Trend Micro Q1 2015 Roundup Sees a Resurgence of Old Threats
Indicating possible complacency amongst security professionals
SINGAPORE, May 20, 2015 – In the first quarter of 2015, Trend Micro Incorporated’s (TYO: 4704; TSE: 4704) quarterly threat roundup report saw the rise of reemerging vulnerabilities, such as malvertising, zero-day vulnerability exploitation, “old-school” macro malware and the decade-old FREAK vulnerability. Titled “Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices”, the quarterly report showcased a combination of newer and older threat variations that defined the cyber security landscape. From an industry perspective, healthcare and retail point-of-sale systems have also seen an uptick in threat activity. Reflecting on the first three months of the year, the findings reinforce how complacency can present major cybersecurity risks in an era where the margin for error has been significantly diminished.
“This year is shaping up to be noteworthy in terms of volume, ingenuity and sophistication of attacks, and it is clear that businesses and individuals alike need to be proactive in protecting themselves against threats,” said Dhanya Thakkar, Managing Director, Trend Micro Asia Pacific. “With the resurgence of older vulnerabilities, it could very well be that cybercriminals are taking advantage of lack of user awareness. Thus, businesses and organisations need to accept the fact that breaches are inevitable. This mindset shift and then translate to moving from a reactive to a proactive approach towards cybersecurity.”
Trend Micro researchers found zero-day exploits targeting Adobe software utilized malvertisements and no longer required victims to visit or interact with malicious sites to become infected. Advertising-related threats this quarter also included Superfish, a preinstalled bloatware in laptops that had the capability to alter search results (displayed as images) based on users’ browsing histories. Not only did it behave like adware but it also allowed cybercriminals to snoop in on supposedly secure communications.
Adware also topped the list of mobile threats, with Trend Micro now documenting more than five million Android threats to date — nearing the predicted total of eight million by the close of 2015. In fact, top malicious and high-risk apps blocked by Trend Micro were adware related, reflecting this increase.
The healthcare industry experienced a notable rise in cyber-attacks, in addition to iOS™ and point-of-sale (PoS) systems continuing to be targeted. Since exploitations in these areas have been in their infancy for several years, researchers believe this rise is primarily due to a lack of preparedness—a sizable oversight that should be addressed.
Report highlights include:
§ Healthcare Industry Hit by Massive Attacks: Major healthcare service providers, such as Premera Blue Cross and Anthem, suffered data breaches that exposed millions of customers’ financial and medical data.
§ Old Threats Invigorated with New Targeted Attack Tools, Tactics and Procedures: Rocket Kitten and those behind Operation Pawn Storm set their sights on new targets, proving that targeted attacks are evolving.
§ Exploit Kits Grew in Sophistication: Exploit kits constantly add new exploits to their arsenals, adding to their allure to expert and novice attackers.
§ Crypto-Ransomware Volume Soared, Expands to Enterprises: Crypto-ransomware expanded their target base to enterprise users, no longer exclusively pursuing consumers.
§ Macro Malware, Old but Still Effective: The resurgence of macro malware suggest cybercriminals are taking advantage of user security complacency, through reliance on Microsoft Office® defaults.
§ Decade-Old FREAK Security Flaw Brought on Patch Management Challenges: As more vulnerabilities emerge in open source OSs and applications, IT administrators will find it increasingly difficult to mitigate risks.
For the complete report, please visit: http://www.trendmicro.com/vinfo/us/security/roundup/
A blog post regarding the report can be viewed here: http://blog.trendmicro.com/1q-2015-security-roundup/
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
