THE INVISIBLE
BECOMES
VISIBLE
Trend Micro Security Predictions for 2015 and Beyond
Distributed by:
A TrendLabsSM Report
Trend Micro Legal Disclaimer
The information provided herein is for general information
and educational purposes only. It is not intended and should
not be construed to constitute legal advice. The information
contained herein may not be applicable to all situations and
may not reflect the most current situation. Nothing contained
herein should be relied on or acted upon without the benefit
of legal advice based on the particular facts and circumstances
presented and nothing herein should be construed otherwise.
Trend Micro reserves the right to modify the contents of this
document at any time without prior notice.
Translations of any material into other languages are intended
solely as a convenience. Translation accuracy is not guaranteed
nor implied. If any questions arise related to the accuracy of a
translation, please refer to the original language official version
of the document. Any discrepancies or differences created in
the translation are not binding and have no legal effect for
compliance or enforcement purposes.
Although Trend Micro uses reasonable efforts to include
accurate and up-to-date information herein, Trend Micro
makes no warranties or representations of any kind as to
its accuracy, currency, or completeness. You agree that
access to and use of and reliance on this document and the
content thereof is at your own risk. Trend Micro disclaims all
warranties of any kind, express or implied. Neither Trend Micro
nor any party involved in creating, producing, or delivering
this document shall be liable for any consequence, loss, or
damage, including direct, indirect, special, consequential, loss
of business profits, or special damages, whatsoever arising
out of access to, use of, or inability to use, or in connection
with the use of this document, or any errors or omissions
in the content thereof. Use of this information constitutes
acceptance for use in an “as is” condition.
ITU LEGAL NOTICE
The International Telecommunication Union (ITU) distributes
the present publication as is and makes no representations or
warranties of any kind, express, implied or otherwise concerning
the publication, including without limitation warranties of title,
ownership of intellectual property rights, merchantability,
fitness for a particular purpose, noninfringement, accuracy or
the absence of errors.
The name, abbreviation, title and logo of the ITU are the
property of the ITU. All rights thereto are reserved.
A decade ago, around 14 per cent of the world’s population was online. Technologies like mobile
broadband were not well known. And the current version of smartphones, tablets and phablets
were still just a dream in some designer’s eye.
By the end of this year, according to the latest ITU estimates, almost three billion people will be online, along with
around 2.3 billion mobile broadband subscriptions.
Increased connectivity has inevitably brought with it greater risk, and a growing need to ensure trust and confidence in
our networks. At ITU, we are relentlessly working on diverse initiatives to build a strong sustainable global movement to
address cyberthreats.
Within the framework of our Global Cybersecurity Agenda and as part of our collaboration with Trend Micro, it gives
me immense pleasure to present Trend Micro’s predictions for 2015, where certain elements will require our attention:
•
Cyber threats may focus on bigger targets rather than individuals for bigger gains.
•
Individuals and organizations should assume that all data revealed online could be accessed illegally. With this
assumption, data revealed online should be limited to relevant ones and the application of security settings and use
of cybersafe practices should be promoted.
•
Awareness of threats is a must and so are ever-ready mitigation and remediation plans because no one is safe from
compromise.
•
As mobile infection will extend from installing malicious apps or visiting malicious websites to vulnerability
exploitation in the devices, mobile device manufacturers and service providers should work more closely with one
another to come up with scalable vulnerability-patching solutions to prevent infection and data theft.
•
Better security analytics will become crucial to combat targeted attacks. Organizations should know what is normal
for them and set this as a baseline when monitoring for threats.
•
New threats specifically targeting mobile payment methods will emerge. Safe practices relating to near field
communication (NFC) should be adopted by users and organizations that accept mobile payment should invest in
relevant security solutions.
•
With mass smartification through the expansion of the Internet of things and hyper-connectivity, cyberthreats
can now target a wider attack base. It is thus vital that manufacturers of smart appliances have built in and tested
security features.
This report provides us an essential insight into the near future as well as valuable assistance, both at the individual user
level and at the business level, to investigate further and adopt safe practices, while advocating investment in relevant
security analytics and technology.
Dr. Hamadoun Touré
ITU Secretary-General
PREDICTIONS
1|
More cybercriminals will turn to darknets
and exclusive-access forums to share and
sell crimeware.
2|
Increased cyber activity will translate to
better, bigger, and more successful hacking
tools and attempts.
3|
Exploit kits will target Android, as mobile
vulnerabilities play a bigger role in device
infection.
4|
Targeted attacks will become as prevalent as
cybercrime.
5|
New mobile payment methods will
introduce new threats.
6|
We will see more attempts to exploit
vulnerabilities in open source apps.
7|
Technological diversity will save IoE/IoT
devices from mass attacks but the same
won’t be true for the data they process.
8|
More severe online banking and other
financially motivated threats will surface.
1|
More cybercriminals will turn to
darknets and exclusive-access
forums to share and sell crimeware.
1
2015 Security Predictions
Severals takedowns occurred this year, thanks
credit card credentials11 has declined from US$3
to
partnerships
in 2011 to US$1 in 2013. Compromised account
and efforts. Trend Micro particularly aided in
credential prices have also dropped in the Russian
disrupting GameOver
operations despite the
underground12. Stolen Facebook credentials that
malware’s resilience to takedown. We also provided
cost US$200 in 2011 only cost US$100 in 2013
threat intelligence and research findings to law
while Gmail™ account credentials that were sold
enforcers, halting Citadel-related attacks against
for US$117 in 2011 were only sold for US$100
Japanese banks and contributing to the arrest of
in 2013. As more and more players enter the
James Bayliss (Jam3s), Aleksandr Andreevich
cybercriminal underground economy, ware prices
Panin (Gribodemon), and Hamza Bendelladj (bx1)
3
will continue to decline. Before long, getting the
who ran several SpyEye command-and-control
greatest number of customers will depend on
(C&C) servers. These developments, however,
who can assure that buyers won’t be caught red-
will make anonymity a crucial requirement in
handed. Sellers will be pushed to go even deeper
committing cybercrime since security researchers
underground, particularly into the deep recesses of
and law enforcers now have quick access to the
the Web.
collaborative
public-private
1
2
underground. Case in point―the celebrity photos
US$10
tied to the iCloud®4 hack that were first leaked on
Reddit and 4chan ended up on the Deep Web5 as
well.
6
5
5
Leveraging the Deep Web and darknet services6
4
4
or using untraceable and anonymous peer-topeer (P2P) networks like Tor, I2P, and Freenet to
1
exchange and sell tools and services is no longer
0
AUS
new. We’ve seen cybercriminals use rogue top-
CAN
2011
level domains (TLDs) as alternative domains to
GER
2012
UK
USA
2013
further cloak underground markets like Silk Road7,
which was shut down by the Federal Bureau of
A comparison of the prices of stolen credit card credentials
Investigation (FBI) after two-and-a-half years of
from various countries in the Russian underground
operation.
revealed a declining trend from 2011 to 2013.
We’ve also seen cybercriminals adopt targeted
As the bad guys move deeper into the Web,
to better evade detection,
security firms and law enforcers need to extend
just as we predicted in 2013. In Africa , this was
their reach as well to cover the Deep Web and
manifested by the exploitation of vulnerabilities
darknet services. This will require greater effort
attack techniques
8
9
normally associated with targeted attacks via the
and investment. Public-private partnerships will
distribution of typical cybercrime malware like
be needed more than ever to disrupt and take
ZeuS. Cybercriminals are also increasingly using
down cybercriminal operations. Security firms
remote access tools (RAT) like BlackShades10 in
should continue to provide threat intelligence to
attacks.
help law enforcers catch perpetrators. Lawmakers
It does not help that the prices of malicious
worldwide, meanwhile, need to agree on what
wares in underground markets are decreasing as
constitutes cybercrime to aid enforcers, regardless
supplies increase. The average price of stolen U.S.
of jurisdiction, to bring bad guys to justice.
2
2|
Increased cyber activity will
translate to better, bigger,
and more successful
hacking tools and attempts.
3
2015 Security Predictions
The constant growth of cyber activities13 worldwide
Though majority of breaches result from external
means that individuals and organizations alike will
attacks, some, like the Amtrak18 breach, are
continue to succumb to online threats and attacks.
caused by insider threats. Reports revealed that an
Cybercriminals will, however, set their sights on
Amtrak employee has been selling rail passengers’
bigger targets rather than on individuals, as this
personally identifiable information (PII) for two
translates to bigger gains.
decades before getting found out.
We’ve seen cybercriminals use point-of-sale (PoS)
That said, individuals and organizations alike will
RAM scrapers14 to steal millions of customer
do well to assume that all of the data they reveal
data records from some of the biggest retailers
online will land in cybercriminals’ hands. We’ll
worldwide. Before 2013 ended, Target15 lost
see two or more major data breach incidents each
the credit card information of 70 million of its
month. Banks and financial institutions, along with
customers to cybercriminals in a PoS malware
customer data holders, will always be attractive
attack. Target wasn’t alone, however, as other
breach targets. As a result, we will continue to see
organizations like P.F. Chang’s suffered the same
changes in victims’ upper management19 every
fate. And months before 2014 is set to end, Home
time they succumb to attacks.
Depot16 took Target’s place as the biggest breach
So how should organizations and individuals
victim17 to date. The breached organizations lost
respond?
customer data, which damaged their brands and
It’s
best
to
assume
compromise.
Individuals should regularly change passwords
cost them dearly.
while organizations should constantly monitor
their networks for all kinds of threats and
800
exploitable vulnerabilities.
614
Waiting for solutions like more secure payment
606*
421
systems20 and legal sanctions, though already
473
in the works, is no longer enough. Awareness of
400
threats is a must and so are ever-ready mitigation
and remediation plans because no one is safe from
compromise.
0
2011
2012
2013
2014
*As of October 2014
The number of recorded cyber attacks against all sorts
of organizations that handle customer data has been
steadily increasing from 2011 to the present.
http://www.idtheftcenter.org/images/
breach/20052013UPDATEDSummary.jpg
4
3|
Exploit kits will target Android,
as mobile vulnerabilities play a
bigger role in device infection.
5
2015 Security Predictions
of
their systems and software. Bad guys can point
Android™ threats foreseen in 2015, the number
vulnerable device users to malicious websites, for
of vulnerabilities in mobile devices, platforms, and
instance. Successful exploitation can then give
apps will pose more serious security risks. Data
them access to any or all of the information stored
stored in mobile devices will land in cybercriminals’
in affected devices. Worse, because exploit kits are
hands for use in attacks or selling underground.
known for affecting multiple platforms, should
Apart
from
twice
the
current
number
such a kit be made to target even mobile devices,
who’s to say that the threats infected smartphones
8M
8M
carry won’t spread to any device they have access
to?
A steady rise in the number of mobile banking
malware will be seen as well. Earlier this year,
4M
4M
we saw the cybercriminals behind Operational
Emmental26 prod a European bank’s customers to
1.4M
install a malicious Android app to gain access to
350K
their accounts. We will see more such attacks amid
0
2012
2013
2014
the rise in mobile banking popularity.
2015
The Android threat volume has steadily been
Traditional computer threats like ransomware and
increasing since 2012. We are likely to see the 2014
tactics like darknet service use will also figure in the
total to double in 2015.
mobile landscape. We already saw the first mobile
The vulnerabilities we’ve seen so far did not only
ransomware27 in the form of REVETON rear its
reside on devices21 but also on platforms and apps.
ugly head this year, along with another malware
Platform threats like the master key vulnerability22
that used Tor28 to better evade detection.
allowed cybercrooks to replace legitimate apps
with fake or malicious versions. When exploited,
Installing malicious apps and visiting malicious
a certain Chinese third-party payment app
websites will no longer be the sole mobile infection
vulnerability23, meanwhile, allowed bad guys to
vectors. Vulnerability exploitation across platforms
phish information from infected devices.
will become even bigger mobile threats. Security
vendors should extend vulnerability shielding
We will see mobile attackers use tools similar to the
and exploit-prevention technologies to include
Blackhole Exploit Kit (BHEK) to take advantage of
protection for mobile devices. Finally, mobile
problems like Android OS fragmentation24. The
device manufacturers and service providers should
success of BHEK
and similar tools in infecting
work more closely with one another to come up
computers running different OSs will serve
with scalable vulnerability-patching solutions to
cybercrooks well in attacking Android devices since
prevent infection and data theft.
25
most users either don’t or can’t regularly update
6
4|
Targeted attacks will
become as prevalent
as cybercrime.
7
2015 Security Predictions
Successful high-profile and widely talked-about
or Russia. We’ve seen such attacks originate from
targeted attack campaigns led to the realization
other countries like Vietnam, India, and the United
that cyber attacks are effective means to gather
Kingdom. We’ve seen threat actors set their sights
intelligence. Targeted attacks will no longer just
on countries like Indonesia and Malaysia as well.
be associated with countries like the United States
Taiwan
Japan
United States
Indonesia
China
India
Malaysia
Bangladesh
Philippines
Canada
Others
46%
20%
12%
11%
8%
6%
4%
2%
2%
2%
13%
Unusual country targets like Indonesia, India, and Malaysia figured in the targeted attack
landscape in the first half of 2014.
In the next few years, we will see even more
they’re safe from future attacks. Threat actors can
diverse attack origins and targets. Threat actors’
still use them to get to even bigger targets, likely
motivations will continue to vary. They will,
their partners or customers.
however, continue to go after top-secret government
The demand for portable or proxy in-the-cloud
data, financial information, intellectual property,
solutions that offer self-defense for security risks
industry blueprints, and the like.
will rise. The popularity of network solutions such
Although majority of targeted attacks seen to date
as firewalls and unified threat management (UTM)
are initiated by spear-phishing emails or watering
software, meanwhile, will decline. Better security
hole tactics, social media will increasingly be
analytics will become crucial to combat targeted
abused as infection vectors in the future. Threat
attacks. Organizations should know what is normal
actors will also explore the viability of exploiting
for them and set this as a baseline when monitoring
router vulnerabilities as a means of getting in to
for threats. Network visualization and heuristic
target networks. Organizations that have been
or behavior detection will also help them avoid
targeted in the past should not be complacent. Just
becoming victims. Traditional or conventional
because they’ve been breached before doesn’t mean
security technologies will no longer be sufficient.
8
5|
New mobile payment methods
will introduce new threats.
9
2015 Security Predictions
The recent iPhone® 6 release came with the
card information, cybercriminals used the latest
introduction of Apple’s version of digital payment―
iPhone models32 as social engineering bait two
Apple Pay™. This, along with the increasing use of
months before they were even launched. It’s safe
Google Wallet™ and other similar payment modes
to assume that as early as now, the bad guys are
will act as catalyst for mobile payment to become
already looking for vulnerabilities to exploit in
mainstream. We will see new threats specifically
Apple Pay. They will continue to scrutinize NFC as
target mobile payment platforms in the next few
well.
months akin to the Android FakeID vulnerability29,
To stay safe from emerging threats, users would do
which allowed cybercriminals to steal affected
well to practice safe computing habits, particularly
users’ Google Wallet credentials.
those related to NFC use. Individuals who use
This year, apps like WeChat30 also started allowing
NFC readers via their mobile devices should
users to purchase goods sold by certain retailers
turn these off when they’re not in use. Locking
with so-called “credits.” If this becomes big, we will
their devices will help them avoid becoming a
see cybercriminals take advantage of vulnerabilities
cybercrime victim. Organizations that accept
in similar apps to steal money from users.
mobile payments, meanwhile, should install and
use security solutions that protect from NFC-
Although we have yet to see actual attacks and
related and similar security threats.
attempts to breach the Apple Pay31 ecosystem
comprising NFC and Passbook, which holds users’
10
6|
We will see
more attempts
to exploit
vulnerabilities
in open source
apps.
11
2015 Security Predictions
Vulnerabilities in open source protocols like
Attackers will continue their search for seemingly
Heartbleed33
like
dormant vulnerabilities like Heartbleed and
Shellshock34 that remained undetected for years
Shellshock in the coming years. They will keep tabs
were heavily exploited this year, leading to serious
on oft-forgotten platforms, protocols, and software
repercussions. Just hours after the initial discovery
and rely on irresponsible coding practices to get to
of Shellshock, we saw several malware payloads35
their targets. As in 201339, we will see even more
in the wild. Distributed denial-of-service (DDoS)
injection, cross-site-scripting (XSS), and other
attacks and Internet Relay Chat (IRC) bots36
attacks against Web apps to steal confidential
related to the vulnerability’s exploitation, which
information. Attacks such as that on JPMorgan
can disrupt business operations, were also
Chase & Co.40, which put over 70 million customers’
spotted. More than Web surface attacks, however,
personal data at risk, will continue to surface.
and
command
processors
Shellshock also put users of all Linux-based37 OSs
Continuous security improvements in Microsoft™
and apps, which depended on protocols like HTTP,
Windows® and other big-name OSs will lead to
File Transfer Protocol (FTP), and Dynamic Host
a decline in their number of vulnerabilities. This
Configuration Protocol (DHCP) at risk.
will push attackers to instead focus on finding
Shellshock reminded the World Wide Web of
vulnerabilities in open source platforms and
Heartbleed, which put a lot of websites and mobile
apps such as Open SSL v3 as well as OS kernels.
apps that used Open SSL at risk earlier this year. A
Individuals and organizations can, however, stay
quick scan of the top 1 million TLDs according to
protected by regularly patching and updating
Alexa38, in fact, revealed that 5% were vulnerable
their systems and software. Organizations are
to Heartbleed. When exploited, Heartbleed allows
also advised to invest in more intelligence-based
attackers to read parts of affected computers’
security solutions backed by trusted global threat
memory,
information sources, which can thwart exploitation
which
may
contain
confidential
information.
attempts even if patches for vulnerabilities have
yet to be issued.
12
7|
Technological diversity will
save IoE/IoT devices from
mass attacks but the same
won’t be true for the data they
process.
13
2015 Security Predictions
Attackers will find IoE/IoT devices viable attack
Since IoE/IoT devices remain too diverse and a
targets because of the endless possibilities their
“killer app” has yet to emerge, bad guys will not be
use presents. We are bound to see greater adoption
able to truly launch attacks against them. Attackers
of smart devices like smart cameras and TVs in
are more likely to go after the data that resides
the next few years, along with attacks against
in these devices. In 2015, we expect attackers
their users. As factors like market pressure41 push
to hack smart device makers’ databases to steal
device manufacturers to launch more and more
information for traditional cyber attacks.
smart devices sans security in mind to meet the
Later on, however, aided by the formation of the
rising demand, so will attackers increasingly find
Open Interconnect Consortium (IOC)43 and the
vulnerabilities to exploit for their own gain.
launch of HomeKit44, we expect a shift in tides, as
Despite mass smartification, however, the first
common protocols and platforms slowly emerge.
attacks we’ll see on smart appliances as well as
As attackers begin to better understand the IoE/
wearable and other IoE/IoT devices will not be
IoT ecosystem, they will employ scarier tactics
financially motivated. They will be more whitehat
akin to ransomware and scareware to extort
hacks to highlight security risks and weaknesses
money from or blackmail device users. They can,
so manufacturers can improve their products,
for instance, hold smart car drivers45 hostage until
particularly the way they handle data. If and when
they pay up when said vehicles officially hit the
these devices are hacked for purposes other than
road come 2015. As such, smart car manufacturers
to bring vulnerabilities to light, cybercriminals will
should incorporate network segmentation in their
likely launch sniffer, denial-of-service (DoS), and
smart car designs to adequately shield users from
man-in-the middle (MiTM) attacks42.
such threats.
14
8|
More severe online banking
and other financially
motivated threats will
surface.
15
2015 Security Predictions
Weak security practices even in developed countries
In the next few years, cybercriminals will no longer
like the United States such as not enforcing the
just launch financially motivated threats against
use of two-factor authentication and adoption of
computer users, they will increasingly go after
chip-and-pin technology will contribute to the rise
mobile device users as well. They are likely to
in online banking and other financially motivated
use fake apps and Domain Name System (DNS)
threats.
changers and launch mobile phishing50 attacks
We’ve
seen
the
online
banking
similar to those we’ve already seen in the past.
malware
They won’t stop at just gaining access to victims’
volume steadily rise throughout the first half of
online banking accounts, they will even go so
201446, 47. Apart from data-stealing ZeuS malware,
VAWTRAK48
also
affected
a
multitude
far as stealing their identities51. And to come up
of
with even stealthier mobile threats, we will see
online banking customers specifically in Japan,
the emergence of packers akin to those used on
contributing to the overall volume growth in the
computer malware.
second quarter of the year. Complex operations
like Emmental49, which proved that even the
The success of targeted attacks in obtaining user
two-factor authentication measures that banks
data will also inspire cybercriminals to better
employed could be flawed, also figured in the
employ reconnaissance to make more money from
threat landscape.
their malicious schemes. Cybercrooks will use
proven targeted attack methodologies for shortselling and front-running schemes.
140K
137K
The growing risks online banking threats pose
should motivate individuals and organizations
112K
alike to use the two-factor authentication measures
102K
and hardware or session tokens that banks and
70K
other financial institutions provide. Payment card
providers in the United States and other countries,
meanwhile, should put data security at the forefront
by making the use of chip-and-PIN cards and PoS
terminals mandatory, especially amid the breaches
0
1Q
2Q
hitting big-name companies left and right.
3Q
We continued to see a steady rise in the online banking
malware volume throughout the first half of 2014.
16
REFERENCES
1.
Lord Alfred Remorin. (June 2, 2014). TrendLabs Security Intelligence Blog. “GameOver: ZeuS with P2P Functionality
Disrupted.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-withp2p-functionality-disrupted/.
2.
Trend Micro Incorporated. (September 2, 2014). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets
Japan Users.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-acomeback-targets-japan-users/.
3.
Trend Micro Incorporated. (May 22, 2014). TrendLabs Security Intelligence Blog. “SpyEye-Using Cybercriminal Arrested
in Britain.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/spyeye-usingcybercriminal-arrested-in-britain/.
4.
Arabelle Mae Ebora. (September 3, 2014). TrendLabs Secuirty Intelligence Blog. “iCloud Hacking Leak Now Being Used as Social
Engineering Lure.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/icloud-hackingleak-now-being-used-as-social-engineering-lure/.
5.
Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle. (2013). Trend Micro Security Intelligence. “Deep
Web and Cybercrime: It’s Not All About Tor.” Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/
pdfs/security-intelligence/white-papers/wp-deepweb-and-cybercrime.pdf.
6.
Wikimedia Foundation Inc. (October 5, 2014). Wikipedia. “Darknet (File Sharing).” Last accessed October 13, 2014, http://
en.wikipedia.org/wiki/Darknet_(file_sharing).
7.
Robert McArdle. (October 3, 2013). TrendLabs Security Intelligence Blog. “Deep Web and Cybercrime―It Is Not Just the Silk
Road.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/deepweb-and-cybercrime-itis-not-just-the-silk-road/.
8.
Trend Micro Incorporated. (2013). Threat Encyclopedia. “Blurring Boundaries: Trend Micro Security Predictions for 2014
and Beyond.” Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/security-predictions/2014/blurringboundaries/.
9.
Trend Micro Incorporated. (August 11, 2014). TrendLabs Security Intelligence Blog. “Checking in on Africa: The Latest
Developments in Cybercrime.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
checking-in-on-africa-the-latest-developments-in-cybercrime/.
10. Rhena Inocencio. (May 26, 2014). TrendLabs Security Intelligence Blog. “The BlackShades RAT―Entry-Level Cybercrime.”
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-levelcybercrime/.
11. Trend Micro Incorporated. (April 28, 2014). TrendLabs Security Intelligence Blog. “The Russian Underground, Revisited.” Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-underground-revisited/.
12. Max Goncharov. (2014). Trend Micro Security Intelligence. “Russian Underground Revisited.” Last accessed October 13, 2014,
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf.
13. Ahmad Mukaram. (June 10, 2014). Recorded Future. “Cyberthreat Landscape: Forecast.” Last accessed October 13, 2014,
https://www.recordedfuture.com/cyber-threat-landscape-forecast/.
14. Numaan Huq. (September 11, 2014). TrendLabs Security Intelligence Blog. “2014―An Explosion of Data Breaches and PoS RAM
Scrapers.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-ofdata-breaches-and-pos-ram-scrapers/.
15. Gregory Wallace. (May 5, 2014). CNN Money. “Timeline: Retail Cyber Attacks Hit Millions.” Last accessed October 13, 2014,
http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/.
16. Jonathan Leopando. (September 9, 2014). TrendLabs Security Intelligence Blog. “Home Depot Breach Linked to BlackPOS
Malware.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breachlinked-to-blackpos-malware/.
17. Trend Micro Incorporated. (2014). Threat Encyclopedia. “Home Depot Confirms Breach of U.S. and Canada Stores, Reported to
Be Largest in Record.” Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/special-reports/data-breach/
home-depot-confirms-breach-of-us-and-canada-stores/index.html.
18. Masayoshi Someya. (August 18, 2014). TrendLabs Security Intelligence Blog. “Risks from Within: Learning from the Amtrak
Breach.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/risks-from-withinlearning-from-the-amtrak-data-breach/.
19. Clare O’Connor. (May 5, 2014). Forbes. “Target CEO Gregg Steinhafel Resigns in Data Breach Fallout.” Last accessed October
13, 2014, http://www.forbes.com/sites/clareoconnor/2014/05/05/target-ceo-gregg-steinhafel-resigns-in-wake-of-data-breachfallout/.
20. Tracy Kitten. (June 18, 2014). Bank Info Security. “Revamping the U.S. Payments System: Security, Faster Payments Key
to Fed’s 5-Year Plan.” Last accessed October 13, 2014, http://www.bankinfosecurity.com/interviews/feds-role-in-futurepayments-i-2346/op-1.
21. Scott Webster. (March 7, 2013). CNET. “Security Bug Found for Samsung Galaxy S3.” Last accessed October 13, 2014,
http://www.cnet.com/news/security-bug-found-for-samsung-galaxy-s3/.
22. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile
Threats.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilitiesthe-other-side-of-mobile-threats/.
23. Weichao Sun. (July 29, 2014). TrendLabs Security Intelligence Blog. “Vulnerabilities in Alipay Android App Fixed.” Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-in-alipay-android-app-fixed/.
24. Ryan Certeza. (May 31, 2014). TrendLabs Security Intelligence Blog. “The Android Fragmentation Problem.” Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-android-fragmentation-problem/.
25. Jon Oliver. (July 31, 2013). TrendLabs Security Intelligence Blog. “The Current State of the Blackhole Exploit Kit.” Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-current-state-of-the-blackhole-exploit-kit/.
26. David Sancho. (July 22, 2014). TrendLabs Security Intelligence Blog. “Finding Holes in Banking Security: Operation Emmental.”
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/finding-holes-operation-emmental/.
27. Abigail Pichel. (May 26, 2014). TrendLabs Security Intelligence Blog. “Ransomware Moves to Mobile.” Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-moves-to-mobile/.
28. Weichao Sun. (June 17, 2014). TrendLabs Security Intelligence Blog. “Android Ransomware Uses Tor.” Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/.
29. Simon Huang. (August 12, 2014). TrendLabs Security Intelligence Blog. “The Dangers of the Android FakeID Vulnerability.”
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-dangers-of-the-android-fakeidvulnerability/.
30. Steven Millward. (March 5, 2014). Tech in Asia. “Starting Today, Chinese Consumers Will Be Able to Buy Almost Anything Inside
WeChat.” Last accessed October 13, 2014, http://www.techinasia.com/wechat-adds-payment-support-for-brands-and-retailers/.
31. Warren Tsai. (September 25, 2014). TrendLabs Security Intelligence Blog. “Apple Pay: Introducing (Secure) Mobile Payments?”
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/apple-pay-introducing-securemobile-payments/.
32. Johnliz Ortiz. (July 7, 2014). TrendLabs Security Intelligence Blog. “iPhone 6 Rumors Spur Scams.” Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-6-rumors-spur-scams/.
33. Pawan Kinger. (April 8, 2014). TrendLabs Security Intelligence Blog. “Skipping a Heartbeat: The Analysis of the Heartbleed
Open SSL Vulnerability.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/skippinga-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/.
34. Pavan Thorat and Pawan Kinger. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability Leads to
Shellshock: What It Is, How It Affects You.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-securityintelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/.
35. Trend Micro Incorporated. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability (Shellshock) Exploit
Emerges in the Wild, Leads to BASHLITE Malware.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabssecurity-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/.
36. Trend Micro Incorporated. (September 26, 2014). TrendLabs Security Intelligence Blog. “Shellshock―How Bad Can It Get?” Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/.
37. Trend Micro Incorporated. (2014). Threat Encyclopedia. “About the Shellshock Vulnerability: The Basics of the ‘Bash Bug.’” Last
accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-shellshockvulnerability-bash-bug.
38. Maxim Goncharov. (April 10, 2014). TrendLabs Security Intelligence Blog. “Heartbleed Vulnerability Affects 5% of Select TopLevel Domains from Top 1M.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
heartbleed-vulnerability-affects-5-of-top-1-million-websites/.
39. OWASP Foundation. (August 26, 2014). OWASP. “Top 10 2013―Top 10.” Last accessed October 13, 2014, https://www.owasp.
org/index.php/Top_10_2013-Top_10.
40. United States Securities and Exchange Commission. (October 2, 2014). “Form 8-K: JPMorgan Chase & Co.” Last accessed
October 13, 2014, http://investor.shareholder.com/JPMorganChase/secfiling.cfm?filingID=1193125-14-362173.
41. Geoff Grindrod. (June 16, 2014). TrendLabs Security Intelligence Blog. “The Smartification of the Home, Part 1.” Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-smartification-of-the-home-part-1/.
42. David Sancho. (September 4, 2014). TrendLabs Security Intelligence Blog. “The Security Implications of Wearables, Part 1.” Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-security-implications-of-wearablespart-1/.
43. Open Interconnect Consortium Inc. (2014). Open Interconnect Consortium. “About Us.” Last accessed October 13, 2014,
http://openinterconnect.org/about/.
44. Apple Inc. (2014). Apple Developer. “HomeKit.” Last accessed October 13, 2014, https://developer.apple.com/homekit/.
45. Trend Micro Incorporated. (2014). Threat Encyclopedia. “The Internet of Everything: Layers, Protocols and Possible Attacks.”
Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/internet-of-everything/ioe-layersprotocols-and-possible-attacks.
46. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the
Unexpected.” Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrimehits-the-unexpected/.
47. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber
Attacks.” Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/2Q/turning-thetables-on-cyber-attacks/.
48. Trend Micro Incorporated. (2014). Threat Encyclopedia. “VAWTRAK Plagues Users in Japan.” Last accessed October 14, 2014,
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack//3141/vawtrak-plagues-users-in-japan.
49. David Sancho, Feike Hacquebord, and Rainer Link. (2014). Trend Micro Security Intelligence. “Finding Holes: Operation
Emmental.” Last accessed October 14, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/whitepapers/wp-finding-holes-operation-emmental.pdf.
50. Paul Pajares. (February 21, 2012). TrendLabs Security Intelligence Blog. “When Phishing Goes Mobile.” Last accessed October
14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/when-phishing-goes-mobile/.
51. Arabelle Mae Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attacks Ask for Government
IDs.” Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asksfor-users-government-ids/.
Created by:
Global Technical Support & R&D Center of TREND MICRO
Trend Micro Incorporated, a global leader in security software and
solutions, strives to make the world safe for exchanging digital
information. For more information, visit www.trendmicro.com.
©2014 Trend Micro, Incorporated. All rights reserved. Trend Micro and
the Trend Micro t-ball logo are trademarks or registered trademarks of
Trend Micro, Incorporated. All other product or company names may
be trademarks or registered trademarks of their owners.