In Trend Micro’s latest report, “Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices”, research finds that there is a combination of newer and older threat variations defined the cybersecurity landscape following the first quarter of 2015. Malvertising, zero-day vulnerability exploitation, “old-school” macro malware and the decade-old FREAK vulnerability are just a few of the highlights shared in the report. From an industry perspective, healthcare and retail point-of-sale systems have also seen an uptick in threat activity. The report reinforces how complacency can present major cybersecurity risks in an era where the margin for error has been significantly diminished.
“Even though we are early in the year, it is clear 2015 is shaping up to be noteworthy in terms of volume, ingenuity and sophistication of attacks,” said Myla Pilao, director of TrendLabs marketing communications at Trend Micro Inc., “The rise in attacks against the healthcare industry, combined with the rise in malvertisements, reflects that technology users are being assailed from all angles. It is clear businesses and individuals alike need to be proactive in protecting against threats. As a business, how would your IT-Security policies look like in a Zero Trust Environment? An aggressive and different security posture is critical to keep financial, personal and intellectual property safe.”
Adware is the number one mobile threat, with Trend Micro now documenting more than five million Android threats to date — nearing the predicted total of eight million by the close of this year. In fact, top malicious and high-risk apps blocked by Trend Micro were adware related, reflecting this increase.
Trend Micro researchers also found zero-day exploits targeting Adobe software utilized malvertisements and no longer required victims to visit or interact with malicious sites to become infected.
The healthcare industry experienced a notable rise in cyber-attacks, in addition to iOS and point-of-sale (PoS) systems continuing to be targeted. Since exploitations in these areas have been in their infancy for several years, researchers believe this rise is primarily due to a lack of preparedness—a sizable oversight that should be addressed.
“The question we have to ask is, ‘are we doing enough to protect ourselves from security threats?’” added Pilao. “While we need to constantly update our systems to protect against new attacks, the first quarter of 2015 clearly showed we need to also watch out for older threats, and how no industry or system should feel exempt.”