Cyber Threats to Look Out For
Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from the CISO Resource Center, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.
Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.
What Generative AI Means for Cybersecurity in 2024
Generative #AI kicked off 2023 as a headline-grabbing novelty and ended the year as an indispensable productivity enabler for corporations, creatives, scientists, students, and—inevitably—cybercriminals. Taking social engineering and fraud to a whole new level with gen AI - Before generative AI’s breakthrough, cybercriminals had two main #phishing strategies. One was to mass-blast a huge number of targets and hope to catch a few vulnerable users. The other was to extensively research specific users and target them manually—a high-effort, high-success method known as ‘harpoon phishing’ or ‘whale phishing’.
#GenAI is converging those two models, making it easy for attackers to send targeted, error-free, and tonally convincing messages on a mass scale in multiple languages. And this is already branching beyond emails and texts to include persuasive audio and video ‘#deepfakes’ for an even more business-affecting threat.
Find out more in our blog, "What Generative AI Means for Cybersecurity in 2024 "
Lockbit Takeover | #TrendTalksBizSec
Jon Clay, VP of Threat Intelligence, and Greg Young, VP of Cybersecurity, discussed the recent #Lockbit takeover. Learn about the ransomware group Lockbit, law enforcement’s Operation Cronos, and more.
Through undercover infiltration, Trend helped prevent the release of the group's next #malware products and automatically installed protection for Trend Micro customers, even before the group themselves had finished testing.
This group was responsible for about 25 percent of all #ransomware leaks in 2023 and caused billions of dollars in losses for thousands of global victims over the past four years. Ransomware is one of the most serious cyber threats facing organizations today, known for disrupting schools, hospitals, governments, and businesses and imperiling critical national infrastructure. It does all of this while lining the pockets of a few small #cybercrime groups: last year, victims paid over $1 billion to these groups and their affiliates, a record figure.
This work ultimately supported the following outcomes:
While LockBit was, without doubt, the largest and most impactful Ransomware operation globally, this disruption makes it very clear that all criminal affiliates should strongly reconsider any involvement with them in the future and that in partnering with this organization, these associates have put themselves at increased risk of law enforcement action.
Watch their full discussion here: Lockbit Takeover | #TrendTalksBizSec
Read our blog for more in depth detail on this take down: "Global Law Enforcers Seek Trend Micro's Help in Taking Down Top Ransomware Threat Group LockBit "
Microsoft Defender SmartScreen Vulnerability
CVE-2024-21412 is a critical vulnerability found in Microsoft Defender SmartScreen and discovered by the Trend Micro? Zero Day Initiative? (ZDI). The bypass is part of a sophisticated zero-day attack chain by the advanced persistent threat (APT) group we’ve identified as #WaterHydra (aka DarkCasino), which previously targeted financial market traders. We’ve also discovered a second unidentified group exploiting this same vulnerability.
领英推荐
What to do and what to know?
Trend customers have been protected from CVE-2024-21412 since January 17 thanks to virtual patching and others will be protected once the official patch is released by Microsoft.
While many organizations will be rushing to alarm security operations to test and deploy the official Microsoft patch, which is likely to include a reboot, Trend customers do not need to make any changes to their patch protocol since they are already protected.
For over three decades, Trend has been protecting enterprises from cyber attacks, thwarting both zero-day exploits and N-day vulnerabilities at the earliest stages. The synergistic relationship between the Trend Micro? Zero Day Initiative? (#ZDI) threat-hunting teams and Trend Micro products allows us to identify new threats in the wild and build proactive protections for our customers. In 2023, we had active virtual patches on average 51 days ahead of Microsoft patches and, overall, 96 days ahead of all vendors whose bugs were submitted through the program. Trend boasts one of the most substantial vulnerability research organizations worldwide. Leveraging this expertise, we shield our customers from new and existing exploits.
Find out more about The Microsoft Defender SmartScreen Vulnerability here .
Bug Bounty Program ZDI 2023 Performance
The Trend Micro Zero Day Initiative (ZDI) is the world's largest agnostic bug bounty program that has been around for nearly 20 years. This program was created to bring visibility into the use of vulnerabilities in attacks using zero-day exploits and help remove these bugs from the exploit market by helping vendors identify them and patch them. Over the years, #ZDI has been instrumental in providing many bugs to a multitude of vendors across the computing landscape. ZDI has continued to see growth over the years and continues to be a force in the world of vulnerability disclosures. Let me share some key overall benefits the program brings:
The benefit of ZDI to the public is the ability to obtain quality bugs from researchers (both internal and external) 78% of the bugs in 2023 were rated critical or high severity.
ZDI helps manage the disclosure process with affected vendors, keeping vendors accountable for patching their bugs and removing bugs that could potentially be used by adversaries in exploit-based attacks. The time it takes adversaries to weaponize a new bug continues to lower each year.
The overall benefit to Trend Micro customers/partners is our focus on critical software used by them and using incentives for higher bounties on critical applications. Pre-disclosed virtual patches are made available to customers (specifically for TippingPoint and CloudOne Network Security customers) on average 70+ days before a public patch is available. This ensures any existing exploits or new ones used before the patch is applied are covered by Trend.
Zero Day Initiative is a hidden gem if you weren’t aware of this program and provides the world with a much-needed service. Vendors like Microsoft and Adobe applaud their efforts and thank them for their support. ZDI is also the top vendor submitting bugs to ICS-CERT, which helps our critical infrastructure, which continues to be attacked by adversaries from around the world. This program is a key component of the overall Trend research and allows us to support the world.
Read more about the 2023 ZDI performance in our blog, "Trend Micro’s Bug Bounty Program ZDI 2023 Performance "
Akira: Fastest Growing Ransomware |#TrendTalk Threat Research
Jon Clay, VP of Threat Intelligence at Trend Micro, breaks down the #Akira ransomware group’s double extortion method. He sheds light on their attack lifecycle: from initial access and credential theft to dropping the Akira #ransomware and encrypting data. Akira is swiftly becoming one of the fastest-growing ransomware families thanks to its use of double extortion tactics, a ransomware-as-a-service (#RaaS) distribution model, and unique payment options. As previously mentioned, Akira operators are associated with Conti ransomware actors, which explains code similarities in both ransomware families. In July, the Arctic Wolf Labs Team reported that Akira shared code similarities with the #Conti ransomware. However, they also noted that when Conti’s source code was leaked, different malicious actors used it to create or tweak their own ransomware code, which makes it even more challenging to trace back ransomware families to Conti operators.
Based on our own analysis, Akira appears to be based on the Conti ransomware: It shares similar routines with Conti, such as string obfuscation and file encryption, and avoids the same file extensions that Conti avoids. We believe that Akira operators’ main motivation for targeting organizations is financial in nature.
Listen to our podcast for a more in depth analysis of Akira Ransomware: Akira Fastest Growing Ransomware
Before you go:
Check out our new episode of Trend Talks Biz Sec, Jon Clay, VP of Threat Intelligence, and his co-host Greg Young, VP of Cybersecurity, provide an overview of the everchanging roles of CISOs and other cybersecurity professionals in today’s cybersecurity landscape.