2022 Trend Micro Inc - National Cybersecurity Alliance

Page created by Jim Fields
 
CONTINUE READING
2022 Trend Micro Inc - National Cybersecurity Alliance
1   © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
DIGITAL TRANSFORMATION

   In 5 years, 25% of
     shopping malls
  in U.S. will be gone!
Source: Forbes, 2018

       Mobile payments
           > U$1T
 Source: Statista, 2019

   2          © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
Benefits of Digital Transformation vs.
      Cyber Crime Challenges
Technological Innovations
     Cloud
                          IoT/IIoT             AI/ML
     Big Data

                                 Platform &              Smart
             Fiber / 5G          computing
                                technologies           Infra/auto

                               +
       1. Environmental Factor – Misinformation
       2. Social Engineering – Targeted attacks

                          = Exponential Growth of
                          Cybersecurity Challenges !

                                                  More data and information providing a huge
 3           © 2022 Trend Micro Inc.
                                                 opportunities for scam and fraud perpetrators
2022 Trend Micro Inc - National Cybersecurity Alliance
New Enterprise Protection, “Zero Trust Strategy”

                              Cloud-native apps              Multiple clouds

SaaS applications                                                        Extended network

                                   Email
                                                      On-premise

                                                                               IoT and OT
Remote users

                                              Multiple OSs
4   © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
Social Engineering (human factor in cybersecurity)
 Adversaries:
 §     State Actors                                                          “Trusted Sources”
 §     Organized Criminals                                                                                      Business and
       and Hackers
                                                                Social
          •    Phishing                                       Engineering                                       Home Users
          •    Baiting
          •    Impersonating                                             i.e., BEC, deepfake, spear
          “Trusted Sources”                                                 phishing , pharming
          i.e., fake donation,
          technical support,                            Phishing
          relatives and friends
          need urgent help, prize
          winners…etc.
                                              Technical Attacks (web, file,
                                                email, cloud, network,
                                                 endpoint devices….)
                                                                  Vulnerability Exploits

“In the context of information security, social engineering is the psychological manipulation of people into
performing
 5            actions
          © 2022       or divulging
                 Trend Micro Inc.   confidential information. This differs from social engineering within the
social sciences, which does not concern the divulging of confidential information.” Wikipedia
2022 Trend Micro Inc - National Cybersecurity Alliance
A Successful Threat Defense Against Both
    Technology Defense:
    Prevent, detect, and respond to sophisticated software and attacking by
    technologies. i.e., vulnerability exploit, cloud and network, endpoint and
    IoT devices.

    Social Engineering Defense:
    Identify human emotions exploits i.e., fear, curiosity, helping heart,
    misinformation,..etc.

    Cyber crimes and scams with sophisticated social engineering component
    may be more difficult to prevent and detect as it cannot be defended
    through technical solutions alone.

6   © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
Rapid Cybercrime Increase!

7   © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
Thank You!

8   © 2022 Trend Micro Inc.
2022 Trend Micro Inc - National Cybersecurity Alliance
Recommendation for all webinar participants:
Must Observe Cybersecurity Hygiene
  § Always use strong password (or password management tool)
  § Enable multi-factor or two-factor authentication
     ü multiple login steps
     ü what you know, device you have, or your biometrics
  § Backup and Restore discipline
  § Trusted Vendors - monitoring
      § Cloud storage (i.e., OneDrive, Dropbox, Google Drive,..etc)
      § Service providers (i.e., payment platform, ISP/xSP, ERP/CRM,..etc)
  § Cybersecurity protection at home computing, WiFi routers, and mobile
    devices (always setup and change default passwords)
  § Caution with potential fake (spoofed) websites
     § Professional customer support with 24x7 urgent reporting options
     § Use a real-time cybersecurity browser protection
     § Malicious and fraudulent websites
2022 Trend Micro Inc - National Cybersecurity Alliance
Observe Cybersecurity Hygiene (continued)
§ Install OS upgrades and vulnerability patches timely
§ Protect your identity
    § Minimize family and professional relationship public postings
    § Protect your PII (personally identifiable information)
    § ID protection, credit score, and credit freeze
§ Use reputable cybersecurity tools
    § Seek professional IT and cybersecurity help if needed
    § Clear defense strategy and observe IT operating policy if available
               i.e., will a single layer endpoint (laptop) antivirus product suffice?

§ Watch Out for Phishing and Smishing
>> Think and Assess before you click!
Trend Micro’s Focus on Cybersecurity Education
and Awareness Outreach
                  Universities and K-
                     12 Schools          SYNERGY priority,
                                                              Nonprofits and
                                        timing, and culture    Government

    DIGITAL                               Trend Micro

 TRANSFORMATION
Our Email Contact:
       csr_education@trendmicro.com

Mitchel Chang
Senior Vice President, CSR and Education
Trend Micro
Mitchel_chang@trendmicro.com

Mitchel is responsible for Trend Micro’s Corporate Social Responsibility (CSR) and Initiative for
Education. He brings his passion to make the digital world safer along with decades of technology
industry leadership experience to the education outreach programs. Mitchel has been with Trend Micro
since 2003, serving 12 years as Senior Vice President of Global Technical Support. As part of the executive
team, he was responsible for all customer support functions, developing an internationally recognized and
award-winning support team. Mitchel is actively engaged with three major Trend Micro’s education
outreach programs: 1) Internet Safety for Home and Small Businesses, 2) Internet Safety for Kids and
Families, and 3) Cybersecurity Education for Universities. He has also served on various national and
community education advisory boards such as Cybercrime Support Network (CSN), NIST National Initiative
for Cybersecurity Education (NICE) Conference, National Cybersecurity Alliance (NCSA), and Silicon Valley
Cybersecurity Institute (SVCSI).
The Global
State
of Scams
Scams, fraud & cybercrime are closely related

                                                              Cybercrime                                         Cybercrime
                                                     Child Abuse                  Cyberstalking                  • All crime using (Internet) technology
                                                             Mal- & Ransomware                                   • Victims include companies/countries
                                                                                     HYIP
                                          Fake IT Support
                                                                                            Dating Scams
                                                                   Media Piracy
                                   Non-Delivery                                                   Advance Fees

 Online Fraud
 • The victim is “tricked”      Online Fraud                 Unexpected Money               Online Scams
 • & provides data/money                                                                    Employment & Jobs
                                  Phishing/Vishing                 Counterfeit
                                                                    products
                                       Fake Charities                                       Investments              Online Scams
                                                                                   Pyramid/Ponzi
                                                                                                                     • The victim “volunteers”
                                                      BEC
                                                                                   schemes                           • “greed” plays a major role
                                                                   Hacking
                                                     Cyberbullying         DDoS Attacks
                                                             Threats & Extortion

  Online criminals use the same infrastructure and tricks to commit several kinds of online scams, frauds and cybercrime
What do wigs, research papers and herpes share?

   They are products popular amongst scammers. Scam victims feel ashamed to go to the police to report the scam.
                      Globally on average 3 - 15% of all scams are reported to law enforcement.
Squid Game crypto token scammed $ 3.4 million in 5 days

                 Squid was billed as a token that could be used for a new online game inspired by the popular Netflix series.
                 The game was due to go live this month. Its value grew from $ 0.01 to $ 38.48 in 5 days before it collapsed.
https://www.bbc.com/news/business-59129466?fbclid=IwAR0fhr86Z7t4e-0SbIphKruMjRYD_qS2F6-9P_Jhhr7BveArsqf5d4HvbkQ
Anybody, high- and low-educated, can fall for a scam

            The Sha Zhu Pan or “Pig-Butchering” Scam: victims are “fattened up” for 3 to 6 months
                     before being asked for money in Romance and Forex/Crypto Scams
76% of consumers are confident they can identify scams

    Not confident at all

     Not very confident

             Fairly confident

              Very confident

                                                   0%                             10%                              20%                   30%   40%   50%

Question 10: To what extent are you confident or not that you would be able to identify a scam if you came across one? Answered: 2,684
Of those targeted, 73% fell for a scam
50%
45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
              I lost money             My personal details I ended up taking                           I was affected in       I was drawn into None of the above -   Other (please
                                          were taken       part in an activity I                       some other way          the scam initially I was not drawn       specify)
                                                             did not want to                            (please specify)       but did not suffer   into the scam
                                                                                                                                any type of loss

                                               46% reported losing money, 20% lost personal data in at least one scam
Question 11: You were targeted by scams in the last year. As a consequence, which of the following happened? Answered: 2,687
Most consumers do not identify the scam in time

                                               Other (please specify)

     I suspected it was a scam but I chose to risk it

                     I was attracted by the lure of money

        I lacked the knowledge to identify the scam

    I did not identify the scam until it was too late

                                                                                        0%              10%   20%   30%   40%   50%   60%

 43% of the participants admit they were attracted to the lure of money or took the risk willingly
Question 13: You stated falling for a scam. Which were the main causes this happened? Answered: 2,033
Higher income consumers take risks more willingly

 60%

 50%

 40%

 30%

 20%

 10%

   0%
               Under $15,000             Between $15,000 and            Between $30,000 and             Between $50,000 and   Between $75,000 and   Between $100,000 and   Prefer not to say
                                              $29,999                        $49,999                         $74,999               $99,999               $150,000

                          I did not identify the scam until it was too late                                          I lacked the knowledge to identify the scam
                          I was attracted by the lure of money                                                       I suspected it was a scam but I chose to risk it

                     Lower income respondents seem slightly more attracted by the lure of money
Question 13: You stated falling for a scam. Which were the main causes this happened? Answered: 2,033
We are only at the beginning; Scammers are professionalizing rapidly

     Scams are Increasingly                     Scams are Localized                       Specific Groups
         Personalized                              & Translated                            are Targeted

        With more data and new technologies such as deep fakes, scams are becoming very difficult to identify
How “BIG” are
Online Scams?
Online scams have grown sharply due to Corona

                                $ Billion Lost in Online Scams                                        Number of Complaints received
                                                                                    4.2
                                                                                                                                         791790
                                                                             3.5

                                                             2.7
                                                                                                                                467361

                                                                                                                      351937
                          1.5              1.4                                            288012   298728   301580
         1.1

       2015             2016             2017             2018              2019   2021   2015     2016     2017      2018      2019     2020

                    However the number of scams and money lost have been growing for years…
Source: FBI IC3 reported scams in the USA. pdf.ic3.gov/2019_IC3Report.pdf
We researched scam statistics from 42 countries
                                                                     Series1
                                                                        190%

                                                                        -14%

                           And how they try to fight online scams…
$ 47.8* Billion
           lost in Scams
           Up 15%

* The actual amount is likely to be much higher as on average only 7% of all scams are reported
Scams Reported
grew from 139
to 266 million (93%)
Scammers
are
Winning
Online scams are great (for criminals)

                 Offline                        Online
             Mature Market                 Growing market
               High Costs                  Low Investments
          High Chance of Arrest          Low Chance of Arrest
You can also read