Story image

Real world impact of cyberattacks starting to show, says Trend Micro

19 Nov 15

Security software company Trend Micro has released its latest report that takes a look at the real world affects of a security breach. 

The report, Hazards ahead: current vulnerabilities prelude impending attacks, says potential security gaps serve as a prelude to potentially massive events that will greatly impact 2016. 

Trend Micro says the interconnectivity of technology has led to a point where many devices are potentially vulnerable, and in the third quarter of 2015, the real world impacts of cyberattacks became clear. 

“The evolution of breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” explains Dhanya Thakkar, managing director of Asia Pacific, Trend Micro. 

“The emergence of numerous vulnerabilities and other data breaches that occurred in this quarter are bound to release more confidential and potentially destructive information to the public, which could then be sold to the highest bidder on the Deep Web.”

The company says data breaches experienced last quarter, such as Ashley Madison, spurred a chain of attacks, in which dumping stolen confidential information in public domains tarnishes victims’ reputations, causing far great damage than simple business disruptions. 

“Cybercriminals, who leveraged the compromised information to launch extortion attacks and blackmail users, caused catastrophe for both Avid Life Media, the site owner, and more than 30 million Ashley Madison users – with reports of victim suicides in response to the impact this attack had on their personal lives,” the company explains.

According to the report, security breaches impacting the healthcare industry were prevalent in the third quarter, with health and personally identifiable information (PII) the second-most stolen data type out of all data breach categories. These instances reinforce why the healthcare industry continues to be an appealing target for cybercriminals, Trend Micro says.

Attackers are continuing to set their sights on mobile device users, taking advantage of gaps in security that exist on the iOS and Android platforms. 

Trend Micro says the discovery of vulnerabilities in Android highlighted the need for a more integrated set of security strategies, while modified versions of app creation tools debunked the notion that the iOS walled garden approach to security can spare the platform from attacks.

“As Trend analysts have observed, cyberspace has become more punitive, and attacks are no longer isolated,” says Thakkar. “To mitigate future breaches and reduce risk, enterprises must focus on intrusion suppression and address the advent of secondary infections. 

“Integration of breach detection systems with intrusion prevention systems is fundamental to decreasing the time hackers dwell on their networks.” 

Thakkar says ‘expect to be hit prepare to survive’ will become the mantra of 2016.

  • The report highlighted the following third quarter activities:
  • Data breach dumps were used to fuel further attacks and extortion. The successful attacks against The Hacking Team and Ashley Madison greatly affected the security and computing industries.
  • Discovery of weak points in mobile platforms emphasise existing problems in both ecosystems. In response to the recent spate of Android vulnerability discoveries, Google finally announced regular security updates for the platform.
  • Cybercriminals use the “shotgun approach” on PoS malware, primarily affecting small businesses. Attacks seen in the third quarter involved PoS malware launched through “old” techniques like spamming, as well as tools like macro malware, exploit kits and botnets.
  • Political personalities surface as targets of ongoing espionage campaigns. Analysis of recent data revealed that Pawn Storm has expanded its targets from mostly U.S. targets to Russian entities.
  • Angler Exploit Kit continues to be a widely-used tool, with access numbers increasing by 34 percent. Angler Exploit Kit creators updated their arsenal this past quarter, which resulted in attackers using their creation to distribute new malware.
  • New research raises issues on the security of Internet-ready devices. Attackers are now modifying target-tank information, which could have dire consequences for the general public.
Silver Peak hits big four with Google Cloud agreement
Silver Peak is the only SD-WAN vendor to partner with all four leading public cloud providers – Amazon, Google, Microsoft and Oracle.
Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
MNF Enterprise brings calling to MS Teams
Businesses can now use Microsoft Teams for local and international phone calling from their computer or device.
Survey reveals CX disconnect is risky business
Too much conversation and too little action could lead companies to neglect, lose, and repel their very lifeblood, according to Dimension Data.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Police making progress into Cryptopia breach
New Zealand Police say they are making ‘good progress’ into the investigation of an alleged cryptocurrency theft from Christchurch-based crypto exchange Cryptopia.
NEC concludes wireless transport SDN proof of concept
"Operation and management of 5G networks are very complicated and require automation and closed-loop control with timely data refinement and quick action."
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.