Trend Micro hit with insider attack

Original Post from SC Magazine
Author: Doug Olenick

Trend Micro
was the target of an insider threat that saw about 100,000 of its consumer
customers have their account information stolen, sold and used to make scam
phone calls.

Less than one percent of Trend Micro’s 12 million consumer customers were compromised when an employee improperly accessed their data and then sold it to an as-yet-unknown third party. The data involved included customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.

The cybersecurity
company said in a statement
today the first inkling something was wrong came in August 2019 when some
customers complained of receiving scam phone calls from people purportedly from
Trend Micro. The information the callers disclosed to their targets during the
conversations led the company to believe it had to have come from an insider.

The company
said it never calls customers unannounced.

By late October
the company was able to fully determine the attack was an inside job. An
employee used fraudulent means to gain access to customer support databases,
retrieve the data and sell it.

“Our open
investigation has confirmed that this was not an external hack, but rather the
work of a malicious internal source that engaged in a premeditated infiltration
scheme to bypass our sophisticated controls,” the company said.

The employee
was found and terminated from their position and the company is working with
law enforcement in the on-going investigation.

Trend Micro
has disabled the unauthorized account access and does not believe the stolen data
included financial or payment card information. However, the information that
was taken is more than enough to imperil the affected customers or even the
company itself.

““There is
immense scope for social engineering attacks on the estimated 70,000 customers.
The data will enable hackers to run highly targeted attacks, combining email
and phone. With a little research, it will be possible to penetrate Trend Micro
customers and move laterally, launching ransomware attacks and CEO attacks. Of
course, the data may have been sold to a competitor, or a team running a
support services scam, but once out in the market such valuable data tends to
be acquired by organized crime syndicates,” said Colin Bastable, CEO Lucy
Security.

Warren
Poschman, senior solutions architect at comforte AG, said the issue is certainly
not limited to Trend Micro and the situation that company is now suffering through
should be seen as a learning opportunity.

““The breach
at Trend Micro underscores a major, yet unfortunate, disconnect in IT security
today where perimeter security, UBA, database encryption, DLP, and fraud/threat
detection are deployed without a complimentary deployment of security that
ensures the data inside is protected,” he said.

With that noted,
Imperva senior vice president and Fellow Terry Ray said the zero trust model
has to be extended to corporate employees.

“Taking a
Zero Trust approach is a must today, and the insider threat incident at Trend
Micro is proof that we cannot trust employees to have the organization and its
customers’ best interests in mind,” he said.

Ray also
pointed out that sometimes it’s easier to spot a malicious insider threat as
opposed to a person who is endangering the company unknowingly. Criminal
threats tend to leave a clear trail that they are up to no good.

“Anomalous
activity at the network level could indicate a compromised insider threat.
Likewise, if an employee appears to be dissatisfied or holds a grudge, or if an
employee starts to take on more tasks with excessive enthusiasm, this could be
an indication of foul play,” he said.

Finally, Ray
said, the technology exists that can watch all user behavior on data. It’s at
the intersection of users and data, where data breaches occur and as such,
going beyond simply watching end points and user behavior is critical in
protecting data.

The post Trend Micro hit with insider attack appeared first on SC Media.


Go to Source
Author: Doug Olenick

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux