THE INVISIBLE BECOMES VISIBLE
About Jack Berlin
http://www.prizmshare.com
security
october
accessed
trend
intelligence
threat
A TrendLabsSM Report THE INVISIBLE BECOMES VISIBLE Trend Micro Security Predictions for 2015 and Beyond Trend Micro LegaL discLaiMer The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is†condition. PREDICTIONS More cybercriminals will turn to darknets and exclusive-access forums to share and sell crimeware.1 | Increased cyber activity will translate to better, bigger, and more successful hacking tools and attempts. 2 | Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device infection. 3 | Targeted attacks will become as prevalent as cybercrime. 4 | New mobile payment methods will introduce new threats. 5 | We will see more attempts to exploit vulnerabilities in open source apps. 6 | Technological diversity will save IoE/IoT devices from mass attacks but the same won’t be true for the data they process. 7 | More severe online banking and other financially motivated threats will surface.8 | 1 1| More cybercriminals will turn to darknets and exclusive-access forums to share and sell crimeware. 2 2015 Security PredictionS Severals takedowns occurred this year, thanks to collaborative public-private partnerships and efforts. Trend Micro particularly aided in disrupting GameOver1 operations despite the malware’s resilience to takedown. We also provided threat intelligence and research findings to law enforcers, halting Citadel-related2 attacks against Japanese banks and contributing to the arrest of James Bayliss (Jam3s), Aleksandr Andreevich Panin (Gribodemon), and Hamza Bendelladj (bx1)3 who ran several SpyEye command-and-control (C&C) servers. These developments, however, will make anonymity a crucial requirement in committing cybercrime since security researchers and law enforcers now have quick access to the underground. Case in point―the celebrity photos tied to the iCloud®4 hack that were first leaked on Reddit and 4chan ended up on the Deep Web5 as well. Leveraging the Deep Web and darknet services6 or using untraceable and anonymous peer-to- peer (P2P) networks like Tor, I2P, and Freenet to exchange and sell tools and services is no longer new. We’ve seen cybercriminals use rogue top- level domains (TLDs) as alternative domains to further cloak underground markets like Silk Road7, which was shut down by the Federal Bureau of Investigation (FBI) after two-and-a-half years of operation. We’ve also seen cybercriminals adopt targeted attack techniques8 to better evade detection, just as we predicted in 2013. In Africa9, this was manifested by the exploitation of vulnerabilities normally associated with targeted attacks via the distribution of typical cybercrime malware like ZeuS. Cybercriminals are also increasingly using remote access tools (RAT) like BlackShades10 in attacks. It does not help that the prices of malicious wares in underground markets are decreasing as supplies increase. The average price of stolen U.S. credit card credentials11 has declined from US$3 in 2011 to US$1 in 2013. Compromised account credential prices have also dropped in the Russian underground12. Stolen Facebook credentials that cost US$200 in 2011 only cost US$100 in 2013 while Gmail™ account credentials that were sold for US$117 in 2011 were only sold for US$100 in 2013. As more and more players enter the cybercriminal underground economy, ware prices will continue to decline. Before long, getting the greatest number of customers will depend on who can assure that buyers won’t be caught red- handed. Sellers will be pushed to go even deeper underground, particularly into the deep recesses of the Web. A comparison of the prices of stolen credit card credentials from various countries in the Russian underground revealed a declining trend from 2011 to 2013. As the bad guys move deeper into the Web, security firms and law enforcers need to extend their reach as well to cover the Deep Web and darknet services. This will require greater effort and investment. Public-private partnerships will be needed more than ever to disrupt and take down cybercriminal operations. Security firms should continue to provide threat intelligence to help law enforcers catch perpetrators. Lawmakers worldwide, meanwhile, need to agree on what constitutes cybercrime to aid enforcers, regardless of jurisdiction, to bring bad guys to justice. US$10 0 AUS CAN USAUKGER 5 2011 2012 2013 1 5 6 44 3 2| Increased cyber activity will translate to better, bigger, and more successful hacking tools and attempts. 4 2015 Security PredictionS The constant growth of cyber activities13 worldwide means that individuals and organizations alike will continue to succumb to online threats and attacks. Cybercriminals will, however, set their sights on bigger targets rather than on individuals, as this translates to bigger gains. We’ve seen cybercriminals use point-of-sale (PoS) RAM scrapers14 to steal millions of customer data records from some of the biggest retailers worldwide. Before 2013 ended, Target15 lost the credit card information of 70 million of its customers to cybercriminals in a PoS malware attack. Target wasn’t alone, however, as other organizations like P.F. Chang’s suffered the same fate. And months before 2014 is set to end, Home Depot16 took Target’s place as the biggest breach victim17 to date. The breached organizations lost customer data, which damaged their brands and cost them dearly. The number of recorded cyber attacks against all sorts of organizations that handle customer data has been steadily increasing from 2011 to the present. http://www.idtheftcenter.org/images/ breach/20052013UPDATEDSummary.jpg Though majority of breaches result from external attacks, some, like the Amtrak18 breach, are caused by insider threats. Reports revealed that an Amtrak employee has been selling rail passengers’ personally identifiable information (PII) for two decades before getting found out. That said, individuals and organizations alike will do well to assume that all of the data they reveal online will land in cybercriminals’ hands. We’ll see two or more major data breach incidents each month. Banks and financial institutions, along with customer data holders, will always be attractive breach targets. As a result, we will continue to see changes in victims’ upper management19 every time they succumb to attacks. So how should organizations and individuals respond? It’s best to assume compromise. Individuals should regularly change passwords while organizations should constantly monitor their networks for all kinds of threats and exploitable vulnerabilities. Waiting for solutions like more secure payment systems20 and legal sanctions, though already in the works, is no longer enough. Awareness of threats is a must and so are ever-ready mitigation and remediation plans because no one is safe from compromise. 800 0 473 614 421 2011 2012 2013 2014 400 606* *As of October 2014 5 3| Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device infection. 6 2015 Security PredictionS Apart from twice the current number of Android™ threats foreseen in 2015, the number of vulnerabilities in mobile devices, platforms, and apps will pose more serious security risks. Data stored in mobile devices will land in cybercriminals’ hands for use in attacks or selling underground. 8M 0 1.4M 350K 20132012 2014 2015 4M 4M 8M The cumulative Android threat volume has steadily been increasing since 2012. We are likely to see the 2014 total to double in 2015. The vulnerabilities we’ve seen so far did not only reside on devices21 but also on platforms and apps. Platform threats like the master key vulnerability22 allowed cybercrooks to replace legitimate apps with fake or malicious versions. When exploited, a certain Chinese third-party payment app vulnerability23, meanwhile, allowed bad guys to phish information from infected devices. We will see mobile attackers use tools similar to the Blackhole Exploit Kit (BHEK) to take advantage of problems like Android OS fragmentation24. The success of BHEK25 and similar tools in infecting computers running different OSs will serve cybercrooks well in attacking Android devices since most users either don’t or can’t regularly update their systems and software. Bad guys can point vulnerable device users to malicious websites, for instance. Successful exploitation can then give them access to any or all of the information stored in affected devices. Worse, because exploit kits are known for affecting multiple platforms, should such a kit be made to target even mobile devices, who’s to say that the threats infected smartphones carry won’t spread to any device they have access to? A steady rise in the number of mobile banking malware will be seen as well. Earlier this year, we saw the cybercriminals behind Operational Emmental26 prod a European bank’s customers to install a malicious Android app to gain access to their accounts. We will see more such attacks amid the rise in mobile banking popularity. Traditional computer threats like ransomware and tactics like darknet service use will also figure in the mobile landscape. We already saw the first mobile ransomware27 in the form of REVETON rear its ugly head this year, along with another malware that used Tor28 to better evade detection. Installing malicious apps and visiting malicious websites will no longer be the sole mobile infection vectors. Vulnerability exploitation across platforms will become even bigger mobile threats. Security vendors should extend vulnerability shielding and exploit-prevention technologies to include protection for mobile devices. Finally, mobile device manufacturers and service providers should work more closely with one another to come up with scalable vulnerability-patching solutions to prevent infection and data theft. 7 4| Targeted attacks will become as prevalent as cybercrime. 8 2015 Security PredictionS Successful high-profile and widely talked-about targeted attack campaigns led to the realization that cyber attacks are effective means to gather intelligence. Targeted attacks will no longer just be associated with countries like the United States or Russia. We’ve seen such attacks originate from other countries like Vietnam, India, and the United Kingdom. We’ve seen threat actors set their sights on countries like Indonesia and Malaysia as well. In the next few years, we will see even more diverse attack origins and targets. Threat actors’ motivations will continue to vary. They will, however, continue to go after top-secret government data, financial information, intellectual property, industry blueprints, and the like. Although majority of targeted attacks seen to date are initiated by spear-phishing emails or watering hole tactics, social media will increasingly be abused as infection vectors in the future. Threat actors will also explore the viability of exploiting router vulnerabilities as a means of getting in to target networks. Organizations that have been targeted in the past should not be complacent. Just because they’ve been breached before doesn’t mean they’re safe from future attacks. Threat actors can still use them to get to even bigger targets, likely their partners or customers. The demand for portable or proxy in-the-cloud solutions that offer self-defense for security risks will rise. The popularity of network solutions such as firewalls and unified threat management (UTM) software, meanwhile, will decline. Better security analytics will become crucial to combat targeted attacks. Organizations should know what is normal for them and set this as a baseline when monitoring for threats. Network visualization and heuristic or behavior detection will also help them avoid becoming victims. Traditional or conventional security technologies will no longer be sufficient. 9 5| New mobile payment methods will introduce new threats. 10 2015 Security PredictionS The recent iPhone® 6 release came with the introduction of Apple’s version of digital payment― Apple Pay™. This, along with the increasing use of Google Wallet™ and other similar payment modes will act as catalyst for mobile payment to become mainstream. We will see new threats specifically target mobile payment platforms in the next few months akin to the Android FakeID vulnerability29, which allowed cybercriminals to steal affected users’ Google Wallet credentials. This year, apps like WeChat30 also started allowing users to purchase goods sold by certain retailers with so-called “credits.†If this becomes big, we will see cybercriminals take advantage of vulnerabilities in similar apps to steal money from users. Although we have yet to see actual attacks and attempts to breach the Apple Pay31 ecosystem comprising NFC and Passbook, which holds users’ card information, cybercriminals used the latest iPhone models32 as social engineering bait two months before they were even launched. It’s safe to assume that as early as now, the bad guys are already looking for vulnerabilities to exploit in Apple Pay. They will continue to scrutinize NFC as well. To stay safe from emerging threats, users would do well to practice safe computing habits, particularly those related to NFC use. Individuals who use NFC readers via their mobile devices should turn these off when they’re not in use. Locking their devices will help them avoid becoming a cybercrime victim. Organizations that accept mobile payments, meanwhile, should install and use security solutions that protect from NFC- related and similar security threats. 11 6| We will see more attempts to exploit vulnerabilities in open source apps. 12 2015 Security PredictionS Vulnerabilities in open source protocols like Heartbleed33 and command processors like Shellshock34 that remained undetected for years were heavily exploited this year, leading to serious repercussions. Just hours after the initial discovery of Shellshock, we saw several malware payloads35 in the wild. Distributed denial-of-service (DDoS) attacks and Internet Relay Chat (IRC) bots36 related to the vulnerability’s exploitation, which can disrupt business operations, were also spotted. More than Web surface attacks, however, Shellshock also put users of all Linux-based37 OSs and apps, which depended on protocols like HTTP, File Transfer Protocol (FTP), and Dynamic Host Configuration Protocol (DHCP) at risk. Shellshock reminded the World Wide Web of Heartbleed, which put a lot of websites and mobile apps that used Open SSL at risk earlier this year. A quick scan of the top 1 million TLDs according to Alexa38, in fact, revealed that 5% were vulnerable to Heartbleed. When exploited, Heartbleed allows attackers to read parts of affected computers’ memory, which may contain confidential information. Attackers will continue their search for seemingly dormant vulnerabilities like Heartbleed and Shellshock in the coming years. They will keep tabs on oft-forgotten platforms, protocols, and software and rely on irresponsible coding practices to get to their targets. As in 201339, we will see even more injection, cross-site-scripting (XSS), and other attacks against Web apps to steal confidential information. Attacks such as that on JPMorgan Chase & Co.40, which put over 70 million customers’ personal data at risk, will continue to surface. Continuous security improvements in Microsoft™ Windows® and other big-name OSs will lead to a decline in their number of vulnerabilities. This will push attackers to instead focus on finding vulnerabilities in open source platforms and apps such as Open SSL v3 as well as OS kernels. Individuals and organizations can, however, stay protected by regularly patching and updating their systems and software. Organizations are also advised to invest in more intelligence-based security solutions backed by trusted global threat information sources, which can thwart exploitation attempts even if patches for vulnerabilities have yet to be issued. 13 7| Technological diversity will save IoE/IoT devices from mass attacks but the same won’t be true for the data they process. 14 2015 Security PredictionS Attackers will find IoE/IoT devices viable attack targets because of the endless possibilities their use presents. We are bound to see greater adoption of smart devices like smart cameras and TVs in the next few years, along with attacks against their users. As factors like market pressure41 push device manufacturers to launch more and more smart devices sans security in mind to meet the rising demand, so will attackers increasingly find vulnerabilities to exploit for their own gain. Despite mass smartification, however, the first attacks we’ll see on smart appliances as well as wearable and other IoE/IoT devices will not be financially motivated. They will be more whitehat hacks to highlight security risks and weaknesses so manufacturers can improve their products, particularly the way they handle data. If and when these devices are hacked for purposes other than to bring vulnerabilities to light, cybercriminals will likely launch sniffer, denial-of-service (DoS), and man-in-the middle (MiTM) attacks42. Since IoE/IoT devices remain too diverse and a “killer app†has yet to emerge, bad guys will not be able to truly launch attacks against them. Attackers are more likely to go after the data that resides in these devices. In 2015, we expect attackers to hack smart device makers’ databases to steal information for traditional cyber attacks. Later on, however, aided by the formation of the Open Interconnect Consortium (IOC)43 and the launch of HomeKit44, we expect a shift in tides, as common protocols and platforms slowly emerge. As attackers begin to better understand the IoE/ IoT ecosystem, they will employ scarier tactics akin to ransomware and scareware to extort money from or blackmail device users. They can, for instance, hold smart car drivers45 hostage until they pay up when said vehicles officially hit the road come 2015. As such, smart car manufacturers should incorporate network segmentation in their smart car designs to adequately shield users from such threats. 15 8| More severe online banking and other financially motivated threats will surface. 16 2015 Security PredictionS Weak security practices even in developed countries like the United States such as not enforcing the use of two-factor authentication and adoption of chip-and-pin technology will contribute to the rise in online banking and other financially motivated threats. We’ve seen the online banking malware volume steadily rise throughout the first half of 201446, 47. Apart from data-stealing ZeuS malware, VAWTRAK48 also affected a multitude of online banking customers specifically in Japan, contributing to the overall volume growth in the second quarter of the year. Complex operations like Emmental49, which proved that even the two-factor authentication measures that banks employed could be flawed, also figured in the threat landscape. 140K 70K 0 1Q 2Q 3Q 137K 102K 112K We continued to see a steady rise in the online banking malware infections throughout the first half of 2014. NOTE: “Infection†refers to instances when threats were found on users’ computers and subsequently blocked by any Trend Micro security software. In the next few years, cybercriminals will no longer just launch financially motivated threats against computer users, they will increasingly go after mobile device users as well. They are likely to use fake apps and Domain Name System (DNS) changers and launch mobile phishing50 attacks similar to those we’ve already seen in the past. They won’t stop at just gaining access to victims’ online banking accounts, they will even go so far as stealing their identities51. And to come up with even stealthier mobile threats, we will see the emergence of packers akin to those used on computer malware. The success of targeted attacks in obtaining user data will also inspire cybercriminals to better employ reconnaissance to make more money from their malicious schemes. Cybercrooks will use proven targeted attack methodologies for short- selling and front-running schemes. The growing risks online banking threats pose should motivate individuals and organizations alike to use the two-factor authentication measures and hardware or session tokens that banks and other financial institutions provide. Payment card providers in the United States and other countries, meanwhile, should put data security at the forefront by making the use of chip-and-PIN cards and PoS terminals mandatory, especially amid the breaches hitting big-name companies left and right. 1. Lord Alfred Remorin. (June 2, 2014). TrendLabs Security Intelligence Blog. “GameOver: ZeuS with P2P Functionality Disrupted.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with- p2p-functionality-disrupted/. 2. Trend Micro Incorporated. (September 2, 2014). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets Japan Users.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a- comeback-targets-japan-users/. 3. Trend Micro Incorporated. (May 22, 2014). TrendLabs Security Intelligence Blog. “SpyEye-Using Cybercriminal Arrested in Britain.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/spyeye-using- cybercriminal-arrested-in-britain/. 4. Arabelle Mae Ebora. (September 3, 2014). TrendLabs Secuirty Intelligence Blog. “iCloud Hacking Leak Now Being Used as Social Engineering Lure.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/icloud-hacking- leak-now-being-used-as-social-engineering-lure/. 5. Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle. (2013). Trend Micro Security Intelligence. “Deep Web and Cybercrime: It’s Not All About Tor.†Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/ pdfs/security-intelligence/white-papers/wp-deepweb-and-cybercrime.pdf. 6. Wikimedia Foundation Inc. (October 5, 2014). Wikipedia. “Darknet (File Sharing).†Last accessed October 13, 2014, http:// en.wikipedia.org/wiki/Darknet_(file_sharing). 7. Robert McArdle. (October 3, 2013). TrendLabs Security Intelligence Blog. “Deep Web and Cybercrime―It Is Not Just the Silk Road.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/deepweb-and-cybercrime-it- is-not-just-the-silk-road/. 8. Trend Micro Incorporated. (2013). Threat Encyclopedia. “Blurring Boundaries: Trend Micro Security Predictions for 2014 and Beyond.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/security-predictions/2014/blurring- boundaries/. 9. Trend Micro Incorporated. (August 11, 2014). TrendLabs Security Intelligence Blog. “Checking in on Africa: The Latest Developments in Cybercrime.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ checking-in-on-africa-the-latest-developments-in-cybercrime/. 10. Rhena Inocencio. (May 26, 2014). TrendLabs Security Intelligence Blog. “The BlackShades RAT―Entry-Level Cybercrime.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-level- cybercrime/. 11. Trend Micro Incorporated. (April 28, 2014). TrendLabs Security Intelligence Blog. “The Russian Underground, Revisited.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-underground-revisited/. 12. Max Goncharov. (2014). Trend Micro Security Intelligence. “Russian Underground Revisited.†Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf. 13. Ahmad Mukaram. (June 10, 2014). Recorded Future. “Cyberthreat Landscape: Forecast.†Last accessed October 13, 2014, https://www.recordedfuture.com/cyber-threat-landscape-forecast/. 14. Numaan Huq. (September 11, 2014). TrendLabs Security Intelligence Blog. “2014―An Explosion of Data Breaches and PoS RAM Scrapers.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of- data-breaches-and-pos-ram-scrapers/. 15. Gregory Wallace. (May 5, 2014). CNN Money. “Timeline: Retail Cyber Attacks Hit Millions.†Last accessed October 13, 2014, http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/. 16. Jonathan Leopando. (September 9, 2014). TrendLabs Security Intelligence Blog. “Home Depot Breach Linked to BlackPOS Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breach- linked-to-blackpos-malware/. REFERENCES 17. Trend Micro Incorporated. (2014). Threat Encyclopedia. “Home Depot Confirms Breach of U.S. and Canada Stores, Reported to Be Largest in Record.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/special-reports/data-breach/ home-depot-confirms-breach-of-us-and-canada-stores/index.html. 18. Masayoshi Someya. (August 18, 2014). TrendLabs Security Intelligence Blog. “Risks from Within: Learning from the Amtrak Breach.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/risks-from-within- learning-from-the-amtrak-data-breach/. 19. Clare O’Connor. (May 5, 2014). Forbes. “Target CEO Gregg Steinhafel Resigns in Data Breach Fallout.†Last accessed October 13, 2014, http://www.forbes.com/sites/clareoconnor/2014/05/05/target-ceo-gregg-steinhafel-resigns-in-wake-of-data-breach- fallout/. 20. Tracy Kitten. (June 18, 2014). Bank Info Security. “Revamping the U.S. Payments System: Security, Faster Payments Key to Fed’s 5-Year Plan.†Last accessed October 13, 2014, http://www.bankinfosecurity.com/interviews/feds-role-in-future- payments-i-2346/op-1. 21. Scott Webster. (March 7, 2013). CNET. “Security Bug Found for Samsung Galaxy S3.†Last accessed October 13, 2014, http://www.cnet.com/news/security-bug-found-for-samsung-galaxy-s3/. 22. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile Threats.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilities- the-other-side-of-mobile-threats/. 23. Weichao Sun. (July 29, 2014). TrendLabs Security Intelligence Blog. “Vulnerabilities in Alipay Android App Fixed.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-in-alipay-android-app-fixed/. 24. Ryan Certeza. (May 31, 2014). TrendLabs Security Intelligence Blog. “The Android Fragmentation Problem.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-android-fragmentation-problem/. 25. Jon Oliver. (July 31, 2013). TrendLabs Security Intelligence Blog. “The Current State of the Blackhole Exploit Kit.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-current-state-of-the-blackhole-exploit-kit/. 26. David Sancho. (July 22, 2014). TrendLabs Security Intelligence Blog. “Finding Holes in Banking Security: Operation Emmental.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/finding-holes-operation-emmental/. 27. Abigail Pichel. (May 26, 2014). TrendLabs Security Intelligence Blog. “Ransomware Moves to Mobile.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-moves-to-mobile/. 28. Weichao Sun. (June 17, 2014). TrendLabs Security Intelligence Blog. “Android Ransomware Uses Tor.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/. 29. Simon Huang. (August 12, 2014). TrendLabs Security Intelligence Blog. “The Dangers of the Android FakeID Vulnerability.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-dangers-of-the-android-fakeid- vulnerability/. 30. Steven Millward. (March 5, 2014). Tech in Asia. “Starting Today, Chinese Consumers Will Be Able to Buy Almost Anything Inside WeChat.†Last accessed October 13, 2014, http://www.techinasia.com/wechat-adds-payment-support-for-brands-and-retailers/. 31. Warren Tsai. (September 25, 2014). TrendLabs Security Intelligence Blog. “Apple Pay: Introducing (Secure) Mobile Payments?†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/apple-pay-introducing-secure- mobile-payments/. 32. Johnliz Ortiz. (July 7, 2014). TrendLabs Security Intelligence Blog. “iPhone 6 Rumors Spur Scams.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-6-rumors-spur-scams/. 33. Pawan Kinger. (April 8, 2014). TrendLabs Security Intelligence Blog. “Skipping a Heartbeat: The Analysis of the Heartbleed Open SSL Vulnerability.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/skipping- a-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/. 34. Pavan Thorat and Pawan Kinger. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability Leads to Shellshock: What It Is, How It Affects You.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security- intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/. 35. Trend Micro Incorporated. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs- security-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/. 36. Trend Micro Incorporated. (September 26, 2014). TrendLabs Security Intelligence Blog. “Shellshock―How Bad Can It Get?†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/. 37. Trend Micro Incorporated. (2014). Threat Encyclopedia. “About the Shellshock Vulnerability: The Basics of the ‘Bash Bug.’†Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-shellshock- vulnerability-bash-bug. 38. Maxim Goncharov. (April 10, 2014). TrendLabs Security Intelligence Blog. “Heartbleed Vulnerability Affects 5% of Select Top- Level Domains from Top 1M.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ heartbleed-vulnerability-affects-5-of-top-1-million-websites/. 39. OWASP Foundation. (August 26, 2014). OWASP. “Top 10 2013―Top 10.†Last accessed October 13, 2014, https://www.owasp. org/index.php/Top_10_2013-Top_10. 40. United States Securities and Exchange Commission. (October 2, 2014). “Form 8-K: JPMorgan Chase & Co.†Last accessed October 13, 2014, http://investor.shareholder.com/JPMorganChase/secfiling.cfm?filingID=1193125-14-362173. 41. Geoff Grindrod. (June 16, 2014). TrendLabs Security Intelligence Blog. “The Smartification of the Home, Part 1.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-smartification-of-the-home-part-1/. 42. David Sancho. (September 4, 2014). TrendLabs Security Intelligence Blog. “The Security Implications of Wearables, Part 1.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-security-implications-of-wearables- part-1/. 43. Open Interconnect Consortium Inc. (2014). Open Interconnect Consortium. “About Us.†Last accessed October 13, 2014, http://openinterconnect.org/about/. 44. Apple Inc. (2014). Apple Developer. “HomeKit.†Last accessed October 13, 2014, https://developer.apple.com/homekit/. 45. Trend Micro Incorporated. (2014). Threat Encyclopedia. “The Internet of Everything: Layers, Protocols and Possible Attacks.†Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/internet-of-everything/ioe-layers- protocols-and-possible-attacks. 46. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the Unexpected.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrime- hits-the-unexpected/. 47. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/2Q/turning-the- tables-on-cyber-attacks/. 48. Trend Micro Incorporated. (2014). Threat Encyclopedia. “VAWTRAK Plagues Users in Japan.†Last accessed October 14, 2014, http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack//3141/vawtrak-plagues-users-in-japan. 49. David Sancho, Feike Hacquebord, and Rainer Link. (2014). Trend Micro Security Intelligence. “Finding Holes: Operation Emmental.†Last accessed October 14, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white- papers/wp-finding-holes-operation-emmental.pdf. 50. Paul Pajares. (February 21, 2012). TrendLabs Security Intelligence Blog. “When Phishing Goes Mobile.†Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/when-phishing-goes-mobile/. 51. Arabelle Mae Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attacks Ask for Government IDs.†Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asks- for-users-government-ids/. Created by: Global Technical Support & R&D Center of TREND MICRO Trend Micro Incorporated, a global leader in security software and solutions, strives to make the world safe for exchanging digital information. For more information, visit www.trendmicro.com. ©2014 Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.