2009’s Most Persistent Malware Threats

View full report

Enterprises are raring to harness the benefits of the Internet’s connectivity and infrastructure for both core operations and support activities. The generally positive response toward moving into the cloud, the increase in the use of social networking platforms for business, and the continuous move toward a mobile and interconnected workforce gained momentum in 2009.

The risks of conducting business with the use of the Internet became readily apparent as well. According to reports, 18 percent of the respondents to the “Computer, Crime, and Security Survey” that reported security incidents in 2009 also experienced at least one targeted malware attack.

A separate study, the Ponemon/PGP report as reported by CNET News on the cost of a data breach due to criminal activity pegs loss to business at US$215 per stolen record. Remarkably, the “criminal activities” in this report now include data-stealing malware and botnets. In fact, more of these attacks have been reported in 2009 than ever before. A review of the TrendLabs Malware Blog entries in 2009 likewise calls attention to recurring themes in the security challenge for users and businesses alike. Cybercriminal organizations work hard to use old and new online platforms to trick even the more tech-savvy users into following a malicious link or into opening a malicious file. In the more insidious kinds of attack that will be discussed later (i.e., a network worm named DOWNAD), almost no user interaction is required for an attack to spread throughout a system of interconnected computers.

In this report, TrendLabs, Trend Micro’s research lab, discusses 2009’s most persistent threats and presents why users need to be more engaged in keeping their systems secure than ever before. These five most recurring and ever-present threats effectively challenge even the more tech-savvy businesses who encounter them either through lack of network security or of education and appreciation of the severity of threats on the part of employees. At the end of each discussion, a list of security dos are recommended for large enterprises and smaller businesses alike.

View full report

20-Million Forms of Malware With a New Threat Created Every 2 Seconds

The danger sounds daunting—even overwhelming. But the answers are out there and core technology expert Jon Clay has them in a series of videos explaining how Trend Micro’s Smart Protection Network overcomes attacks. These short videos are eye-opening and easy-to-understand, offering a sweeping overview without a lot of “tech speak.”

» Watch how-it-works video series

Unpatched Applications Are #1 Cyber Security Risk

Unpatched client software and vulnerable Internet-facing web sites are the most serious cyber security risks for business. Lesser threats include operating system holes and a rising number of zero-day vulnerabilities, according to a new study.

A leading security education organisation, the SANS Institute, has released a new report describing “The 2009 Top Cyber Security Risks.” It may be read for free (no registration required). Here are its key findings, quoted from the executive summary:

1. Priority One: Client-side software that remains unpatched.
2. Priority Two: Internet-facing web sites that are vulnerable.
3. Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms.
4. Rising numbers of zero-day vulnerabilities

Throughout the developed world, governments, defense industries, and companies in finance, power, and telecommunications are increasingly targeted by overlapping surges of cyber attacks from criminals and nation-states seeking economic or military advantage. The number of attacks is now so large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.

This report uses current data - covering March 2009 to August 2009 - from appliances and software in thousands of targeted organizations to provide a reliable portrait of the attacks being launched and the vulnerabilities they exploit. The report’s purpose is to document existing and emerging threats that pose significant risk to networks and the critical information that is generated, processed, transmitted, and stored on those networks.

The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of TippingPoint with assistance from Wolfgang Kandek of Qualys, Johannes Ullrich of the Internet Storm Center, and Ed Skoudis and Rob Lee of the SANS Institute faculty.

What Makes a Company a Target for Cyber Criminals?

Is it the more employees, the bigger the target? Is a better known company more likely to be attacked? Find out the answer to these questions and the most critical questions you should be asking to protect your company. Hear the experts in “Gain Control Over New Threats, Spam, Viruses, and User Web Surfing.”

Safer, Smarter, Simpler [1:48]

Web Threats [2:09]

Protect Your Business [0:53]