Threat predictions 2011

•Download as PPSX, PDF•

1 like•808 views

More than 80% of Today’s Top Malware Arrives via Web. More than 80% of Today’s Top Malware Arrives via Web. And Security Demands on cloud service providers will increase. See the rest of Trend Micro's predictions for 2011.

Technology

Trend Micro Threat Predictions for 2011 Classification 12/16/2010 1

Threats Today Classification 12/16/2010 2 FACT #1: More than 80% of Today’s Top Malware Arrives via Web1 FACT #2: 3.5 new threats every second are released by cybercriminals2 1 – source TrendLabs data Apr – Sept 2010 2 – source Trend Micro Smart Protection Network

The Power of Trend Micro Smart Protection Network 60 billion queries every 24 hours Blocks 5.5 billion threats daily Processes 3.2 terabytes of data daily An average 102 million users connected to the network each day Classification 12/16/2010 3

Prediction #1 – Cloud-related issues Security Demands on cloud service providers will increase Proof of concept attacks against cloud infrastructure and virtualized systems will emerge in 2011 Diversity of Operating Systems at the endpoints forces the bad guys to focus more on critical cloud services and server infrastructures Classification 12/16/2010 4

Prediction #2 – Targeted Attacks and Cyber-Espionage Mid-sized companies will be targeted in cyber-espionage Easy-to-use underground toolkits enable targeted attacks on particular types of organization ZeuS primarily targeted small businesses in 2010 Growth of targeted and localized attacks will continue both against big name brands and/or critical infrastructure Classification 12/16/2010 5

Prediction #3 – The Cybercrime Underground Evolution Further consolidation in the cybercrime underground Groups merge and/or join forces as global, public attention for cyber attacks grows Example: ZeuS / SpyEye Classification 12/16/2010 6

Prediction #4 – Clever Malware Campaigning It’s all about social engineering. Fewer infiltrated websites, more cleverly crafted and localized HTML e-mails with URL’s pointing to the infection source Malware campaigning will ensure fast and reliable spreading of the downloader The downloader then downloads randomly generated binaries to avoid detection Classification 12/16/2010 7

Prediction #5 – Malware Attacks Increasing use of stolen or legitimate digital certificates in malware attacks, to avoid detection Huge growth in use of complex domain generation algorithms (as used by Conficker & LICAT) in Advanced Persistent Threats, and increase in Java-based attacks Classification 12/16/2010 8

Prediction #6 – Focus for Vulnerabilities and Exploits Growth in exploits for alternative operating systems, programs and web browsers, combined with tremendous growth in the use of application vulnerabilities (Flash, etc) Classification 12/16/2010 9

Prediction #7 – Security Vendors Become Targets Security vendors’ brands will increasingly be targeted by criminals Result: Confusion and insecurity among users Classification 12/16/2010 10

Prediction #8 – Mobile Risks More proof of concept, and some successful attacks on mobile devices, but not yet mainstream Cybercriminals will explore profitability of mobile device attacks, but monoculture is required before such attacks become mainstream Classification 12/16/2010 11

Prediction #9 – Old Malware Reinfections Some security vendors will run into trouble with local signatures not being able to store all the threat information They will retire old signatures which will lead to infections with old/outdated malware Classification 12/16/2010 12

Prediction #10 – Vulnerable Legacy Systems Targeted attacks on “unpatchable” (but widely used) legacy systems Windows 2000/Windows XP SP2 Embedded systems like Telecom switchboards etc. Classification 12/16/2010 13

A major ransomware attack using a leaked NSA exploit known as “WannaCry” has hit more than 150 countries since May 12. More than 200,000 infections globally have been detected and the attack, which uses the WannaCry (WanaCrypt0r 2.0) ransomware, continues to spread. WannaCry utilizes the ETERNALBLUE exploit targeting newly disclosed vulnerabilities (MS17-010). Once leaked, it took only 28 days for this exploit to be used in a full-scale cyber attack. Organizations that scan for vulnerabilities only monthly or less frequently can still be at risk. During this webcast (https://www.brighttalk.com/webcast/11673/261293) Mark Butler, CISO at Qualys and Jimmy Graham, Director of Product Management for Qualys ThreatPROTECT and AssetView, show you how to: • Patch and implement other mitigations for WannaCry • Detect and get full visibility on impacted assets for prompt remediation • Institute threat-prioritized remediation processes to mitigate current and future risks Qualys ThreatPROTECT can detect and identify patches for the vulnerabilities being exploited by ETERNALBLUE and shield your organization’s business-critical data from attacks. Sign up for a free 30 day trial and get unlimited scans. https://qualys.com/wannacry-trial

WannaCry ransomware outbreak - what you need to know

Symantec Security Response

The WannaCry ransomware outbreak shook the world when it occured in May 2017. This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack. For more information on this outbreak, take a look at these additional resources: What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3 WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b

Wannacry & Petya ransomware

Raghavendra P.V

How to protect your business from Wannacry Ransomware

Kaspersky

Kaspersky Lab is teaming up with Comae Technologies to present an emergency webinar for businesses to help them understand and defend against the WannaCry ransomware. The malware has primarily affected business networks, and has claimed victims around the world in a wide range of industries. Juan Andres Guerrero-Saade, senior security researcher in Kaspersky Lab’s Global Research and Analysis Team, will be joined by Matt Suiche from Comae Technologies to present the very latest information on how the ransomware breaches defenses and the subsequent stages of attack. They will independently explain how organizations can determine if they have been infected and the critical actions they need to take to secure networks and endpoints against this threat. Full blog: https://blog.kaspersky.com/wannacry-windows-update/16593/

Evolution of ransomware

Charles Steve

Protecting Your organization from WannaCry Ransomware

Quick Heal Technologies Ltd.

Palestra Jeferson Propheta - Wanna Cry more

BHack Conference

IT security in 2021: Why Ransomware Is Still The Biggest Threat

ETech 7

Ransomware continues to be a major threat. This slidedeck looks at the first six months of 2017, examines why enterprises are being increasingly impacted by ransomware, and reviews the effect of high-profile incidents such as WannaCry and Petya. For more on this area, read Symantec Security Response's blog and whitepaper: https://www.symantec.com/connect/blogs/businesses-most-risk-new-breed-ransomware

Palestra Filipi Pires - Ransomware – Existe proteção para isso?

BHack Conference

5 Network Security Threats Facing Businesses Today

Velocity Network Solutions

Dragonfly: Western energy sector targeted by sophisticated attack group

Symantec Security Response

Symantec found evidence linking a recent campaign of cyber attacks on the energy sector in Europe and the U.S. to a group called Dragonfly, which was first seen in 2011. This "Dragonfly 2.0" campaign appears to have begun in 2015, with an increase in activity seen since the beginning of 2017. Read more about this group in Symantec Security Response's blogs: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group Dragonfly 1.0: https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear

ITPG Secure on WannaCry

ITPG Secure Compliance and Certification Training

WannaCry? No Thanks!

Roberto Martelloni

Take the Ransom Out of Ransomware

Unitrends

If ransomware hasn’t held your business data hostage yet, it’s only a matter of time. Since 2013, a particularly nasty variation of ransomware called CryptoLocker has infiltrated countless businesses, encrypted files and demanded a pound of flesh for their safe release. With no relief in sight and new variations emerging regularly, ransomware continues to be one of the most widespread and damaging threats to businesses today. Is your continuity platform positioned to eat ransomware for breakfast? Join Unitrends for a live webinar to understand how a layered protection strategy (and the news rules of recovery) can keep your business running – no matter what. We’ll cover: • The current state of ransomware today • What you need to do when you get infected • How a rock solid continuity strategy will get you up and running quickly without having to pay a ransom

Encryption in the Cloud

SVForum Cloud SIG

Ransomware and tips to prevent ransomware attacks

dinCloud Inc.

Shamoon attacks - Destructive malware targeting Middle East organizations

Symantec Security Response

Wannacry

Gunther Clauwaert

seminar report on What is ransomware

Jawhar Ali

Chapter 1, Transformasi antivirus

Adi Saputra

Threat landscape update: June to September 2017

Symantec Security Response

WannaCry ransomware attack

Abdelhakim Salama

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

Symantec

WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN

Vijay Sarathy Rangayyan

Ransomware - The Growing Threat

Nick Miller

How to Take the Ransom Out of Ransomware

marketingunitrends

Ransomware like CryptoLocker has infiltrated countless businesses, encrypted files and demanded a pound of flesh for their safe release. With no relief in sight and new variations emerging regularly, ransomware continues to be one of the most widespread and damaging threats to businesses today. Now, more than ever, businesses need to have rock solid backup and disaster recovery systems in place to ensure continuity.

Pervasive Security Across Your Extended Network

Cisco Security

Where to Store the Cloud Encryption Keys - InterOp 2012

Trend Micro

Issa jason dablow

ISSA LA

What's hot

Ransomware 2017: New threats emerge

Symantec Security Response

Palestra Filipi Pires - Ransomware – Existe proteção para isso?

BHack Conference

5 Network Security Threats Facing Businesses Today

Velocity Network Solutions

Dragonfly: Western energy sector targeted by sophisticated attack group

Symantec Security Response

ITPG Secure on WannaCry

ITPG Secure Compliance and Certification Training

WannaCry? No Thanks!

Roberto Martelloni

Take the Ransom Out of Ransomware

Unitrends

Encryption in the Cloud

SVForum Cloud SIG

Ransomware and tips to prevent ransomware attacks

dinCloud Inc.

Shamoon attacks - Destructive malware targeting Middle East organizations

Symantec Security Response

Wannacry

Gunther Clauwaert

seminar report on What is ransomware

Jawhar Ali

Chapter 1, Transformasi antivirus

Adi Saputra

Threat landscape update: June to September 2017

Symantec Security Response

WannaCry ransomware attack

Abdelhakim Salama

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

Symantec

WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN

Vijay Sarathy Rangayyan

Ransomware - The Growing Threat

Nick Miller

How to Take the Ransom Out of Ransomware

marketingunitrends

Pervasive Security Across Your Extended Network

Cisco Security

What's hot (20)

Ransomware 2017: New threats emerge

Palestra Filipi Pires - Ransomware – Existe proteção para isso?

5 Network Security Threats Facing Businesses Today

Dragonfly: Western energy sector targeted by sophisticated attack group

ITPG Secure on WannaCry

WannaCry? No Thanks!

Take the Ransom Out of Ransomware

Encryption in the Cloud

Ransomware and tips to prevent ransomware attacks

Shamoon attacks - Destructive malware targeting Middle East organizations

Wannacry

seminar report on What is ransomware

Chapter 1, Transformasi antivirus

Threat landscape update: June to September 2017

WannaCry ransomware attack

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN

Ransomware - The Growing Threat

How to Take the Ransom Out of Ransomware

Pervasive Security Across Your Extended Network

Viewers also liked

Where to Store the Cloud Encryption Keys - InterOp 2012

Trend Micro

Issa jason dablow

ISSA LA

Regina Technology Innovation Day

Acrodex

Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...

Ingram Micro Cloud

Turner.issa la.mobile vulns.150604

ISSA LA

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques

Trend Micro

HBR APT framework

Trend Micro

MicrosoftIngram Micro Cloud

Its time to grow up by Eric C.

ISSA LA

Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...

Acrodex

Microsoft power point closing presentation-greenbergISSA LA

Technical track chris calvert-1 30 pm-issa conference-calvert

ISSA LA

Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015

festival ICT 2016

Oggi tutti parlano di UX Design, e finalmente si sta diffondendo la consapevolezza di quanto sia fondamentale una solida progettazione per determinare il successo o l’insuccesso di un prodotto o di un servizio. Nonostante questo, tuttavia ancora molti progetti soffrono di un design carente. In questo talk parleremo di come non cadere negli errori più comuni e di quali siano le best practices principali della UX Mobile di cui tenere conto quando si progetta una Mobile App, alla ricerca della felicità dell’utente (e nostra).

Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...

festival ICT 2016

Le problematiche che sorgono in seguito all’utilizzo dei prodotti e dei servizi dell’IoT sono molteplici. Tra queste, le maggiori sono: a) Asimmetria informativa e mancanza di controllo sui propri dati: la condivisione di dati personali tra produttori dei dispositivi, sviluppatori di sw, provider e analisti, comporta per le persone la difficoltà ad esercitare un adeguato controllo sugli stessi, e, soprattutto, sulle finalità perseguite diverse da quelle associate al dispositivo; b) Consenso informato: estrema difficoltà per l’utilizzatore dei dispositivi IoT di prestare un consapevole e libero consenso al trattamento dei suoi dati personali; c) Profilazione intrusiva: l’elevata quantità di dati personali e sensibili, rende altamente possibile una profilazione sempre più sofisticata delle abitudini degli utenti; d) Sicurezza: le attuali tecnologie IoT non hanno ancora raggiunto un livello di sicurezza adeguato.

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.

Trend Micro

The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...

festival ICT 2016

Oggi Investire in risorse è sicuramente più conveniente che investire in licenze, I prodotti software open source sono altrettanto performanti e competitivi di quelli proprietari, il web è il loro veicolo principe la dove si manifestano con forza e penetrazione. Il web è condivisione, Web Advisor è un programma di condivisione e aggiornamento per tutti, esperti, fornitori e clienti; per restare competitivi nel business digitale, per fare network, per restare informati e vivi! Condividere la conoscenza con i propri clienti e partners è un paradosso commerciale da superare, Scopri le nuove regole del business open source!

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...

festival ICT 2016

Il cash flow è la ricostruzione dei flussi monetari (differenza tra tutte le entrate e le uscite monetarie) di una azienda nell’arco del periodo di analisi e rappresenta una misura dell’autofinanziamento aziendale. Può essere calcolato a partire dal conto economico e dai dati di bilancio dell’impresa; l’insieme dei flussi di cassa è importante per stabilire in che misura ed in che maniera possono essere remunerati i centri di costo. Partendo dall’analisi dei bilanci di alcune PMI italiane, cercheremo di analizzare le eventuali criticità emerse nella gestione del proprio cash flow e metteremo in evidenza l’importanza e i vantaggi di un flusso di cassa positivo, identificando quali strumenti utilizzare per creare liquidità, con particolare riferimento al procurement di prodotti ICT.

Captain, Where Is Your Ship – Compromising Vessel Tracking Systems

Trend Micro

A talk given by Kyle Wilhoit and Marco Balduzzi from Trend Micro's Forward Looking Threat Research team, along with independent researcher Alessandro Pasta. Abstract: In recent years, automated identification systems (AISes) have been introduced to enhance vessels tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS, which is currently a mandatory installation for all passenger ships and ships over 300 metric tonnes, works by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installation, i.e. harbors and traffic controls, and Internet tracking and visualizing providers. With an estimated number of 400,000 installation, AIS is currently the best system for collision avoidance, maritime security, aids to navigation and accident investigations. Given its primary importance in marine traffic safety, we conducted a comprehensive security evaluation of AIS, by tackling it from both a software and a hardware, radio frequency perspective. In this talk, we share with you our finding, i.e how we have been able to hijack and perform man-in-the-middle attacks on existing vessels, take over AIS communications, tamper with the major online tracking providers and eventually fake our own yacht!.

Skip the Security Slow Lane with VMware Cloud on AWS

Trend Micro

While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow. This was one of Trend Micro's sessions presented at VMworld 2017.

Winnipeg Technology Innovation Day

Acrodex

Viewers also liked (20)

Where to Store the Cloud Encryption Keys - InterOp 2012

Issa jason dablow

Regina Technology Innovation Day

Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...

Turner.issa la.mobile vulns.150604

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques

HBR APT framework

Microsoft

Its time to grow up by Eric C.

Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...

Microsoft power point closing presentation-greenberg

Technical track chris calvert-1 30 pm-issa conference-calvert

Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015

Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.

The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...

Captain, Where Is Your Ship – Compromising Vessel Tracking Systems

Skip the Security Slow Lane with VMware Cloud on AWS

Winnipeg Technology Innovation Day

Similar to Threat predictions 2011

Key Security Insights: Examining 2014 to predict emerging threats

Dell World

Cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks. In this session, we’ll present the most common attacks Dell SonicWALL observed since 2014 and the ways we expect emergent threats to affect small and medium businesses, as well as large enterprises moving forward. This session is perfect for anybody who is interested in learning more about the state of the union in security.

Rp threat-predictions-2013Комсс Файквэе

Trends in network security feinstein - informatica64Chema Alonso

Sophos security-threat-report-2014-naAndreas Hiller

Turning the Tables on Cyber Attacks

- Mark - Fullbright

All information, data, and material contained, presented, or provided on is for educational purposes only. Company names mentioned herein are the property of, and may be trademarks of, their respective owners. It is not to be construed or intended as providing legal advice. Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only. 17 U.S. Code § 107 - Limitations on exclusive rights: Fair use Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.

Global Technologies and Risks Trends

Charles Mok

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World

Infinigate Group

Experts have been predicting the coming “post PC” era for a few years. So the question has been, “when will we know that it’s really here?” A simple answer is, we’ll know it’s really here when cybercriminals move beyond the PC. By that measure, 2012 is truly the year we entered the post-PC era as cybercriminals moved to embrace Android, social media platforms, and even Macs with their attacks.

Information security

Appin Faridabad

C3Praveen Malisetty

Review on mobile threats and detection techniques

ijdpsjournal

Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards cyber-criminals. In this research work, we have done a systematic review of the terms related to malware detection algorithms and have also summarized behavioral description of some known mobile malwares in tabular form. After careful solicitation of all the possible methods and algorithms for detection of mobile-based malwares, we give some recommendations for designing future malware detection algorithm by considering computational complexity and detection ration of mobile malwares.

Keeping up with the Revolution in IT Security

Distil Networks

For many of today’s businesses, web applications are their lifeline. The growing complexity involved in keeping these applications fast, secure, and available can be seen as a byproduct of shifts in how these apps are developed, deployed, and attacked. This discussion will explore how high level trends in today’s web environments and the cyber attack landscape are shaping tomorrow’s application security solutions. Key Takeaways: - Trends in contemporary web applications that are forcing security evolution - How today’s cyber attack landscape impacts cybersecurity - What modern IT security solutions look like - Distil Networks Overview

Information security in todays world

Sibghatullah Khattak

RIFDHY RM ( Cybersecurity ).pdf

RifDhy22

IT Security Trends in 2012

Icomm Technologies

The three main categories of the data network environment effecting IT security are all undergoing major change simultaneously. In the year ahead, these changes will manifest themselves as security challenges. These trends fall into three categories: client devices (the consumerization of IT); the external threat environment (the institutionalization of threat development); and the hosting environment (virtualization). Any one of these dynamics should shade the thinking of IT strategists inside companies and other organizations. Taken together, they may spur major re-evaluations of current practices.

2016 Trends in Security

Ioannis Aligizakis, M.Sc.

En msft-scrty-cntnt-e book-cybersecurity

Online Business

Websense 2013 Threat Report

Kim Jensen

Journal of Computer and System Sciences 80 (2014) 973–993Con

karenahmanny4c

Journal of Computer and System Sciences 80 (2014) 973–993 Contents lists available at ScienceDirect Journal of Computer and System Sciences www.elsevier.com/locate/jcss A survey of emerging threats in cybersecurity Julian Jang-Jaccard, Surya Nepal ∗ CSIRO ICT Centre, Australia a r t i c l e i n f o a b s t r a c t Article history: Received 25 September 2012 Received in revised form 15 March 2013 Accepted 27 August 2013 Available online 10 February 2014 Keywords: Cybersecurity Malware Emerging technology trends Emerging cyber threats Cyber attacks and countermeasures The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mech- anisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don’t work. We then discuss new attack patterns in emerging technologies such as social media, cloud comput- ing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions. Crown Copyright © 2014 Published by Elsevier Inc. All rights reserved. 1. Introduction Our society, economy, and critical infrastructures have become largely dependent on computer networks and information technology solutions. Cyber attacks become more attractive and potentially more disastrous as our dependence on information technology increases. According to the Symantec cybercrime report published in April 2012 [17], cyber attacks cost US$114 billion each year. If the time lost by companies trying to recover from cyber attacks is counted, the total cost of cyber attacks would reach staggering US$385 billion [17]. Victims of cyber attacks are also significantly growing. Based on the survey conducted by Symantec which involved interviewing 20,000 people across 24 countries, 69% reported being the victim of a cyber attack in their lifetime. Symantec calculated that 14 adults become the victim of a cyber attack every second, or more than one million attacks every day [105]. Why cyber attacks flourish? It is because cyber attacks are cheaper, convenient and less risky than physical attacks [1]. Cyber criminals only require a few expenses beyond a computer and an Internet connection. They are unconstrained by geography and distance. They are difficult to identity and prosecute due to anonymous nature of the Internet. Given that attacks against information tec ...

Journal of Computer and System Sciences 80 (2014) 973–993Con.docx

croysierkathey

188

vivatechijri

Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.

Similar to Threat predictions 2011 (20)

Key Security Insights: Examining 2014 to predict emerging threats

Rp threat-predictions-2013

Trends in network security feinstein - informatica64

Sophos security-threat-report-2014-na

Turning the Tables on Cyber Attacks

Global Technologies and Risks Trends

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World

Information security

Review on mobile threats and detection techniques

Keeping up with the Revolution in IT Security

Information security in todays world

RIFDHY RM ( Cybersecurity ).pdf

IT Security Trends in 2012

2016 Trends in Security

En msft-scrty-cntnt-e book-cybersecurity

Websense 2013 Threat Report

Journal of Computer and System Sciences 80 (2014) 973–993Con

Journal of Computer and System Sciences 80 (2014) 973–993Con.docx

188

More from Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities

Trend Micro

Investigating Web Defacement Campaigns at Large

Trend Micro

Behind the scene of malware operators. Insights and countermeasures. CONFiden...

Trend Micro

Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.

Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...

Trend Micro

In today’s real-time enterprise where we all must do more with less, the operations team is sometimes forced to take shortcuts. Forgetting to manually apply security controls is often one of the first tasks to fall by the wayside. VMs that are put in production, lacking adequate protection, leave high-risk vulnerabilities open for exploitation. Learn how building-in security automation with VMware NSX and Trend Micro Deep Security provides visibility, assesses risk, and applies the right protection. Once in operation, using the adapter for vRealize Operations, the security events become visible next to the operational events, providing a holistic view of the environment. This will be illustrated through the case study of a leading manufacturing company, Plexus Corporation, who will also share their NSX journey. This was one of Trend Micro's sessions presented at VMworld 2017.

Mobile Telephony Threats in Asia

Trend Micro

Cybercrime In The Deep Web

Trend Micro

All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers). We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear. In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.

AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)

Trend Micro

AIS, Automatic Identification System, is a promoted standard and implementation for vessels traffic safety and monitoring. With more than 400,000 installations worldwide, AIS is currently a mandatory installation for commercial vessels and a de-facto equipment for leisure crafts. AIS is largely used in ports worldwide -- Rotterdam alone monitors over 700 AIS-enabled vessels each day, serving 32,000 seagoing and 87,000 inland vessels a year. Back in October 2013, during HITB KUL, we showed that AIS is hardly broken, both at implementation and protocol level, and it suffers from severe vulnerabilities like spoofing and man-in-the-middle. In this talk, we extend our research by sharing with the audience several novel attacks that we recently discovered, for example how to extensively disable AIS communications or attack the software installed at back-end by port authorities. By doing so, we hope to raise the necessary awareness and lead the involved parties into calling for a more robust and secure AIS.

Countering the Advanced Persistent Threat Challenge with Deep Discovery

Trend Micro

Targeted attacks and advanced persistent threats (APTs) are becoming the new norm of cyber security threats— encompassing organized, focused efforts that are custom-created to penetrate enterprises and government agencies for valuable data, trade secrets, and access to internal systems. We explore the anatomy of targeted attacks: the inner workings of the APT lifecycle, along with an in-depth overview of Trend Micro Deep Discovery advanced threat protection solution, and how it enables enterprise IT to adopt a custom defense strategy that modernizes its risk management program to defend against targeted attacks.

The Custom Defense Against Targeted Attacks

Trend Micro

Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.

[Case Study ~ 2011] Baptist Hospitals of Southest Texas

Trend Micro

Who owns security in the cloudTrend Micro

Trend micro deep security

Trend Micro

Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro

Solutions for privacy, disclosure and encryptionTrend Micro

Security Best Practices for Health Information ExchangeTrend Micro

Solutions for PCI DSS ComplianceTrend Micro

PC Maker's Support Page Succumbs To Compromise

Trend Micro

Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash

Trend Micro

FIFA Spam Targets Football Fanatics

Trend Micro

The Heart of KOOBFACE

Trend Micro

More from Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities

Investigating Web Defacement Campaigns at Large

Behind the scene of malware operators. Insights and countermeasures. CONFiden...

Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...

Mobile Telephony Threats in Asia

Cybercrime In The Deep Web

AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)

Countering the Advanced Persistent Threat Challenge with Deep Discovery

The Custom Defense Against Targeted Attacks

[Case Study ~ 2011] Baptist Hospitals of Southest Texas

Who owns security in the cloud

Trend micro deep security

Assuring regulatory compliance, ePHI protection, and secure healthcare delivery

Solutions for privacy, disclosure and encryption

Security Best Practices for Health Information Exchange

Solutions for PCI DSS Compliance

PC Maker's Support Page Succumbs To Compromise

Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash

FIFA Spam Targets Football Fanatics

The Heart of KOOBFACE

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

DevOps and Testing slides at DASA Connect

Kari Kakkonen

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

When stars align: studies in data quality, knowledge graphs, and machine lear...

GraphRAG is All You need? LLM & Knowledge Graph

Key Trends Shaping the Future of Infrastructure.pdf

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

ODC, Data Fabric and Architecture User Group

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Bits & Pixels using AI for Good.........

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

UiPath Test Automation using UiPath Test Suite series, part 3

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

DevOps and Testing slides at DASA Connect

UiPath Test Automation using UiPath Test Suite series, part 4

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Threat predictions 2011

1. Trend Micro Threat Predictions for 2011 Classification 12/16/2010 1

2. Threats Today Classification 12/16/2010 2 FACT #1: More than 80% of Today’s Top Malware Arrives via Web1 FACT #2: 3.5 new threats every second are released by cybercriminals2 1 – source TrendLabs data Apr – Sept 2010 2 – source Trend Micro Smart Protection Network

3. The Power of Trend Micro Smart Protection Network 60 billion queries every 24 hours Blocks 5.5 billion threats daily Processes 3.2 terabytes of data daily An average 102 million users connected to the network each day Classification 12/16/2010 3

4. Prediction #1 – Cloud-related issues Security Demands on cloud service providers will increase Proof of concept attacks against cloud infrastructure and virtualized systems will emerge in 2011 Diversity of Operating Systems at the endpoints forces the bad guys to focus more on critical cloud services and server infrastructures Classification 12/16/2010 4

5. Prediction #2 – Targeted Attacks and Cyber-Espionage Mid-sized companies will be targeted in cyber-espionage Easy-to-use underground toolkits enable targeted attacks on particular types of organization ZeuS primarily targeted small businesses in 2010 Growth of targeted and localized attacks will continue both against big name brands and/or critical infrastructure Classification 12/16/2010 5

6. Prediction #3 – The Cybercrime Underground Evolution Further consolidation in the cybercrime underground Groups merge and/or join forces as global, public attention for cyber attacks grows Example: ZeuS / SpyEye Classification 12/16/2010 6

7. Prediction #4 – Clever Malware Campaigning It’s all about social engineering. Fewer infiltrated websites, more cleverly crafted and localized HTML e-mails with URL’s pointing to the infection source Malware campaigning will ensure fast and reliable spreading of the downloader The downloader then downloads randomly generated binaries to avoid detection Classification 12/16/2010 7

8. Prediction #5 – Malware Attacks Increasing use of stolen or legitimate digital certificates in malware attacks, to avoid detection Huge growth in use of complex domain generation algorithms (as used by Conficker & LICAT) in Advanced Persistent Threats, and increase in Java-based attacks Classification 12/16/2010 8

9. Prediction #6 – Focus for Vulnerabilities and Exploits Growth in exploits for alternative operating systems, programs and web browsers, combined with tremendous growth in the use of application vulnerabilities (Flash, etc) Classification 12/16/2010 9

10. Prediction #7 – Security Vendors Become Targets Security vendors’ brands will increasingly be targeted by criminals Result: Confusion and insecurity among users Classification 12/16/2010 10

11. Prediction #8 – Mobile Risks More proof of concept, and some successful attacks on mobile devices, but not yet mainstream Cybercriminals will explore profitability of mobile device attacks, but monoculture is required before such attacks become mainstream Classification 12/16/2010 11

12. Prediction #9 – Old Malware Reinfections Some security vendors will run into trouble with local signatures not being able to store all the threat information They will retire old signatures which will lead to infections with old/outdated malware Classification 12/16/2010 12

13. Prediction #10 – Vulnerable Legacy Systems Targeted attacks on “unpatchable” (but widely used) legacy systems Windows 2000/Windows XP SP2 Embedded systems like Telecom switchboards etc. Classification 12/16/2010 13

14. THANK YOU! Classification 12/16/2010 14

Editor's Notes

60 billion queries every 24 hoursBlocks 5.5 billion threats dailyProcesses 3.2 terabytes of data dailyAn average 102 million users connected to the network each day
Thanks to easy-to-use underground toolkits, mid-sized companies will be targeted in cyber-espionage. In 2010, the use of underground toolkits exploded, making it easier to target particular types of organizations. ZeuS primarily targeted small businesses in 2010. Moving forward, localized and targeted attacks are expected to continue to grow in their number and sophistication both against big name brands and/or critical infrastructure.
Cybercriminals will explore profitability of mobile device attacks, but monoculture is required before such attacks become mainstream

Threat predictions 2011

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Threat predictions 2011

Similar to Threat predictions 2011 (20)

More from Trend Micro

More from Trend Micro (20)

Recently uploaded

Recently uploaded (20)

Threat predictions 2011

Editor's Notes