Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake.
This was what Trend Micro security experts said as they urged the Philippine government to draw up a defense plan against cyber attacks. "Look at what your neighbors are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software.
Fresh from their investigations of recent cyber attacks in South Korea and Taiwan, Trend Micro's global monitoring team said they have observed an alarming rise in advanced persistent threats (APTs).
"Advanced persistent threats are stealthier and more sophisticated than ever, using insidious social engineering techniques to quietly penetrate your organization to deploy customized malware that can live undetected for months," the team said.
"Then when you are least expecting it, cyber criminals can remotely and covertly steal your valuable information--from credit card data to the more lucrative intellectual property or government secrets--potentially destroying your competitive advantage, or, in the case of government, even putting national security at risk," it warned.
At a roundtable meeting with some lT security media, Richard Sheng, senior director of enterprise security at Trend Micro Inc., Asia Pacific, cited email as still a top attack vector in targeted attacks.
Every customized attack will need a customized defense strategy and a well-defined incidence response plan, he said, "We are blind against the attacks," he pointed out. "In the region, there is a lack of awareness, of understanding how data breaches take place nowadays."
He added that in the case of targeted attacks, "you have to assume you will be compromised."
In a recent gathering of government agencies representatives held at Solaire Casino and Resort in Pasay City, Sheng said that to stop spear-phishing for instance, enterprises need to integrate Sandbox technology into their email gateway.
Describing the usual practice cyber criminals use, he said: "A spear-phishing email is sent to an employee. The email contains a malicious attachment. However, with network-based Sandbox analysis, Trend Micro Deep Discover Inspector (DDI) solution then detects the suspicious email and identifies its attachment as a Trojan downloader."
Sheng continued: "Today's most damaging attacks are targeted specifically at your people, your systems, your vulnerabilities, and your data. Trend Micro, he said, provides proactive security that fits the threat landscape and supports varying IT infrastructure, partner ecosystems, and customer needs.
At the heart of Trend Micro's ability to deliver timely threat intelligence, service and support to its global customer base is TrendLabs, its global technical support and research and development headquarters that is based in Ortigas, Pasig.
Sheng said the Philippines has a "homecourt advantage" because the company need not fly its experts in. Established in the country in 1998, TrendLabs now houses over 1,000 cloud security and anti-malware experts, including support engineers all deployed in round-the-clock operations.
Q1 2013 Report
Meanwhile, Trend Micro's Q1 2013 Security Roundup Report prominently featured the Philippines in its the top 10 lists for the following: Top 10 risk of privacy exposure due to app use, Top 10 malicious android app download volumes, and Top 10 with the highest battery-draining app download volumes.
"Mobile Internet continues to be strong in the Philippines," said Myla Pilao, Trend Micro's director for Core technology. "With the Internet becoming more and more accessible, and the with unlimited number of free apps available, Trend Micro recommends that users practice a stronger sense of discernment in downloading. This is the first step in ensuring their data privacy protection."
Trend Micro's Q1 2013 Security Roundup also highlighted multiple zero-day exploits found targeting popular applications like Java, Adobe Flash Player, Acrobat and Reader.
The roundup also identified zero-day attacks among prominent Q1 threats. According to the roundup, new attacks against Oracle's Java and Adobe's Flash Player, Acrobat and Reader reveal that vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the "Black Hole Exploit Kit."
"Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is it's vulnerabilities and it's ubiquity," said Rik Ferguson, Trend Micro's vice president for security research. "This definitely won't be the last zero-day vulnerability in Java and it won't be the end of the vast attack surface that it currently offers to criminals."
Attacks on South Korea
The high-profile attacks executed in South Korea last March reinforced that theft is no longer the sole focus of hacking efforts, Trend Micro said. These breaches, according to the company, were also designed to cripple critical networks via innovative techniques including:
Multiplatform focus such as Unix and Linux;
Specific countermeasures for installed security software; and
Hijacking of patch management systems.
"Given what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat," said Tom Kellermann, Trend Micro vice president for cyber security. "With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data." -- 30