Gov't urged to put up customized defense to combat cyber attacks

Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake.

This was what Trend Micro security experts said as they urged the Philippine government to draw up a defense plan against cyber attacks. "Look at what your neighbors are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software.

Fresh from their investigations of recent cyber attacks in South Korea and Taiwan, Trend Micro's global monitoring team said they have observed an alarming rise in advanced persistent threats (APTs).

"Advanced persistent threats are stealthier and more sophisticated than ever, using insidious social engineering techniques to quietly penetrate your organization to deploy customized malware that can live undetected for months," the team said.

"Then when you are least expecting it, cyber criminals can remotely and covertly steal your valuable information--from credit card data to the more lucrative intellectual property or government secrets--potentially destroying your competitive advantage, or, in the case of government, even putting national security at risk," it warned.

At a roundtable meeting with some lT security media, Richard Sheng, senior director of enterprise security at Trend Micro Inc., Asia Pacific, cited email as still a top attack vector in targeted attacks.

Every customized attack will need a customized defense strategy and a well-defined incidence response plan, he said, "We are blind against the attacks," he pointed out. "In the region, there is a lack of awareness, of understanding how data breaches take place nowadays."

He added that in the case of targeted attacks, "you have to assume you will be compromised."

In a recent gathering of government agencies representatives held at Solaire Casino and Resort in Pasay City, Sheng said that to stop spear-phishing for instance, enterprises need to integrate Sandbox technology into their email gateway.

Describing the usual practice cyber criminals use, he said: "A spear-phishing email is sent to an employee. The email contains a malicious attachment. However, with network-based Sandbox analysis, Trend Micro Deep Discover Inspector (DDI) solution then detects the suspicious email and identifies its attachment as a Trojan downloader."

Sheng continued: "Today's most damaging attacks are targeted specifically at your people, your systems, your vulnerabilities, and your data. Trend Micro, he said, provides proactive security that fits the threat landscape and supports varying IT infrastructure, partner ecosystems, and customer needs.

At the heart of Trend Micro's ability to deliver timely threat intelligence, service and support to its global customer base is TrendLabs, its global technical support and research and development headquarters that is based in Ortigas, Pasig.

Sheng said the Philippines has a "homecourt advantage" because the company need not fly its experts in. Established in the country in 1998, TrendLabs now houses over 1,000 cloud security and anti-malware experts, including support engineers all deployed in round-the-clock operations.

Q1 2013 Report

Meanwhile, Trend Micro's Q1 2013 Security Roundup Report prominently featured the Philippines in its the top 10 lists for the following: Top 10 risk of privacy exposure due to app use, Top 10 malicious android app download volumes, and Top 10 with the highest battery-draining app download volumes.

"Mobile Internet continues to be strong in the Philippines," said Myla Pilao, Trend Micro's director for Core technology. "With the Internet becoming more and more accessible, and the with unlimited number of free apps available, Trend Micro recommends that users practice a stronger sense of discernment in downloading. This is the first step in ensuring their data privacy protection."

Trend Micro's Q1 2013 Security Roundup also highlighted multiple zero-day exploits found targeting popular applications like Java, Adobe Flash Player, Acrobat and Reader.

The roundup also identified zero-day attacks among prominent Q1 threats. According to the roundup, new attacks against Oracle's Java and Adobe's Flash Player, Acrobat and Reader reveal that vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the "Black Hole Exploit Kit."

"Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is it's vulnerabilities and it's ubiquity," said Rik Ferguson, Trend Micro's vice president for security research. "This definitely won't be the last zero-day vulnerability in Java and it won't be the end of the vast attack surface that it currently offers to criminals."

Attacks on South Korea

The high-profile attacks executed in South Korea last March reinforced that theft is no longer the sole focus of hacking efforts, Trend Micro said. These breaches, according to the company, were also designed to cripple critical networks via innovative techniques including:

Multiplatform focus such as Unix and Linux;

Specific countermeasures for installed security software; and

Hijacking of patch management systems.

"Given what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat," said Tom Kellermann, Trend Micro vice president for cyber security. "With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data." -- 30

Join the CSO newsletter!

Error: Please check your email address.

Tags trend microsecuritygovernment

More about Adobe SystemsInc.LinuxOracleTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Edison Dy Ong

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place