Original Post from SC Magazine
Author: Doug Olenick
was the target of an insider threat that saw about 100,000 of its consumer
customers have their account information stolen, sold and used to make scam
Less than one percent of Trend Micro’s 12 million consumer customers were compromised when an employee improperly accessed their data and then sold it to an as-yet-unknown third party. The data involved included customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.
company said in a statement
today the first inkling something was wrong came in August 2019 when some
customers complained of receiving scam phone calls from people purportedly from
Trend Micro. The information the callers disclosed to their targets during the
conversations led the company to believe it had to have come from an insider.
said it never calls customers unannounced.
By late October
the company was able to fully determine the attack was an inside job. An
employee used fraudulent means to gain access to customer support databases,
retrieve the data and sell it.
investigation has confirmed that this was not an external hack, but rather the
work of a malicious internal source that engaged in a premeditated infiltration
scheme to bypass our sophisticated controls,” the company said.
was found and terminated from their position and the company is working with
law enforcement in the on-going investigation.
has disabled the unauthorized account access and does not believe the stolen data
included financial or payment card information. However, the information that
was taken is more than enough to imperil the affected customers or even the
immense scope for social engineering attacks on the estimated 70,000 customers.
The data will enable hackers to run highly targeted attacks, combining email
and phone. With a little research, it will be possible to penetrate Trend Micro
customers and move laterally, launching ransomware attacks and CEO attacks. Of
course, the data may have been sold to a competitor, or a team running a
support services scam, but once out in the market such valuable data tends to
be acquired by organized crime syndicates,” said Colin Bastable, CEO Lucy
Poschman, senior solutions architect at comforte AG, said the issue is certainly
not limited to Trend Micro and the situation that company is now suffering through
should be seen as a learning opportunity.
at Trend Micro underscores a major, yet unfortunate, disconnect in IT security
today where perimeter security, UBA, database encryption, DLP, and fraud/threat
detection are deployed without a complimentary deployment of security that
ensures the data inside is protected,” he said.
With that noted,
Imperva senior vice president and Fellow Terry Ray said the zero trust model
has to be extended to corporate employees.
Zero Trust approach is a must today, and the insider threat incident at Trend
Micro is proof that we cannot trust employees to have the organization and its
customers’ best interests in mind,” he said.
pointed out that sometimes it’s easier to spot a malicious insider threat as
opposed to a person who is endangering the company unknowingly. Criminal
threats tend to leave a clear trail that they are up to no good.
activity at the network level could indicate a compromised insider threat.
Likewise, if an employee appears to be dissatisfied or holds a grudge, or if an
employee starts to take on more tasks with excessive enthusiasm, this could be
an indication of foul play,” he said.
said, the technology exists that can watch all user behavior on data. It’s at
the intersection of users and data, where data breaches occur and as such,
going beyond simply watching end points and user behavior is critical in
Go to Source
Author: Doug Olenick