ED#218 : Ransomware 101 With Trend Micro

On the 5th of November 2015, we were invited by Trend Micro to a special media briefing on ransomware. Titled Ransomware 101 : What, How & Why, it was held at the new Trend Micro office in The Intermark.

Law Chee Wan, Trend Micro's Manager of Technical Sales was the speaker of the day. He gave us an hour-long talk on how ransomware creators operate, and how they are now targeting small and medium-sized businesses. This shift in targeting is due to the fact that small businesses are less likely to have the kind of sophisticated defences that enterprises have.

Check out the video we recorded of his talk on ransomware. It runs about 58 minutes long, so grab a drink and some tidbits... just like we did. :D

Sony warns against upgrading to Windows 10

Follow the Data: Dissecting Data Breaches and Debunking the Myths

Trend Micro also issued a press release on dissecting data breaches and debunking the myths about data breaches. Take a look :

These past 10 years have given us some of the United States’ history's most high-profile data breaches. There was the AOL incident in 2005, where an insider leaked sensitive data. The Sony (2011) and Target (2014) incidents exposed millions of customer records. And this year alone, we saw healthcare companies (Anthem), government agencies (OPM), and even online dating services (Ashley Madison) get hit with breaches of their own. The magnitude of stolen information is staggering, and the variety of which even more so.

“Cybercriminals are becoming more inventive in their attack methods of online extortion escalating beyond simple ransomware to hacktivists using data breaches to systematically destroy their targets, to ad-blocking software shaking up the advertising business and killing malvertising, often infiltrating and abusing existing technologies that are often overlooked. Hackers are taking more strategic approaches, refining their approach and targeting more selective victims to improve their infection rates. It isn’t just confined to the United States, Malaysia’s threat landscape presents a growing statistic of businesses that has been affected by data breaches as well,” said Goh Chee Hoh, Managing Director for Trend Micro Malaysia, Singapore and Indonesia.

Much of the attention surrounding these breaches has been focused on who's affected and how they can recover. The stolen data on the other hand is treated as a lost cause. But there is so much more to learn from studying what was stolen. By following the data, we can get a picture of what attackers are looking for, how they use the data, how much it costs, and where it eventually ends up.

Numaan Huq of the Trend Micro Forward-Looking Threat Research team analyzed a decade's worth of data breach information to gain insight into the odds at play when a company suffers a breach. His probability studies will allow companies to assess their current risk levels in order to come up with better strategies to defend their networks. They also help us prove if what we know about data breaches have merit or are just mere myths.

Myth # 1: Hacking and malware are the leading causes of data breaches.

Although the news has been rife with stories of how certain malware or hacking groups were responsible for breaches, the truth is, most of them were actually caused by device loss. Overall, it accounts for 41% of all breaches compared to the 25% caused by hacking and malware. Companies may often overlook the kind of sensitive information stored on their employees' laptops, mobile devices, and even thumb drives. If any of these devices get lost, stolen, and are left unprotected, they become an easy way to steal data.

This doesn't mean, though, that hacking and malware are not serious. These kinds of threats should never be taken lightly. Compared to device loss or theft—which can be mitigated through remote device wipe, the use of virtual infrastructure, and enforcement of stricter policies—hacking and attacks using malware are more planned and deliberate. Highly customized defense solutions and strategies are required in these cases.

Myth # 2: Attackers go for personally identifiable information (PII) to reap the most data.

This is both true and false. Although PII is the most popular stolen record type, it doesn't guarantee an attacker more access to his target information. It really depends on the situation and the attacker's goal. If the aim is to get educational or health records, having a person's PII will give the attacker a higher chance of accessing those bits of information. If attackers really want to gain access to the proverbial keys to the kingdom, they would go for credentials, more specifically, the credentials of a network administrator.

Myth # 3: Using hacking or malware is the best way to steal all types of data.

Looking at the probability, this one is actually true, only because these were the most popular methods attackers used this past decade. Hacking into a network—whether using brute force, social engineering, or malware—has the highest chance of returns. The second most preferred method is through insiders. These can be disgruntled employees who leak the data on their own volition.

Myth # 4: The retail industry is the most affected by data breaches.

Although retailers have suffered many losses because of data breaches, the most affected industry was actually the healthcare sector, accounting for more than a fourth of all breaches (26.9%) this past decade. The second was the education sector (16.8%) followed by government agencies (15.9%). Retailers only come in fourth place with 12.5%. Although its share is not as big as the healthcare industry's, the effects of a breach for a high-profile retail giant can still be damaging in terms of reputation and revenue.

Myth # 5: PII is the most in-demand underground commodity in terms of breached information.

There's actually a big surplus of PII currently available in the cybercriminal underground. This has caused its price to drop significantly, from US$4 last year to US$1 this year. The same goes for credit card numbers which are now sold in bulk, regardless of card brand. Interestingly, the selling of stolen Uber accounts is gaining popularity. They're sold at around US$1.15 each.

For a more detailed look at the end-to-end journey of stolen data, check out our research paper Follow the Data: Dissecting Data Breaches and Debunking the Myths [PDF]. There, you'll see more of the research, analysis, and insights that support the findings listed here. Also flip through its companion piece, Follow the Data: Analyzing Breaches by Industry, where you'll see a breakdown of stolen data and breach methods associated with each sector.

Cybersecurity today with Rik Ferguson

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Questions & Comments

If you have a question or comment on this editorial, please feel free to post them here!