When Phishing Starts from the Inside

A growing concern of security professionals is internal phishing attacks – phishing emails sent from one trusted user to another of the same organization. Internal phishing emails are used in multi-stage attacks in which an email account is owned either by controlling the users device with previously installed malware or by compromising the account credentials of the user. Internal phishing emails are used in both targeted attacks, where the aim is to steal information or commit extortion, and common with Business Email Compromise (BEC) schemes designed to steal money. Because the sender is an internal and trusted user, the recipient is more likely to take action on the email. Continue reading

Security seminars coming up: get up to speed in 60 minutes

Summer holiday is officially over, and we are in for a challenging last quarter of the year. Plenty of challenges: we are all working towards a more open and mobile digital environment, while the cyber-baddies are preparing plenty of new attacks. And the time to comply with GDPR is shrinking daily.

This may seem scary, but meanwhile an entire security industry is working hard to keep one step ahead of the bad guys. In handy interactive sessions of no more than 60 minutes just before lunchtime (11am to 12 pm), you can find out all about the latest security trends and get an answer to all of your questions. And we will organize each session twice, so you don’t have to miss any of them. Get up to speed in 60 minutes, by signing up for our webinars!    Continue reading

An Elaborate ATM Threat Crops Up: Network-based ATM Malware Attacks

by David Sancho and Numaan Huq (Trend Micro Forward-Looking Threat Research Team), Massimiliano Michenzi (Europol EC3)

Infecting automated teller machines (ATMs) with malware is nothing new. It’s concerning, yes. But new? Not really. We’ve been seeing physical attacks against ATMs since 2009. By physical, we mean opening the target machine’s casing, accessing the motherboard and connecting USB drives or CD-ROMs in order to infect the operating system. Once infected, the ATM is at the attackers’ mercy, which normally means that they are able to empty the money cassettes and walk away with fully loaded wallets. In 2016, we released a joint paper with Europol’s European Cybercrime Centre (EC3) that discussed the shift from physical to digital means of emptying an ATM and described the different ATM malware families that had been seen in the wild by then. Continue reading

Hacking an election is about manipulating data to affect hearts & minds

Everything can be hacked, even democracy itself. Andrés Sepúlveda described in an interview how for a decade he helped political parties in South-America to win elections. He hacked other political parties for them, got all their secrets, …  Continue reading

What can the Dark Web teach us about security?

Ever since the law enforcement takedown of the Silk Road underground marketplace in 2013, there has been increasing interest in the depth and breadth of the Dark Web. This portion of the internet has been largely shrouded from the public eye. But it represents an environment in which hackers can converse or share malicious code and strategies. And make a profit from the information stolen during the ever-increasing cyber attacks taking place.

Continue reading

Digital Voice Assistants: New Front in War on IoT Hackers

As the Internet of Things (IoT) permeates further into our lives, the potential for hackers to line their pockets or disrupt  critical infrastructure moves increasingly from theory to practice. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week, 5 September. Continue reading

Hardware configurations could be the downfall of the IoT

The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. And it’s happening sooner rather than later: More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that’s a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years.

Continue reading

HTTPS: the importance of the S

Starting October, Chrome will show a “NOT SECURE” warning when users enter text in a form on HTTP pages.” That was an e-mail recently sent out by Google. If you’ve ever bought anything online, checked your bank accounts through the app, or logged on to your favorite social media network, you’ve used a technology called SSL/TLS. Meet the S in HTTPS.

Continue reading