Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
If this past quarter's stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level. Attackers are finding more security gaps to abuse, whether they're in existing public-facing technologies or in new developments in the Internet of Things. With this incoming swell of attacks also come new cybercriminal players, independent operators who use simple malware for full-scale regional operations. Although law enforcement agencies are making strides in the fight for cybersecurity, these challenges continue.
We've previously seen how certain automated transportation systems could be susceptible to cyber-attacks, and now we're seeing possible threats in aviation. The first incident took place when security researcher Chris Roberts tweeted messages that suggested that he was tampering with the in-flight systems of the 737/800 plane that he was on. This was followed by a DDoS attack on Warsaw's Okecie airport, causing delays that grounded more than 1,400 people flying with LOT Polish Airlines.
[Read: Mile High Hacking: Should You Worry?]
Routers were next. Our researchers observed an increase in attacks that used DNS changer malware that targeted home routers. Much of the detected infections were in Brazil, US, and Japan. Brazil took the lion's share of the infections, with 81%. These attacks aimed to steal personal information from the devices connected to home routers using malware.
[Read: DNS Changer Malware Sets Sights on Home Routers]
These attacks aimed to steal personal information from the devices connected to home routers using DNS changer malware. Like its name suggests, DNS changer malware changes the DNS of a router so that any device connected to it would load a malicious version of any website it tries to log into, including online banking websites. While DNS changer malware is nothing new, its significance continues to increase as homes and businesses become more connected to the Internet of Things.
[Read: DNS Changer Malware Sets Sights on Home Routers ]
Finally, in early April, an attack on French TV Network TV5 Monde crippled the company's network, disrupting all broadcasts for four hours. The attackers also took control of TV5 Monde's social networking accounts, using them to not only post propaganda but also reveal personal information of the relatives of French soldiers involved in military operations.
[Read: The TV5Monde Attack: Four Hours that Changed the World]
These incidents show that cybercriminals are looking past our desktops and mobile devices. They are expanding their targets to include public-facing infrastructure and gadgets we normally take for granted in terms of security.
We saw more instances of solo cybercriminal operations during the second quarter. Frapstar, a lone operator from Canada, made a profit out of selling stolen personal information. In Brazil, LordFenix made a killing with his own home-grown horde of banking Trojans, each valued at over US$300. Similarly, AlejandroV managed to steal 22,000 unique credit card numbers with his point-of-sale (PoS) malware named FighterPoS.
[Read: FighterPoS: Fighting A New PoS Malware Family]
MalumPoS was another PoS malware that broke into the scene around this time. The malware was detected stealing information from systems running on Oracle MICROS, which meant that 330,000 establishments worldwide were vulnerable to it, primarily in the US.
[Read: Trend Micro Discovers MalumPoS]
Two Nigerian solo cybercriminals used a simple US$35 keylogger called Hawkeye to target small businesses worldwide, specifically those in India, Egypt, Iran, Pakistan, Taiwan, Hong Kong, Russia, France, Germany, and the US.
[Read: How Two Cybercriminals Earned Millions Using a $35 Malware]
Ransomware activity was rife during the quarter. In June alone, we saw outbreaks of TorrentLocker and CryptoWall occurring nearly every day in countries that include the US, the UK, South Korea, and China. We also spotted several teenagers in China making money off mobile ransomware.
Some of these quarter's security wins were made possible through public-private partnerships (PPP). Trend Micro aided both Interpol and Europol in taking down two notorious botnets: SIMDA and BEEBONE. Continuing this winning streak was the sentencing of Silk Road creator Ross Ulbricht in May. His trial shed more light on Deep Web marketplaces with offerings that range from forged passports to assassination contracts.
[Read: Below the Surface: Exploring the Deep Web]
Also of note were certain leaps and bounds in security and pro-privacy legislation. The most notable of which happened in the US: when The Freedom Act was signed and when the US government mandated that all federal websites use HTTPS.
In June, more than 21 million current and former federal employees—including their family members and rejected applicants—had their personal information exposed after the United States Office of Personal Management was hit by a series of data breaches. The data included employee Social Security numbers and even fingerprints.
[READ: Federal Data Breach: The Most Prolific in History]
The IRS was also subject to a breach that leaked 100,000 taxpayer records. The attackers behind it siphoned off data from a compromised IRS web application.
Reported date: June 1 2015
Impact: 1M victims (personal data, including Social Security numbers)
Reported date: June 4 2015
Impact: 21.5M victims (Social Security numbers)
Reported date: 5/20/2015
Impact: 1.1M victims
Reported date: 5/26/2015
Impact: 100K victims
The White House and members of the North Atlantic Treaty Organization (NATO) became the latest targets of Operation Pawn Storm, an economic and political cyber-espionage campaign we discovered last year. Meanwhile, government institutions in the Philippines and Taiwan fell prey to two other targeted attack campaigns—Tropic Trooper and ESILE.
[Read: Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House]
Countries that sought to stop Iran's nuclear development capabilities faced Duqu 2.0 attacks that used several zero-day vulnerabilities. Other threat actors, meanwhile, had started using macro malware in targeted attack campaigns, such as GHOLE. This could explain the steady growth of macro malware volume seen last quarter.
[Read: eBay’s Magento E-commerce Platform Hit by Payment Card Stealers]
Mobile platforms also saw a fair share of vulnerabilities like the SwiftKey Android vulnerability, which allows attackers to take over a user's mobile device. A patch has been released, but device fragmentation still stalls its deployment on affected devices. Huge security flaws were also found in the application sandboxes that protect OSX and iOS systems.
As more vulnerabilities came to light, exploit kits have also been quickly updated to include them. The Angler exploit kit is a prime example of such behavior. It was the first to integrate vulnerabilities almost at the same time they were disclosed. This may explain the increase of its infection count from Q1 to Q2 2015, along with the spike in the number of users accessing exploit kit-related URLs between May and June. Angler is especially notorious for its use of various Adobe Flash Player exploits, alongside other exploit kits such as Nuclear and Magnitude.
The Trend Micro Smart Protection Network™ blocked over 12 billion threats this past quarter, a decrease from the 14 billion threat count at the start of the year. This may be because cybercriminals are now focusing their attacks rather than using an "infect-anyone" approach.
Of these threats, the top three malware families counted last quarter were SALITY (88K), DOWNAD/ CONFICKER (77K), and GAMARUE (58K). SALITY variants are known for its damaging routines that include the spread of infected .EXE and .SCR files. DOWNAD/ CONFICKER variants are notorious for their persistence in exploiting vulnerabilities and high propagation rate. GAMARUE variants are capable of stealing information and taking control of a system to launch attacks on other systems.
The total number of malicious and high-risk apps for Android has risen to roughly 7.1 million. That's a 31% increase compared to 1Q 2014 (5.4 million).
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.