Low Cóst Digital Clock ','Thé Light.Probé *Stage Lighting for thé Amateur s. Po ROCK\ MUSIC AND NOISE POLLUTION HOW WE HEAR THE WAY WE DO TEST REPORTS: - Dynacó FM -51 . ti Whárfedale W60E Speaker System' .
