On April 8, 2015, a major European media outlet experienced what is reported to have been an "extremely powerful" cyberattack. Investigations are ongoing with the affected party and the relevant authorities at the moment to precisely how and what happened to the events leading up to this incident and the attack itself.
Trend Micro’s threat research and response team is monitoring this event closely to ensure all our customers are well protected. In light of this situation, we want to take this opportunity to briefly reiterate to our customers and partners the real world dangers posed by these carefully crafted attacks and remind everyone to be diligent and steadfast in their defenses. Even though the original incident initially targeted a Paris-based company, the interconnected nature of today’s information driven businesses meant that not just local consumers and partners were affected, but had a decidedly global impact.
Trend Micro provides layered content security that interconnects mobile devices, endpoints, gateways, servers and the cloud. By layering interconnected solutions that share data you can protect your information, end users, data center, and cloud resources from data breaches and targeted attacks.
If you are not a regular visitor to Trend Micro’s website, we would like to invite you to take the opportunity to review some of our resources on Advanced Persistent Threats (APT) at http://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/targeted-attacks/.
One of the key aspects of APTs and other various targeted attacks is that the would-be infiltrators are looking for any material weakness or hole in an organization’s security perimeter and making a concerted effort to exploit them before they are identified and addressed. Once inside a network, several of these targeted attacks will use a variety of malware or other malicious tools and code to report back or “phone home” to a Command & Control (C&C) server located somewhere offsite.
On Trend Micro’s end, we are constantly adding newly discovered and known C&C IP information into our various Smart Protection Network technologies to help prevent or minimize damage from attacks that utilize this callback structure, either immediately or for a later planned event.
For our customers we recommend that, in addition to making sure that all of their anti-malware, security and other defenses are up-to-date and properly deployed, they take other proactive steps against hacking attacks, some of which are outlined at http://blog.trendmicro.com/trendlabs-security-intelligence/security-strategies-against-hacking-attacks/. Extra diligence should also be taken in daily tasks such as taking caution when clicking on URLs embedded in email, especially if you do not recognize or trust the originator.
As previously mentioned, we will continue to monitor the situation in Europe, and if and when we have some information as it pertains to specific protection mechanisms such as patterns and rules, we will publish the updates in this Knowledge Base article. This recent incident reminds us that our digital world is highly interconnected, not just in our local regions or municipalities, but around the globe. For now, we ask that all of our customer remain extra diligent.
Trend Micro’s experts are always available to discuss or assist customers with any questions or issues they may have around targeted attacks or malicious activity in general and encourage you to contact your authorized Trend Micro support representative for further assistance.