2014 Threat Predictions
Detecting & Defending Against Targeted Attacks
Simon Smith
Senior Solutions Architect, Trend Micro
3/12/2014
Confidential
| Copyright 2013 Trend Micro Inc.
Copyright
2014 Trend Micro
Inc.
Trend Micro:
The largest independent security provider
25 Years of Innovation
96% of the top
100%
of the
top 10 automotive
companies.
50 global
corporations.
Copyright 2014 Trend Micro Inc.
36 Offices Worldwide
5,000 Employees
100% of the
top 10 telecom
companies.
•
Server Security Market Share
•
Virtualization Security Market Leader
•
Cloud Security Market Share
80% of the top
10 banks.
$1.2B USD Revenue
90% of the top
10 oil companies.
GLOBAL THREAT INTELLIGENCE
Via agents, community, customers, threat researchers and more
URLS
FILES
VULNERABILI TIES
Collects
C&C
Identifies
HONEY POTS
Protects
Copyright 2014 Trend Micro Inc.
MOBILE/APPS
IP ADD R ES SE S
DOMAINS
NETWORK
TRAFFIC
T HREAT - ACT O RS
EXPLOIT KITS
FORWARD
THREAT
RESEARCH
Daily Stats:
o 15TB threat feeds
o 16+B threat queries
o 250M threats blocked
BLURRING BOUNDARIES
Trend Micro Security Predictions for 2014 and Beyond
What can we expect in the future?
2020.trendmicro.com
• Are the scenarios in “2020: The Series”
bound to happen?
• Who will own our data then?
• Who will secure our data?
More bugs will be exploited as vendors end support for
Java 6 and Windows XP.
Bad actors will use the Deep Web to drag law
enforcers into a global struggle.
Privacy will become bigger than the individual;
public distrust will ensue.
Targeted Attacks & Data Breaches
Cybercriminals will level up via
targeted attack methods.
• In 2014, cybercriminals will
increasingly use targetedattack-type methodologies
like open source research
and spear phishing.
• Attackers will still go
after the weakest link—
humans.
Bad actors will increasingly use clickjacking and
watering hole tactics, new exploits, and mobile threat
vectors.
• In 2014, attackers will give
special attention to software
that will no longer receive
vendor support.
• Alternately, email will no longer be the
sole attack vector of choice.
• The newest cybercriminal favorite 
Mobile devices
One major data breach will occur each month.
No organization will be safe from data breaches.
• Cybercriminals are getting more creative in monetizing data
(for instance, organizing the data so it’s more valuable).
Targeted Attacks: The New Norm
» 90% of breaches first discovered
by a third party
— Verizon 2012
Copyright 2014 Trend Micro Inc.
Cyber risk is a boardroom concern
Ponemon: Average cost of a targeted attack $8.9M
EMC: Cost of RSA breach $66M
Target : Cost has risen to $ 1 Billion
Verizon: 75% of attacks require little skill to execute
Copyright 2014 Trend Micro Inc.
How do you defend against a targeted attack?
Copyright 2014 Trend Micro Inc.
Attackers test and use every entry point & means
Mobile devices & PCs
Different OSs & Client Software
FTP
IRC
Evolving /
Morphing
Attacks
HTTP
Port 2056
Zero-day
Attacks
Dozens
of Ports
Known
Threats
Copyright 2014 Trend Micro Inc.
Hundreds
of protocols
Port 1145
Traditional Solutions
Will detect only a small subset of targeted attacks
GAPS
OSs &
Software
GAPS
AND
Protocols
Evolving
Attacks
GAPS
GAPS
Zero-Day
Attacks
Known
Threats
Require multiple
appliances
Ports
GAPS
GAPS
Copyright 2014 Trend Micro Inc.
Trend Micro Deep Discovery
Comprehensive 360o view of targeted attacks
24 Customizable
Sandboxes
87 Protocols
Evolving
Attacks
Unknown
Threats
Trend Micro
Deep Discovery
Known
Threats
Copyright 2014 Trend Micro Inc.
All Ports
From a single
appliance
Actionable Intelligence from Real-time monitoring
Copyright 2014 Trend Micro Inc.
Actionable Intelligence - Concentration of Attacks
Copyright 2014 Trend Micro Inc.
Actionable Intelligence – Timeline of Attacks
Copyright 2014 Trend Micro Inc.
Thanks
Copyright 2014 Trend Micro Inc.