CSA was pleased to attend a media briefing session in Kuala Lumpur yesterday evening where the local Trend Micro leadership gave us their cybersecurity predictions for 2018. Malaysia Managing Director, Mr Goh Chee Hoh, gave us a deep introduction to Trend Micro globally and some insight into the Malaysia business he runs, then Malaysia Technical Sales Specialist, Law Chee Wan, dived in and revealed Trend’s predictions for 2018.
Goh Chee Hoh
Managing Director, Malaysia,
Law Chee Wan
Technical Sales Specialist, Malaysia,
Unsurprisingly, ransomware featured as one of their main predictions. Law highlighted a few key reasons why ransomware is going to become a bigger problem than ever in 2018. Ransomware attackers will increasingly leverage known and as yet unknown vulnerabilities to increase the veracity of ransomware attacks. Gone are the days where a user needs to send infected files to another user for it to spread. Ransomware will look to exploit vulnerabilities in order to intelligently find ways to spread, and as Law pointed out by highlighting some of the famous examples from 2017, “ransomware really does spread like wildfire”. According to Trend, we can expect this to happen more in 2018.
Earlier, Mr Goh had explained that cyber criminals only ever have one of three aims, “They either want to sell your information, ransom you or hijack your machines to do crime.” He might have added that there are some out there that want to create havoc just for the fun of it – but that’s just our view (ed).
Law then explained other factors that are adding together to ensure that ransomware really will be an increasing threat over the next 12 months. No big surprise here, but Bitcoin raised its head with Law explaining that the anonymity that Bitcoin allows, means that cyber criminals are able to collect ransom fees without fear of getting caught or traced. As long as this remains the case, it makes it easy for people to collect cyber ransoms.
Perhaps more surprising was that Law highlighted GDPR (the European Data Protection Laws) that come into effect as another incentive that will keep ransomware criminals active. European companies or companies that do business in Europe can face enormous fines if they get breached, especially if they do not report or solve the breach within a given time period. Law pointed out that the pressure of these large fines may cause companies to pay bigger ransoms under threat of the cybercriminal publicising the breach and risking an even bigger fine from the European Union.
Perhaps the most frightening reason for why ransomware is going to grow is just how easy it is to get started as a ransomware criminal. Law showed real examples of one-click ransomware as a service offerings from the dark web – where for USD$39 and a promise to pay the service provider a percentage of all your successful ransom payments – you can set up your own ransomware criminal enterprise on a pay as you go offering from a “Ransomware as a Service” (RaaS) provider. Truly scary stuff and amazing how bold cyber criminals are becoming.
Trend’s way to protect us, is to change their approach at a high level. Whilst they still look at the technical layers and offer multi layers of advanced threat protection for web/email, endpoint devices, network and servers, they are now looking at the user and basing protection on a “follow the user” approach. As Mr Goh explained, “We used to have a defined perimeter which we could protect, but that is no longer the case. The perimeter is only limited by where you take your endpoint devices.” So the logic follows that users must be protected regardless of which application, endpoint, cloud or network they are working on.
Interestingly, Mr Goh spent a lot of time explaining why continual technical investment is a critical part of Trend’s unique value proposition. He explained that Trend has implemented defences which utilise what he describes as “the right technology at the right time” with pre-execution machine learning, behavioural analysis and even run-time machine learning - stacked in an order that is applied to data as it gets viewed or opened.
Machine learning is absolutely critical. Goh left us with this very chilling statistic. “Over 500,000 new malware variants are created every single day, and 90% of these only ever attack a single device or machine.” Signature files are pointless against this wave of one-time threats whose “footprints” will only be used on one occasion. Clearly, without machine learning and behavioural analysis, companies and users will not be able to defend against this type of threat.
With this chilling reality fresh in our minds, Mr Goh and the Trend team lightened the mood as they led one of many CNY Lou Sang that we expect to be attending with our media colleagues as the CNY media briefing invites start to pile up on our desks!