Custom Defense Solutions

Trend Micro Custom Defense employs a comprehensive 360-degree detection to minimize the opportunities for a targeted attack through its family of security solutions.

Trend Micro Deep Discovery provides the network-wide visibility and intelligence that is the cornerstone of the Custom Defense solution against so-called APTs (advanced persistent threats) and targeted attacks such as this one.

For the Carbanak attack scenario, Deep Discovery could detect the attack at several different points in the sequence of events:

• Trend Micro Deep Discovery Email Inspector is able to detect the spear-phishing emails sent by attackers to the banks’ employees as the initial step to breach traditional security defenses, establish a foothold, and commence a targeted attack. Deep Discovery Email Inspector has email inspection capabilities that discover malicious content, attachments, and URL links that pass unnoticed through standard email secu

• Trend Micro Deep Discovery Analyzer is able to detect even previously unknown threats by analyzing a broad range of file types, sizes, and sources using customizable sandbox environments that attackers design and build to match organization’s desktop and device platforms. It enhances the malware detection capabilities of all existing security investments by giving the ability to share detected and analyzed threat insight, enabling security infrastructure to prevent malicious communication, websites, applications, malware and attacker behavior from spreading. 

• Trend Micro Deep Discovery Inspector is able to identify suspicious activities anywhere on   network, such as those executed by Carbanak in moving laterally through the network and connecting to its command and control. Deep Discovery Inspector is also able to proactively detect the traffic triggered by the remote administration tool used by attackers: Deep Discovery Inspector is capable of monitoring traffic across all ports and more than 80 protocols and applications to detect threats that are purposely built to evade traditional security defenses. It also features Trend Micro Advanced Threat Scan Engine that is able to detect the malicious email attachments with embedded exploit code through its forward-looking heuristic rules.

Once detected, Deep Discovery can provide the organization with both local intelligence and global threat intelligence from the Trend Micro Smart Protection Network to identify and assess the risk of the malware, communications or activities found. 

Finally, Deep Discovery provides automated security signature updates and alert notifications to the organizations’s other security products to enable a full Custom Defense that stops the attack from progressing further. Examples include: 

• Providing IOC (Indicators of Compromise) information including C&C blacklists to both Trend Micro and third party security products 
• SIEM alerting and full IOC sharing
• Optionally invoking Trend Micro Network VirusWall Enforcer to isolate endpoints known to be infected

Endpoint Protection

Properly-configured endpoint solutions can ensure the prevention of Carbanak from coming into the machine or network.

• Components of OfficeScan Corporate Edition (OSCE) such as SmartScan, Web Reputation Service, Behavior Monitoring, and Smart Feedback offer the best protection against Carbanak by detecting the malicious files.
• Worry-Free Business Security/Services (WFBS/WFBS-SVC) is also equipped with technologies to detect and remove Carbanak in the machine or network 

Mail Scanning Solution

Email played a big part in the delivery of Carbanak, making it an important vector to protect from attackers. 

• Trend Micro Hosted Email Security offers technologies such as the connection-level and content-based reputation filtering, designed best to block threats that arrive via email.
• Trend Micro InterScan Messaging Security Virtual Appliance leverages the Trend Micro Advanced Threat Scan Engine in order to detect document exploits such as the ones used in this attack.