SlideShare uma empresa Scribd logo

Rpt paradigm shifts

M
malvvv

security

Tecnologia
1 de 18
Baixar para ler offline
P A R A D I G M S H I F T S Trend Micro Security Predictions for 2018
Skills and resources — these are the two elements that make up an attacker’s arsenal. An attacker, however, cannot set out to break security or even perform sophisticated attacks without finding weak points in a system first. Massive malware attacks, email-borne heists, hacked devices, and disrupted services — all of these require a vulnerability in the network, whether in the form of technology or people, in order to be pulled off. Increased connectivity and interaction over insecure networks are a given. Unfortunately, poor implementation of technologies adds to the likelihood of threats being realized. Having protection where and when it’s needed will become the backbone of security in this ever-shifting threat landscape. In 2018, digital extortion will be at the core of most cybercriminals’ business model and will propel them into other schemes that will get their hands on potentially hefty payouts. Vulnerabilities in IoT devices will expand the attack surface as devices get further woven into the fabric of smart environments everywhere. Business Email Compromise scams will ensnare more organizations to fork over their money. The age of fake news and cyberpropaganda will persist with old-style cybercriminal techniques. Machine learning and blockchain applications will pose both promises and pitfalls. Companies will face the challenge of keeping up with the directives of the General Data Protection Regulation (GDPR) in time for its enforcement. Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage. These are the threats that will make inroads in the 2018 landscape. As such, they will serve as further proof that the days of threats being addressed with traditional security solutions are behind us. As environments become increasingly interconnected and complex, threats are redefining how we should look at security. Trend Micro has looked into the current and emerging threats, as well as the security approaches tailored for the landscape. Read on to find out how to make informed decisions with regard to the security focus areas that will figure prominently in 2018.
THE RANSOMWARE BUSINESS MODEL WILL STILL BE A CYBERCRIME MAINSTAY IN 2018, WHILE OTHER FORMS OF DIGITAL EXTORTION WILL GAIN MORE GROUND.
For 2017, we predicted that cybercriminals would diversify ransomware into other attack methods. True enough, the year unfolded with incidents such as WannaCry and Petya’s rapidly propagated network attacks, Locky and FakeGlobe’s widespread spam run, and Bad Rabbit’s watering hole attacks against Eastern European countries. We do not expect ransomware to go away anytime soon. On the contrary, it can only be anticipated to make further rounds in 2018, even as other types of digital extortion become more prevalent. Cybercriminals have been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomware- as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransom, cybercriminals are being all the more drawn to the business model. Ransomware maturity as a catalyst for digital extortion campaigns If the evolution of cybercriminal tactics over the years is any indication, cybercriminals are now going straight for the money instead of tricking users into giving up their credentials. The early online threats were heavy on infostealers and malware that hijacked banking transactions to steal private information. Then, the breed of threats went out to disguise themselves as anti-malware solutions (FAKEAV), whereby users were duped into downloading the software and paying up to regain access to the victimized computers. Emulating this behavior of FAKEAV, ransomware took the stage from then on. The current success of ransomware campaigns — especially their extortion element — will prompt cybercriminals looking to make generous profits out of targeting populations that will yield the most return possible. Attackers will continue to rely on phishing campaigns where emails with ransomware payload are delivered en masse to ensure a percentage of affected users. They will also go for the bigger buck by targeting a single organization, possibly in an Industrial Internet of Things (IIoT) environment, for a ransomware attack that will disrupt the operations and affect the production line. We already saw this in the fallout from the massive WannaCry and Petya outbreaks, and it won’t be long until it becomes the intended impact of the threat. Extortion will also come into play when GDPR gets imposed. Cybercriminals could target private data covered by the regulation and ask companies to pay an extortion fee rather than risk punitive fines of up to 4 percent of their annual turnover. Companies will have ransom prices associated with them that cybercriminals can determine by taking publicly available financial details and working out the respective maximum GDPR fines the companies could face.This will drive an increase in breach attempts and ransom demands. Moreover, we expect GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings were used in past FAKEAV and ransomware campaigns. Users and enterprises can stay resilient against these digital extortion attempts by employing effective web and email gateway solutions as a first line of defense. Solutions with high-fidelity machine learning, behavior monitoring, and vulnerability shielding prevent threats from getting through to the target. These capabilities are especially beneficial in the case of ransomware variants that are seen moving toward fileless delivery, in which there are no malicious payloads or binaries for traditional solutions to detect. SOURCES: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-morphosis/ https://www.trendmicro.com/vinfo/us/security/definition/ransomware https://documents.trendmicro.com/assets/rpt/rpt-setting-the-stage.pdf Prominent Cybercriminal Business Models Over the Years Ransomware and DIGITAL EXTORTION will be the land of milk and honey for cybercriminals. Unprecedented ransomware outbreaks occur through WANNACRY and PETYA. New ransomware families spike by 752%, RANSOMWARE-AS-A-SERVICE (RaaS) emerges. Ransomware steadily grows, and continues to encrypt and demand payment. Ransomware BITCRYPT encrypts files and demands bitcoin payment. Ransomware CRYPTOLOCKER encrypts files, locks systems, and demands $300 payment. Trojan SPYEYE steals millions of dollars. First Android Trojan, DROIDSMS, emerges. Trojans spread via malicious links on Twitter. Worm KOOBFACE targets Facebook users. FAKEAV steals credit card information using fake antivirus scare messages. Infostealer ZEUS is discovered. Online banking malware that logs keystrokes or changes banking interfaces flourishes.
CYBERCRIMINALS WILL EXPLORE NEW WAYS TO ABUSE IoT DEVICES FOR THEIR OWN GAIN.
The massive Mirai and Persirai distributed denial-of-service (DDoS) attacks that hijacked IoT devices, such as digital video recorders (DVRs), IP cameras, and routers, have already elevated the conversation of how vulnerable and disruptive these connected devices can be. Recently, the IoT botnet Reaper, which is based on the Mirai code, has been found to catch on as a means to compromise a web of devices, even those from different device makers. We predict that aside from performing DDoS attacks, cybercriminals will turn to IoT devices for creating proxies to obfuscate their location and web traffic, considering that law enforcement usually refers to IP addresses and logs for criminal investigation and post-infection forensics. Amassing a large network of anonymized devices (running on default credentials no less and having virtually no logs) could serve as jumping-off points for cybercriminals to surreptitiously facilitate their activities within the compromised network. We should also anticipate more IoT vulnerabilities in the market as many, if not most, manufacturers are going to market with devices that are not secure by design. This risk will be compounded by the fact that patching IoT devices may not be as simple as patching PCs. It can take one insecure device that has not been issued a fix or updated to the latest version to become an entry point to the central network. The KRACK attack proved that even the wireless connection itself could add to the security woes. This vulnerability affects most, if not all, devices that connect to the WPA2 protocol, which then raises questions about the security of 5G technology, which is slated to sweep connected environments. Devices that will be targeted for disruptions and cybercrime With hundreds of thousands of drones entering the U.S. airspace alone, the prospect of overseeing the aerial vehicles can be daunting. We expect that reports of drone-related accidents or collisions are only the start of it, as hackers have already been found to access computers, grab sensitive information, and hijack deliveries. Likewise, pervasive home devices such as wireless speakers and voice assistants can enable hackers to determine house locations and attempt break-ins. We also expect cases of biohacking, via wearables and medical devices, to materialize in 2018. Biometric activity trackers such as heart rate monitors and fitness bands can be intercepted to gather information about the users. Even life-sustaining pacemakers have been found with vulnerabilities that can be exploited for potentially fatal attacks. What adopters and regulators should recognize now is that not all IoT devices have built-in security, let alone hardened security. The devices are open to compromise unless manufacturers perform regular risk assessments and security audits. Users are also responsible for setting up their devices for security, which can be as simple as changing default passwords and regularly installing firmware updates.
GLOBAL LOSSES FROM BUSINESS EMAIL COMPROMISE SCAMS WILL EXCEED US$9 BILLION IN 2018.
According to the Federal Bureau of Investigation (FBI), BEC scams have been reported in over a hundred countries and had a marked increase of 2,370 percent in identified exposed losses between January 2015 and December 2016. This isn’t surprising since BEC scams are to cybercriminals what burglary is to “offline” criminals. BEC scams are quick, require very little scouting, and can yield big gains depending on the target, as evidenced by the US$5 billion recorded losses. We predict that BEC incidents will only multiply in 2018, leading to more than US$9 billion* in global losses. This hike in the projected reported losses will be brought on partly by a growing awareness around BEC and the tactics used, which will result in better identification and increased reporting of the scams. Mainly, it will be rooted in how BEC scams bank on phishing approaches that time and again have proved to be effective. We will continue to see BEC scams that involve company executives being impersonated to wire sums of money. We’ve been observing it in the increase of BEC attack attempts involving CEO fraud. It’s also interesting to note that instead of planting keyloggers, BEC scammers are turning to phishing PDFs and sites, which are cheaper than keyloggers with crypting services. With phishing, they can still compromise accounts, and at lower costs at that. The simplicity of knowing a target organization’s hierarchy (which may even be publicly available on social media and corporate websites) and the brevity of the emails make a case for BEC as an efficient ploy to funnel money. There is, however, another financially driven enterprise threat that is expected to still be wielded by crybercriminals, especially those who are willing to do the long con: Business Process Compromise (BPC). With BPC, cybercriminals learn the inner workings of the organization, particularly in the financial department, with the aim of modifying internal processes (possibly via corporate supply chain vulnerabilities) and hitting the mother lode. But given that it requires long-term planning and more work, BPC is less likely to make headlines in 2018, unlike the much simpler BEC. BEC can be deflected if employee training is in place, as it is reliant on social engineering. Companies should implement strict protocols on internal processes, especially when making any kind of transaction. Small- and medium-sized businesses, as well as enterprises, should employ multiple verifications, whereby another established communication channel, such as a phone call, is at one’s disposal for double-checking. Web and gateway solutions that provide accurate detection of social engineering tactics and forged behaviors may also be able to block BEC threats. * US$9 billion is based on computing the monthly average of reported losses from June to December 2016 and multiplying it by 12. This only assumes that there is a flat growth for reported BEC incidents and victims. Cumulative BEC Losses US$9.1B US$5.3B US$3.1B 2013 20172014 2015 2016 SOURCES: https://www.ic3.gov/media/2016/160614.aspx https://www.ic3.gov/media/2017/170504.aspx
CYBERPROPAGANDA CAMPAIGNS WILL BE REFINED USING TRIED-AND-TESTED TECHNIQUES FROM PAST SPAM CAMPAIGNS.
The fake news triangle consists of: motivations the propaganda is built on, social networks that serve as a platform for the message, and tools and services that are used to deliver the message. In 2018, we expect cyberpropaganda to spread via familiar techniques: those that were once used to spread spam via email and the web. Do-it-yourself (DIY) kits in the form of software, for instance, can perform automated social media spamming. Even black hat search engine optimization (SEO) has been adapted to social media optimization (SMO), with a user base of hundreds of thousands able to provide traffic and numbers to different platforms. From spear- phishing emails sent to foreign ministries to the blatant use of documents to discredit authorities, dubious content can spread freely and spark forceful opinions or even real protests. Fabricated information, additionally, can put businesses in a bad light and even hurt their performance and reputation. Researchers are even looking into audio and video manipulation tools that allow realistic-looking footage to further blur the line between authentic and fake. Manipulated political campaigns will continue to mount smear tactics and deliberately shift public perception, as allowed by the tools and services readily available in underground marketplaces. It is likely that the upcoming Swedish general election will not be exempt from attempts to influence the voting outcome through fake news. The interest will also be hot on the heels of the U.S. midterm elections, as social media can be wielded to amplify divisive messages, as in the alleged meddling in the previous U.S. presidential election and the “troll farm” behind a Twitter influencer. Each time fake news gets posted and reposted, a reader encountering the same content grows familiar with it and takes it as truth. Having the eye to distinguish fake news from not will be tough, as propagandists use old techniques that have proved effective and reliable. Fake news and cyberpropaganda will press on because there has been no dependable way to detect or block manipulated content. Social media sites, most notably Google and Facebook, have already pledged a crackdown on bogus stories propagating across feeds and groups, but it has had little impact so far. That being the case, the final screening will still be dependent on the users themselves. But as long as users are not educated in flagging false news, such content will continue to permeate online and be consumed by unsuspecting and undiscerning readers. Countries That Will Hold General, Parliamentary or Presidential Elections in 2018 SOURCES: http://www.electionguide.org/elections/upcoming/ https://www.thelocal.se/20170911/what-you-need-to-know-about-swedens-party-leaders-2018-election https://www.usatoday.com/story/news/politics/2017/09/07/2018-midterm-elections-senate-races-to-watch/597965001/ Africa Cameroon Madagascar Mali Mauritiana Sierra Leone South Sudan Zimbabwe Cambodia Maldives Pakistan Turkmenistan Czech Republic Cyprus Finland Georgia Italy Montenegro Russia Sweden Cuba Mexico United States Paraguay Venezuela Asia Europe North America South America
THREAT ACTORS WILL RIDE ON MACHINE LEARNING AND BLOCKCHAIN TECHNOLOGIES TO EXPAND THEIR EVASION TECHNIQUES.
Knowing what is unknown. That’s one of the key promises of machine learning, the process by which computers are trained but not deliberately programmed. For a relatively nascent technology, machine learning shows great potential. Already, however, it’s become apparent that machine learning may not be the be-all and end-all of data analysis and insights identification. Machine learning lets computers learn by being fed loads of data. This means that machine learning can only be as good and accurate as the context it gets from its sources. Going into the future, machine learning will be a key component of security solutions. While it uncovers a lot of potential for more accurate and targeted decision-making, it poses an important question: Can machine learning be outwitted by malware? We’ve found that the CERBER ransomware uses a loader that certain machine learning solutions aren’t able to detect because of how the malware is packaged to not look malicious. This is especially problematic for software that employs pre-execution machine learning (which analyzes files without any execution or emulation), as in the case of the UIWIX ransomware (a WannaCry copycat), where there was no file for pre-execution machine learning to detect and block. Machine learning may be a powerful tool, but it is not foolproof. While researchers are already looking into the possibilities of machine learning in monitoring traffic and identifying possible zero-day exploits, it is not far- fetched to conjecture that cybercriminals will use the same capability to get ahead of finding the zero-days themselves. It is also possible to deceive machine learning engines, as shown in the slight manipulation of road signs that were recognized differently by autonomous cars. Researchers have already demonstrated how machine learning models have blind spots that adversaries can probe for exploitation. While machine learning definitely helps improve protection, we believe that it should not completely take over security mechanisms. It should be considered an additional security layer incorporated into an in-depth defense strategy, and not a silver bullet. A multilayered defense with end-to-end protection, from the gateway to the endpoint, will be able to fight both known and unknown security threats. Another emerging technology that is poised to reshape businesses and that we see being abused is the blockchain. Blockchain technology has generated a lot of buzz in the context of digital cryptocurrencies and as a form of no-fail security. Adoption of the decentralized ledger is projected to be widespread in five to 10 years. Currently, however, many initiatives are already being built on blockchain, ranging from technology and finance industry startups and giants to entire governments – all with the goal of revolutionizing business models. Blockchain works by having a required consensus among the participants, which makes unauthorized changes or deliberate tampering with the blockchain difficult to do. The more transfers there are, the more the series becomes complex and obfuscated. This obfuscation, likewise, can be seen as an opportunity by cybercriminals looking into enhancing their attack vectors. They have already managed to target the blockchain in the Ethereum DAO hack, which led to over US$50 million worth of digital currency lost. Like most promising technologies that were thought secure at one point, machine learning and blockchain warrant close attention.
MANY COMPANIES WILL TAKE DEFINITIVE ACTIONS ON THE GENERAL DATA PROTECTION REGULATION ONLY WHEN THE FIRST HIGH-PROFILE LAWSUIT IS FILED.
The European Union (EU) will finally be rolling out GDPR in May 2018, with an expected extensive impact on data handling of companies that engage with EU citizens’ data – even if the said companies are outside Europe. In our research, we found that the majority of C-level executives (in 57 percent of businesses) shun the responsibility of complying with GDPR, with some unaware of what constitutes personally identifiable information (PII) and even unbothered by potential monetary penalties. Laggards will fully heed the brunt of GDPR only when the retributions are imposed by the regulators. Data privacy watchdogs can interfere with business operations by altogether banning companies from processing certain data. There is also the possibility that lawsuits, both from the authorities and from the citizens themselves, will come into the picture. The American credit reporting agency Equifax, for instance, would have faced a staggering fine, as some U.K. consumers were reportedly affected too, if the breach had happened after the GDPR implementation had gone into effect and it hadn’t come forward with the incident sooner than it chose to. A considerable penalty would have also been imposed on the international ride-hailing company Uber, which announced a data breach over a year after the fact. Noncompliance with breach notification will prompt regulators to issue fines of up to €20 million, or up to 4 percent of the company’s global annual turnover of the preceding financial year, whichever is greater. Companies waking up to the GDPR enforcement, therefore, will find the importance of having a dedicated data protection officer (DPO) who can spearhead data processing and monitoring. DPOs are particularly needed in enterprises and industries that handle sensitive data. Companies will be required to review their data security strategy, including classifying the nature of data and distinguishing EU data from data associated with the rest of the world. Other regions will have to catch up with their data regulations by having a similar framework of wide-ranging scope and tougher penalties for compliance failure. The U.S. Food and Drug Administration (FDA) has already recognized several European drug regulatory authorities to improve its inspections. Australia is gearing up to enact its own data breach notification laws based on the Privacy Amendment (Notifiable Data Breaches) Act 2017, while U.K.’s Data Protection Bill is getting updated to match EU’s laws after Brexit. Meanwhile, the EU-U.S. Privacy Shield deal will have to prove how binding it is in spite of concerns expressed by the EU. of businesses appear to be dismissive of the extent of GDPR fines. of businesses don’t know email marketing databases contain PII. of businesses have invested in technology to identify intruders. GDPR Is Coming. Are You Prepared? 66% 34% 42% SOURCE: http://newsroom.trendmicro.com/press-release/commercial/trend-micro-research-reveals-c-level-executives-are-not-prepared-gdpr-imple
ENTERPRISE APPLICATIONS AND PLATFORMS WILL BE AT RISK OF MANIPULATION AND VULNERABILITIES.
In today’s environment, where the Industry 4.0 makes cyber-physical systems and production processes increasingly interconnected and software-defined, risks can stem from several areas within. The notion of having a digital twin, a virtual replica or simulation of the real-world production or process, is enabling enterprises to address performance issues that may arise in real physical assets. However, we believe that while it’s poised to transform operations, the production network can be infiltrated by malicious actors aiming to manipulate the system and cause operational disruptions and damages. By manipulating the digital twin itself, these actors can make production processes look legitimate when they have, in fact, been modified. In addition, production data that is directly (or indirectly) handed over via manufacturing execution systems (MES) to SAP or other enterprise resource planning (ERP) systems is also in danger of being compromised. If a manipulated piece of data or wrong command is sent to an ERP system, machines will be liable to sabotage processes by carrying out erroneous decisions, such as delivery of inaccurate numbers of supplies, unintended money transfers, and even system overloads. Enterprise systems will not be the only ones targeted; in 2018, we expect to continue to see security flaws in Adobe and Microsoft platforms. What’s going to be particularly interesting, though, is the renewed focus on browser-based and server-side vulnerabilities. For years, the vulnerabilities of well-known browser plug-ins like Adobe Flash Player, Oracle’s Java, and Microsoft Silverlight have been targeted. We predict that in 2018, however, weaknesses in JavaScript engines will beset the modern browsers themselves. From Google Chrome’s V8 crashing issues to Microsoft Edge’s Chakra being open source, JavaScript-based browser vulnerabilities will make more appearances in 2018 given the wide use of the script on the web. Attackers will also take a renewed focus on using server-side vulnerabilities to deliver malicious payloads. We predict that the use of Server Message Block (SMB) and Samba exploits that deliver ransomware will be more pronounced in 2018. SMB vulnerabilities, in particular, can be exploited without any direct interaction with the user. In fact, an SMB vulnerability was used in the EternalBlue exploit that crippled many networks running on Windows during the WannaCry and Petya ransomware attacks, and in the more recent Bad Rabbit attacks that exploited EternalRomance. The open-source Samba on Linux, similarly, is capable of exploiting vulnerabilities in the SMB protocol. Attacks against production processes through SAP and ERP mean that enterprises will need to take the security of related applications as priority. Access to the applications will need to be managed and monitored to avoid any unauthorized access. Users and enterprises are advised to routinely check for software updates and apply patches once they are available. However, as administrators can stumble over immediate deployment of updates, we recommend integrating vulnerability shielding into systems so that platforms are protected against unpatched and zero- day vulnerabilities. Network solutions should also secure connected devices from potential intrusions through virtual patching and proactive monitoring of web traffic.
Tackling Security in 2018 Given the broad range of threats the landscape currently bears and will expect to face in 2018 – from vulnerabilities and ransomware to spam and targeted attacks – what enterprises and users alike can best do is to minimize the risk of compromise at all layers. Better visibility and multilayered security defense for enterprises To combat today’s expansive threats and be fortified against those yet to come, organizations should employ security solutions that allow visibility across all networks and that can provide real-time detection and protection against vulnerabilities and attacks. Any potential intrusions and compromise of assets will be avoided with a dynamic security strategy that employs cross-generational techniques appropriate for varying threats. These security technologies include: • Real-time scanning. Active and automatic scans allow highly efficient malware detection and improved machine performance. • Web and file reputation. Malware detection and prevention through web reputation, anti-spam techniques, and application control protect users from ransomware attacks and exploits. • Behavioral analysis. Advanced malware and techniques that evade traditional defenses are proactively detected and blocked. • High-fidelity machine learning. Human inputs augmented with threat intelligence data allow rapid detections and accurate defenses against known and unknown threats. • Endpoint security. Security that employs sandboxing, breach detection, and endpoint sensor capabilities detect suspicious activities and prevent attacks and lateral movement within the network. Best practices and sustained protection for end-users Having different devices and applications to access information is becoming second nature in today’s increasingly connected world. Regardless of device, application, or network, users will be able to fill the security gaps with proper configurations: • Change default passwords. Use unique and complex passwords for smart devices, especially for routers, to significantly reduce the possibility of attackers hacking into the devices. • Set up devices for security. Modify devices’ default settings to keep privacy in check and implement encryption to prevent unauthorized monitoring and use of data. • Apply timely patches. Update the firmware to its latest version (or enable the auto-update feature if available) to avoid unpatched vulnerabilities. • Deflect social engineering tactics. Always be mindful of emails received and sites visited as these can be used for spam, phishing, malware, and targeted attacks. Enterprises and users are better positioned if protections in place are able to cover the entire threat life cycle with multiple security layers. From the email and web gateway to the endpoint, having a connected threat defense ensures maximum protection against the constantly evolving threats of 2018 and beyond.
©2017 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. TREND MICROTM Trend Micro Incorporated, a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver topranked client, server, and cloud-based security that fits our customers’ and partners’ needs; stops new threats faster; and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology, products and services stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Created by: The Global Technical Support and R&D Center of TREND MICRO For Raimund Genes (1963 - 2017)

Recomendados

CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 

Recomendados

CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020Agnieszka Guźniczak-Beim
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyChukwunonso Okoro, CFE, CAMS, CRISC
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018Confederation of Indian Industry
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023Bernard Marr
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022Bernard Marr
 

Mais conteúdo relacionado

Mais procurados

Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 

Mais procurados (19)

Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochure
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 

Semelhante a Rpt paradigm shifts

Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023Bernard Marr
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022Bernard Marr
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionESET Middle East
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfsatheesh kumar
 
Top 10 Cybersecurity Trends to Watch Out For in 2022
Top 10 Cybersecurity Trends to Watch Out For in 2022Top 10 Cybersecurity Trends to Watch Out For in 2022
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023K7 Computing Pvt Ltd
 
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxThe Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxjiyalouis
 
Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfYamuna5
 

Semelhante a Rpt paradigm shifts (20)

Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023The Top Five Cybersecurity Trends In 2023
The Top Five Cybersecurity Trends In 2023
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connection
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdf
 
Top 10 Cybersecurity Trends to Watch Out For in 2022
Top 10 Cybersecurity Trends to Watch Out For in 2022Top 10 Cybersecurity Trends to Watch Out For in 2022
Top 10 Cybersecurity Trends to Watch Out For in 2022
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxThe Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
 
Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdf
 

Mais de malvvv

12 vzor
12 vzor 12 vzor
12 vzor malvvv
 
10 isbc
10 isbc 10 isbc
10 isbc malvvv
 
09 assaabloy
09 assaabloy 09 assaabloy
09 assaabloy malvvv
 
08 dormakaba
08 dormakaba 08 dormakaba
08 dormakaba malvvv
 
07 parsec
07 parsec 07 parsec
07 parsec malvvv
 
06 videomax
06 videomax 06 videomax
06 videomax malvvv
 
05 sigur
05 sigur 05 sigur
05 sigur malvvv
 
04 perco
04 perco 04 perco
04 perco malvvv
 
02 itrium
02 itrium02 itrium
02 itriummalvvv
 
01 hid
01 hid 01 hid
01 hid malvvv
 
En 50132-7
En 50132-7En 50132-7
En 50132-7malvvv
 
2018 ic3 report
2018 ic3 report2018 ic3 report
2018 ic3 reportmalvvv
 
threats
threatsthreats
threatsmalvvv
 
Google android security_2018_report
Google android security_2018_reportGoogle android security_2018_report
Google android security_2018_reportmalvvv
 
Owasp top-10 proactive controls-2018
Owasp top-10 proactive controls-2018Owasp top-10 proactive controls-2018
Owasp top-10 proactive controls-2018malvvv
 
Web vulnerabilities-2018
Web vulnerabilities-2018Web vulnerabilities-2018
Web vulnerabilities-2018malvvv
 
Testirovanie parolnyh politik
Testirovanie parolnyh politikTestirovanie parolnyh politik
Testirovanie parolnyh politikmalvvv
 

Mais de malvvv (20)

12 vzor
12 vzor 12 vzor
12 vzor
 
11
11 11
11
 
10 isbc
10 isbc 10 isbc
10 isbc
 
09 assaabloy
09 assaabloy 09 assaabloy
09 assaabloy
 
08 dormakaba
08 dormakaba 08 dormakaba
08 dormakaba
 
07 parsec
07 parsec 07 parsec
07 parsec
 
06 videomax
06 videomax 06 videomax
06 videomax
 
05 sigur
05 sigur 05 sigur
05 sigur
 
04 perco
04 perco 04 perco
04 perco
 
02 itrium
02 itrium02 itrium
02 itrium
 
01 hid
01 hid 01 hid
01 hid
 
En 50132-7
En 50132-7En 50132-7
En 50132-7
 
01
0101
01
 
2018 ic3 report
2018 ic3 report2018 ic3 report
2018 ic3 report
 
threats
threatsthreats
threats
 
Google android security_2018_report
Google android security_2018_reportGoogle android security_2018_report
Google android security_2018_report
 
Owasp top-10 proactive controls-2018
Owasp top-10 proactive controls-2018Owasp top-10 proactive controls-2018
Owasp top-10 proactive controls-2018
 
Web vulnerabilities-2018
Web vulnerabilities-2018Web vulnerabilities-2018
Web vulnerabilities-2018
 
Kpsn
Kpsn Kpsn
Kpsn
 
Testirovanie parolnyh politik
Testirovanie parolnyh politikTestirovanie parolnyh politik
Testirovanie parolnyh politik
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Rpt paradigm shifts

  • 1. P A R A D I G M S H I F T S Trend Micro Security Predictions for 2018
  • 2. Skills and resources — these are the two elements that make up an attacker’s arsenal. An attacker, however, cannot set out to break security or even perform sophisticated attacks without finding weak points in a system first. Massive malware attacks, email-borne heists, hacked devices, and disrupted services — all of these require a vulnerability in the network, whether in the form of technology or people, in order to be pulled off. Increased connectivity and interaction over insecure networks are a given. Unfortunately, poor implementation of technologies adds to the likelihood of threats being realized. Having protection where and when it’s needed will become the backbone of security in this ever-shifting threat landscape. In 2018, digital extortion will be at the core of most cybercriminals’ business model and will propel them into other schemes that will get their hands on potentially hefty payouts. Vulnerabilities in IoT devices will expand the attack surface as devices get further woven into the fabric of smart environments everywhere. Business Email Compromise scams will ensnare more organizations to fork over their money. The age of fake news and cyberpropaganda will persist with old-style cybercriminal techniques. Machine learning and blockchain applications will pose both promises and pitfalls. Companies will face the challenge of keeping up with the directives of the General Data Protection Regulation (GDPR) in time for its enforcement. Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage. These are the threats that will make inroads in the 2018 landscape. As such, they will serve as further proof that the days of threats being addressed with traditional security solutions are behind us. As environments become increasingly interconnected and complex, threats are redefining how we should look at security. Trend Micro has looked into the current and emerging threats, as well as the security approaches tailored for the landscape. Read on to find out how to make informed decisions with regard to the security focus areas that will figure prominently in 2018.
  • 3. THE RANSOMWARE BUSINESS MODEL WILL STILL BE A CYBERCRIME MAINSTAY IN 2018, WHILE OTHER FORMS OF DIGITAL EXTORTION WILL GAIN MORE GROUND.
  • 4. For 2017, we predicted that cybercriminals would diversify ransomware into other attack methods. True enough, the year unfolded with incidents such as WannaCry and Petya’s rapidly propagated network attacks, Locky and FakeGlobe’s widespread spam run, and Bad Rabbit’s watering hole attacks against Eastern European countries. We do not expect ransomware to go away anytime soon. On the contrary, it can only be anticipated to make further rounds in 2018, even as other types of digital extortion become more prevalent. Cybercriminals have been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomware- as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransom, cybercriminals are being all the more drawn to the business model. Ransomware maturity as a catalyst for digital extortion campaigns If the evolution of cybercriminal tactics over the years is any indication, cybercriminals are now going straight for the money instead of tricking users into giving up their credentials. The early online threats were heavy on infostealers and malware that hijacked banking transactions to steal private information. Then, the breed of threats went out to disguise themselves as anti-malware solutions (FAKEAV), whereby users were duped into downloading the software and paying up to regain access to the victimized computers. Emulating this behavior of FAKEAV, ransomware took the stage from then on. The current success of ransomware campaigns — especially their extortion element — will prompt cybercriminals looking to make generous profits out of targeting populations that will yield the most return possible. Attackers will continue to rely on phishing campaigns where emails with ransomware payload are delivered en masse to ensure a percentage of affected users. They will also go for the bigger buck by targeting a single organization, possibly in an Industrial Internet of Things (IIoT) environment, for a ransomware attack that will disrupt the operations and affect the production line. We already saw this in the fallout from the massive WannaCry and Petya outbreaks, and it won’t be long until it becomes the intended impact of the threat. Extortion will also come into play when GDPR gets imposed. Cybercriminals could target private data covered by the regulation and ask companies to pay an extortion fee rather than risk punitive fines of up to 4 percent of their annual turnover. Companies will have ransom prices associated with them that cybercriminals can determine by taking publicly available financial details and working out the respective maximum GDPR fines the companies could face.This will drive an increase in breach attempts and ransom demands. Moreover, we expect GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings were used in past FAKEAV and ransomware campaigns. Users and enterprises can stay resilient against these digital extortion attempts by employing effective web and email gateway solutions as a first line of defense. Solutions with high-fidelity machine learning, behavior monitoring, and vulnerability shielding prevent threats from getting through to the target. These capabilities are especially beneficial in the case of ransomware variants that are seen moving toward fileless delivery, in which there are no malicious payloads or binaries for traditional solutions to detect. SOURCES: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-morphosis/ https://www.trendmicro.com/vinfo/us/security/definition/ransomware https://documents.trendmicro.com/assets/rpt/rpt-setting-the-stage.pdf Prominent Cybercriminal Business Models Over the Years Ransomware and DIGITAL EXTORTION will be the land of milk and honey for cybercriminals. Unprecedented ransomware outbreaks occur through WANNACRY and PETYA. New ransomware families spike by 752%, RANSOMWARE-AS-A-SERVICE (RaaS) emerges. Ransomware steadily grows, and continues to encrypt and demand payment. Ransomware BITCRYPT encrypts files and demands bitcoin payment. Ransomware CRYPTOLOCKER encrypts files, locks systems, and demands $300 payment. Trojan SPYEYE steals millions of dollars. First Android Trojan, DROIDSMS, emerges. Trojans spread via malicious links on Twitter. Worm KOOBFACE targets Facebook users. FAKEAV steals credit card information using fake antivirus scare messages. Infostealer ZEUS is discovered. Online banking malware that logs keystrokes or changes banking interfaces flourishes.
  • 5. CYBERCRIMINALS WILL EXPLORE NEW WAYS TO ABUSE IoT DEVICES FOR THEIR OWN GAIN.
  • 6. The massive Mirai and Persirai distributed denial-of-service (DDoS) attacks that hijacked IoT devices, such as digital video recorders (DVRs), IP cameras, and routers, have already elevated the conversation of how vulnerable and disruptive these connected devices can be. Recently, the IoT botnet Reaper, which is based on the Mirai code, has been found to catch on as a means to compromise a web of devices, even those from different device makers. We predict that aside from performing DDoS attacks, cybercriminals will turn to IoT devices for creating proxies to obfuscate their location and web traffic, considering that law enforcement usually refers to IP addresses and logs for criminal investigation and post-infection forensics. Amassing a large network of anonymized devices (running on default credentials no less and having virtually no logs) could serve as jumping-off points for cybercriminals to surreptitiously facilitate their activities within the compromised network. We should also anticipate more IoT vulnerabilities in the market as many, if not most, manufacturers are going to market with devices that are not secure by design. This risk will be compounded by the fact that patching IoT devices may not be as simple as patching PCs. It can take one insecure device that has not been issued a fix or updated to the latest version to become an entry point to the central network. The KRACK attack proved that even the wireless connection itself could add to the security woes. This vulnerability affects most, if not all, devices that connect to the WPA2 protocol, which then raises questions about the security of 5G technology, which is slated to sweep connected environments. Devices that will be targeted for disruptions and cybercrime With hundreds of thousands of drones entering the U.S. airspace alone, the prospect of overseeing the aerial vehicles can be daunting. We expect that reports of drone-related accidents or collisions are only the start of it, as hackers have already been found to access computers, grab sensitive information, and hijack deliveries. Likewise, pervasive home devices such as wireless speakers and voice assistants can enable hackers to determine house locations and attempt break-ins. We also expect cases of biohacking, via wearables and medical devices, to materialize in 2018. Biometric activity trackers such as heart rate monitors and fitness bands can be intercepted to gather information about the users. Even life-sustaining pacemakers have been found with vulnerabilities that can be exploited for potentially fatal attacks. What adopters and regulators should recognize now is that not all IoT devices have built-in security, let alone hardened security. The devices are open to compromise unless manufacturers perform regular risk assessments and security audits. Users are also responsible for setting up their devices for security, which can be as simple as changing default passwords and regularly installing firmware updates.
  • 7. GLOBAL LOSSES FROM BUSINESS EMAIL COMPROMISE SCAMS WILL EXCEED US$9 BILLION IN 2018.
  • 8. According to the Federal Bureau of Investigation (FBI), BEC scams have been reported in over a hundred countries and had a marked increase of 2,370 percent in identified exposed losses between January 2015 and December 2016. This isn’t surprising since BEC scams are to cybercriminals what burglary is to “offline” criminals. BEC scams are quick, require very little scouting, and can yield big gains depending on the target, as evidenced by the US$5 billion recorded losses. We predict that BEC incidents will only multiply in 2018, leading to more than US$9 billion* in global losses. This hike in the projected reported losses will be brought on partly by a growing awareness around BEC and the tactics used, which will result in better identification and increased reporting of the scams. Mainly, it will be rooted in how BEC scams bank on phishing approaches that time and again have proved to be effective. We will continue to see BEC scams that involve company executives being impersonated to wire sums of money. We’ve been observing it in the increase of BEC attack attempts involving CEO fraud. It’s also interesting to note that instead of planting keyloggers, BEC scammers are turning to phishing PDFs and sites, which are cheaper than keyloggers with crypting services. With phishing, they can still compromise accounts, and at lower costs at that. The simplicity of knowing a target organization’s hierarchy (which may even be publicly available on social media and corporate websites) and the brevity of the emails make a case for BEC as an efficient ploy to funnel money. There is, however, another financially driven enterprise threat that is expected to still be wielded by crybercriminals, especially those who are willing to do the long con: Business Process Compromise (BPC). With BPC, cybercriminals learn the inner workings of the organization, particularly in the financial department, with the aim of modifying internal processes (possibly via corporate supply chain vulnerabilities) and hitting the mother lode. But given that it requires long-term planning and more work, BPC is less likely to make headlines in 2018, unlike the much simpler BEC. BEC can be deflected if employee training is in place, as it is reliant on social engineering. Companies should implement strict protocols on internal processes, especially when making any kind of transaction. Small- and medium-sized businesses, as well as enterprises, should employ multiple verifications, whereby another established communication channel, such as a phone call, is at one’s disposal for double-checking. Web and gateway solutions that provide accurate detection of social engineering tactics and forged behaviors may also be able to block BEC threats. * US$9 billion is based on computing the monthly average of reported losses from June to December 2016 and multiplying it by 12. This only assumes that there is a flat growth for reported BEC incidents and victims. Cumulative BEC Losses US$9.1B US$5.3B US$3.1B 2013 20172014 2015 2016 SOURCES: https://www.ic3.gov/media/2016/160614.aspx https://www.ic3.gov/media/2017/170504.aspx
  • 9. CYBERPROPAGANDA CAMPAIGNS WILL BE REFINED USING TRIED-AND-TESTED TECHNIQUES FROM PAST SPAM CAMPAIGNS.
  • 10. The fake news triangle consists of: motivations the propaganda is built on, social networks that serve as a platform for the message, and tools and services that are used to deliver the message. In 2018, we expect cyberpropaganda to spread via familiar techniques: those that were once used to spread spam via email and the web. Do-it-yourself (DIY) kits in the form of software, for instance, can perform automated social media spamming. Even black hat search engine optimization (SEO) has been adapted to social media optimization (SMO), with a user base of hundreds of thousands able to provide traffic and numbers to different platforms. From spear- phishing emails sent to foreign ministries to the blatant use of documents to discredit authorities, dubious content can spread freely and spark forceful opinions or even real protests. Fabricated information, additionally, can put businesses in a bad light and even hurt their performance and reputation. Researchers are even looking into audio and video manipulation tools that allow realistic-looking footage to further blur the line between authentic and fake. Manipulated political campaigns will continue to mount smear tactics and deliberately shift public perception, as allowed by the tools and services readily available in underground marketplaces. It is likely that the upcoming Swedish general election will not be exempt from attempts to influence the voting outcome through fake news. The interest will also be hot on the heels of the U.S. midterm elections, as social media can be wielded to amplify divisive messages, as in the alleged meddling in the previous U.S. presidential election and the “troll farm” behind a Twitter influencer. Each time fake news gets posted and reposted, a reader encountering the same content grows familiar with it and takes it as truth. Having the eye to distinguish fake news from not will be tough, as propagandists use old techniques that have proved effective and reliable. Fake news and cyberpropaganda will press on because there has been no dependable way to detect or block manipulated content. Social media sites, most notably Google and Facebook, have already pledged a crackdown on bogus stories propagating across feeds and groups, but it has had little impact so far. That being the case, the final screening will still be dependent on the users themselves. But as long as users are not educated in flagging false news, such content will continue to permeate online and be consumed by unsuspecting and undiscerning readers. Countries That Will Hold General, Parliamentary or Presidential Elections in 2018 SOURCES: http://www.electionguide.org/elections/upcoming/ https://www.thelocal.se/20170911/what-you-need-to-know-about-swedens-party-leaders-2018-election https://www.usatoday.com/story/news/politics/2017/09/07/2018-midterm-elections-senate-races-to-watch/597965001/ Africa Cameroon Madagascar Mali Mauritiana Sierra Leone South Sudan Zimbabwe Cambodia Maldives Pakistan Turkmenistan Czech Republic Cyprus Finland Georgia Italy Montenegro Russia Sweden Cuba Mexico United States Paraguay Venezuela Asia Europe North America South America
  • 11. THREAT ACTORS WILL RIDE ON MACHINE LEARNING AND BLOCKCHAIN TECHNOLOGIES TO EXPAND THEIR EVASION TECHNIQUES.
  • 12. Knowing what is unknown. That’s one of the key promises of machine learning, the process by which computers are trained but not deliberately programmed. For a relatively nascent technology, machine learning shows great potential. Already, however, it’s become apparent that machine learning may not be the be-all and end-all of data analysis and insights identification. Machine learning lets computers learn by being fed loads of data. This means that machine learning can only be as good and accurate as the context it gets from its sources. Going into the future, machine learning will be a key component of security solutions. While it uncovers a lot of potential for more accurate and targeted decision-making, it poses an important question: Can machine learning be outwitted by malware? We’ve found that the CERBER ransomware uses a loader that certain machine learning solutions aren’t able to detect because of how the malware is packaged to not look malicious. This is especially problematic for software that employs pre-execution machine learning (which analyzes files without any execution or emulation), as in the case of the UIWIX ransomware (a WannaCry copycat), where there was no file for pre-execution machine learning to detect and block. Machine learning may be a powerful tool, but it is not foolproof. While researchers are already looking into the possibilities of machine learning in monitoring traffic and identifying possible zero-day exploits, it is not far- fetched to conjecture that cybercriminals will use the same capability to get ahead of finding the zero-days themselves. It is also possible to deceive machine learning engines, as shown in the slight manipulation of road signs that were recognized differently by autonomous cars. Researchers have already demonstrated how machine learning models have blind spots that adversaries can probe for exploitation. While machine learning definitely helps improve protection, we believe that it should not completely take over security mechanisms. It should be considered an additional security layer incorporated into an in-depth defense strategy, and not a silver bullet. A multilayered defense with end-to-end protection, from the gateway to the endpoint, will be able to fight both known and unknown security threats. Another emerging technology that is poised to reshape businesses and that we see being abused is the blockchain. Blockchain technology has generated a lot of buzz in the context of digital cryptocurrencies and as a form of no-fail security. Adoption of the decentralized ledger is projected to be widespread in five to 10 years. Currently, however, many initiatives are already being built on blockchain, ranging from technology and finance industry startups and giants to entire governments – all with the goal of revolutionizing business models. Blockchain works by having a required consensus among the participants, which makes unauthorized changes or deliberate tampering with the blockchain difficult to do. The more transfers there are, the more the series becomes complex and obfuscated. This obfuscation, likewise, can be seen as an opportunity by cybercriminals looking into enhancing their attack vectors. They have already managed to target the blockchain in the Ethereum DAO hack, which led to over US$50 million worth of digital currency lost. Like most promising technologies that were thought secure at one point, machine learning and blockchain warrant close attention.
  • 13. MANY COMPANIES WILL TAKE DEFINITIVE ACTIONS ON THE GENERAL DATA PROTECTION REGULATION ONLY WHEN THE FIRST HIGH-PROFILE LAWSUIT IS FILED.
  • 14. The European Union (EU) will finally be rolling out GDPR in May 2018, with an expected extensive impact on data handling of companies that engage with EU citizens’ data – even if the said companies are outside Europe. In our research, we found that the majority of C-level executives (in 57 percent of businesses) shun the responsibility of complying with GDPR, with some unaware of what constitutes personally identifiable information (PII) and even unbothered by potential monetary penalties. Laggards will fully heed the brunt of GDPR only when the retributions are imposed by the regulators. Data privacy watchdogs can interfere with business operations by altogether banning companies from processing certain data. There is also the possibility that lawsuits, both from the authorities and from the citizens themselves, will come into the picture. The American credit reporting agency Equifax, for instance, would have faced a staggering fine, as some U.K. consumers were reportedly affected too, if the breach had happened after the GDPR implementation had gone into effect and it hadn’t come forward with the incident sooner than it chose to. A considerable penalty would have also been imposed on the international ride-hailing company Uber, which announced a data breach over a year after the fact. Noncompliance with breach notification will prompt regulators to issue fines of up to €20 million, or up to 4 percent of the company’s global annual turnover of the preceding financial year, whichever is greater. Companies waking up to the GDPR enforcement, therefore, will find the importance of having a dedicated data protection officer (DPO) who can spearhead data processing and monitoring. DPOs are particularly needed in enterprises and industries that handle sensitive data. Companies will be required to review their data security strategy, including classifying the nature of data and distinguishing EU data from data associated with the rest of the world. Other regions will have to catch up with their data regulations by having a similar framework of wide-ranging scope and tougher penalties for compliance failure. The U.S. Food and Drug Administration (FDA) has already recognized several European drug regulatory authorities to improve its inspections. Australia is gearing up to enact its own data breach notification laws based on the Privacy Amendment (Notifiable Data Breaches) Act 2017, while U.K.’s Data Protection Bill is getting updated to match EU’s laws after Brexit. Meanwhile, the EU-U.S. Privacy Shield deal will have to prove how binding it is in spite of concerns expressed by the EU. of businesses appear to be dismissive of the extent of GDPR fines. of businesses don’t know email marketing databases contain PII. of businesses have invested in technology to identify intruders. GDPR Is Coming. Are You Prepared? 66% 34% 42% SOURCE: http://newsroom.trendmicro.com/press-release/commercial/trend-micro-research-reveals-c-level-executives-are-not-prepared-gdpr-imple
  • 15. ENTERPRISE APPLICATIONS AND PLATFORMS WILL BE AT RISK OF MANIPULATION AND VULNERABILITIES.
  • 16. In today’s environment, where the Industry 4.0 makes cyber-physical systems and production processes increasingly interconnected and software-defined, risks can stem from several areas within. The notion of having a digital twin, a virtual replica or simulation of the real-world production or process, is enabling enterprises to address performance issues that may arise in real physical assets. However, we believe that while it’s poised to transform operations, the production network can be infiltrated by malicious actors aiming to manipulate the system and cause operational disruptions and damages. By manipulating the digital twin itself, these actors can make production processes look legitimate when they have, in fact, been modified. In addition, production data that is directly (or indirectly) handed over via manufacturing execution systems (MES) to SAP or other enterprise resource planning (ERP) systems is also in danger of being compromised. If a manipulated piece of data or wrong command is sent to an ERP system, machines will be liable to sabotage processes by carrying out erroneous decisions, such as delivery of inaccurate numbers of supplies, unintended money transfers, and even system overloads. Enterprise systems will not be the only ones targeted; in 2018, we expect to continue to see security flaws in Adobe and Microsoft platforms. What’s going to be particularly interesting, though, is the renewed focus on browser-based and server-side vulnerabilities. For years, the vulnerabilities of well-known browser plug-ins like Adobe Flash Player, Oracle’s Java, and Microsoft Silverlight have been targeted. We predict that in 2018, however, weaknesses in JavaScript engines will beset the modern browsers themselves. From Google Chrome’s V8 crashing issues to Microsoft Edge’s Chakra being open source, JavaScript-based browser vulnerabilities will make more appearances in 2018 given the wide use of the script on the web. Attackers will also take a renewed focus on using server-side vulnerabilities to deliver malicious payloads. We predict that the use of Server Message Block (SMB) and Samba exploits that deliver ransomware will be more pronounced in 2018. SMB vulnerabilities, in particular, can be exploited without any direct interaction with the user. In fact, an SMB vulnerability was used in the EternalBlue exploit that crippled many networks running on Windows during the WannaCry and Petya ransomware attacks, and in the more recent Bad Rabbit attacks that exploited EternalRomance. The open-source Samba on Linux, similarly, is capable of exploiting vulnerabilities in the SMB protocol. Attacks against production processes through SAP and ERP mean that enterprises will need to take the security of related applications as priority. Access to the applications will need to be managed and monitored to avoid any unauthorized access. Users and enterprises are advised to routinely check for software updates and apply patches once they are available. However, as administrators can stumble over immediate deployment of updates, we recommend integrating vulnerability shielding into systems so that platforms are protected against unpatched and zero- day vulnerabilities. Network solutions should also secure connected devices from potential intrusions through virtual patching and proactive monitoring of web traffic.
  • 17. Tackling Security in 2018 Given the broad range of threats the landscape currently bears and will expect to face in 2018 – from vulnerabilities and ransomware to spam and targeted attacks – what enterprises and users alike can best do is to minimize the risk of compromise at all layers. Better visibility and multilayered security defense for enterprises To combat today’s expansive threats and be fortified against those yet to come, organizations should employ security solutions that allow visibility across all networks and that can provide real-time detection and protection against vulnerabilities and attacks. Any potential intrusions and compromise of assets will be avoided with a dynamic security strategy that employs cross-generational techniques appropriate for varying threats. These security technologies include: • Real-time scanning. Active and automatic scans allow highly efficient malware detection and improved machine performance. • Web and file reputation. Malware detection and prevention through web reputation, anti-spam techniques, and application control protect users from ransomware attacks and exploits. • Behavioral analysis. Advanced malware and techniques that evade traditional defenses are proactively detected and blocked. • High-fidelity machine learning. Human inputs augmented with threat intelligence data allow rapid detections and accurate defenses against known and unknown threats. • Endpoint security. Security that employs sandboxing, breach detection, and endpoint sensor capabilities detect suspicious activities and prevent attacks and lateral movement within the network. Best practices and sustained protection for end-users Having different devices and applications to access information is becoming second nature in today’s increasingly connected world. Regardless of device, application, or network, users will be able to fill the security gaps with proper configurations: • Change default passwords. Use unique and complex passwords for smart devices, especially for routers, to significantly reduce the possibility of attackers hacking into the devices. • Set up devices for security. Modify devices’ default settings to keep privacy in check and implement encryption to prevent unauthorized monitoring and use of data. • Apply timely patches. Update the firmware to its latest version (or enable the auto-update feature if available) to avoid unpatched vulnerabilities. • Deflect social engineering tactics. Always be mindful of emails received and sites visited as these can be used for spam, phishing, malware, and targeted attacks. Enterprises and users are better positioned if protections in place are able to cover the entire threat life cycle with multiple security layers. From the email and web gateway to the endpoint, having a connected threat defense ensures maximum protection against the constantly evolving threats of 2018 and beyond.
  • 18. ©2017 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. TREND MICROTM Trend Micro Incorporated, a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver topranked client, server, and cloud-based security that fits our customers’ and partners’ needs; stops new threats faster; and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology, products and services stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Created by: The Global Technical Support and R&D Center of TREND MICRO For Raimund Genes (1963 - 2017)