Trend Micro Security Predictions for 2015 and Beyond

THE INVISIBLE BECOMES VISIBLE Trend Micro Security Predictions for 2015 and Beyond

Distributed by:

A TrendLabsSM Report Trend Micro Legal Disclaimer

The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice.

Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.

Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.

ITU LEGAL NOTICE

The International Telecommunication Union (ITU) distributes the present publication as is and makes no representations or warranties of any kind, express, implied or otherwise concerning the publication, including without limitation warranties of title, ownership of intellectual property rights, merchantability, fitness for a particular purpose, noninfringement, accuracy or the absence of errors.

The name, abbreviation, title and logo of the ITU are the property of the ITU. All rights thereto are reserved. A decade ago, around 14 per cent of the world’s population was online. Technologies like mobile broadband were not well known. And the current version of smartphones, tablets and phablets were still just a dream in some designer’s eye.

By the end of this year, according to the latest ITU estimates, almost three billion people will be online, along with around 2.3 billion mobile broadband subscriptions.

Increased connectivity has inevitably brought with it greater risk, and a growing need to ensure trust and confidence in our networks. At ITU, we are relentlessly working on diverse initiatives to build a strong sustainable global movement to address cyberthreats.

Within the framework of our Global Cybersecurity Agenda and as part of our collaboration with Trend Micro, it gives me immense pleasure to present Trend Micro’s predictions for 2015, where certain elements will require our attention:

• Cyber threats may focus on bigger targets rather than individuals for bigger gains.

• Individuals and organizations should assume that all data revealed online could be accessed illegally. With this assumption, data revealed online should be limited to relevant ones and the application of security settings and use of cybersafe practices should be promoted.

• Awareness of threats is a must and so are ever-ready mitigation and remediation plans because no one is safe from compromise.

• As mobile infection will extend from installing malicious apps or visiting malicious websites to vulnerability exploitation in the devices, mobile device manufacturers and service providers should work more closely with one another to come up with scalable vulnerability-patching solutions to prevent infection and data theft.

• Better security analytics will become crucial to combat targeted attacks. Organizations should know what is normal for them and set this as a baseline when monitoring for threats.

• New threats specifically targeting mobile payment methods will emerge. Safe practices relating to near field communication (NFC) should be adopted by users and organizations that accept mobile payment should invest in relevant security solutions.

• With mass smartification through the expansion of the Internet of things and hyper-connectivity, cyberthreats can now target a wider attack base. It is thus vital that manufacturers of smart appliances have built in and tested security features.

This report provides us an essential insight into the near future as well as valuable assistance, both at the individual user level and at the business level, to investigate further and adopt safe practices, while advocating investment in relevant security analytics and technology.

Dr. Hamadoun Touré ITU Secretary-General PREDICTIONS

More cybercriminals will turn to darknets and exclusive-access forums to share and 1 | sell crimeware.

Increased cyber activity will translate to better, bigger, and more successful hacking 2 | tools and attempts.

Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device 3 | infection.

Targeted attacks will become as prevalent as 4 | cybercrime.

New mobile payment methods will 5 | introduce new threats.

We will see more attempts to exploit 6 | vulnerabilities in open source apps.

Technological diversity will save IoE/IoT devices from mass attacks but the same 7 | won’t be true for the data they process.

More severe online banking and other 8 | financially motivated threats will surface. More cybercriminals will turn to darknets and exclusive-access 1| forums to share and sell crimeware.

1 2015 Security Predictions

Severals takedowns occurred this year, thanks credit card credentials11 has declined from US$3 to collaborative public-private partnerships in 2011 to US$1 in 2013. Compromised account and efforts. Trend Micro particularly aided in credential prices have also dropped in the Russian disrupting GameOver1 operations despite the underground12. Stolen Facebook credentials that malware’s resilience to takedown. We also provided cost US$200 in 2011 only cost US$100 in 2013 threat intelligence and research findings to law while Gmail™ account credentials that were sold enforcers, halting Citadel-related2 attacks against for US$117 in 2011 were only sold for US$100 Japanese banks and contributing to the arrest of in 2013. As more and more players enter the James Bayliss (Jam3s), Aleksandr Andreevich cybercriminal underground economy, ware prices Panin (Gribodemon), and Hamza Bendelladj (bx1)3 will continue to decline. Before long, getting the who ran several SpyEye command-and-control greatest number of customers will depend on (C&C) servers. These developments, however, who can assure that buyers won’t be caught red- will make anonymity a crucial requirement in handed. Sellers will be pushed to go even deeper committing cybercrime since security researchers underground, particularly into the deep recesses of and law enforcers now have quick access to the the Web. underground. Case in point―the celebrity photos tied to the iCloud®4 hack that were first leaked on US$10 Reddit and 4chan ended up on the Deep Web5 as well. 6 5 5 6 Leveraging the Deep Web and darknet services 4 4 or using untraceable and anonymous peer-to- peer (P2P) networks like Tor, I2P, and Freenet to 1 exchange and sell tools and services is no longer 0 AUS CAN GER UK USA new. We’ve seen cybercriminals use rogue top- 2011 2012 2013 level domains (TLDs) as alternative domains to further cloak underground markets like Silk Road7, which was shut down by the Federal Bureau of A comparison of the prices of stolen credit card credentials Investigation (FBI) after two-and-a-half years of from various countries in the Russian underground operation. revealed a declining trend from 2011 to 2013.

We’ve also seen cybercriminals adopt targeted As the bad guys move deeper into the Web, attack techniques8 to better evade detection, security firms and law enforcers need to extend 9 just as we predicted in 2013. In Africa , this was their reach as well to cover the Deep Web and manifested by the exploitation of vulnerabilities darknet services. This will require greater effort normally associated with targeted attacks via the and investment. Public-private partnerships will distribution of typical cybercrime malware like be needed more than ever to disrupt and take ZeuS. Cybercriminals are also increasingly using down cybercriminal operations. Security firms remote access tools (RAT) like BlackShades10 in should continue to provide threat intelligence to attacks. help law enforcers catch perpetrators. Lawmakers It does not help that the prices of malicious worldwide, meanwhile, need to agree on what wares in underground markets are decreasing as constitutes cybercrime to aid enforcers, regardless supplies increase. The average price of stolen U.S. of jurisdiction, to bring bad guys to justice.

2 Increased cyber activity will translate to better, bigger, 2| and more successful hacking tools and attempts.

3 2015 Security Predictions

The constant growth of cyber activities13 worldwide Though majority of breaches result from external means that individuals and organizations alike will attacks, some, like the Amtrak18 breach, are continue to succumb to online threats and attacks. caused by insider threats. Reports revealed that an Cybercriminals will, however, set their sights on Amtrak employee has been selling rail passengers’ bigger targets rather than on individuals, as this personally identifiable information (PII) for two translates to bigger gains. decades before getting found out.

We’ve seen cybercriminals use point-of-sale (PoS) That said, individuals and organizations alike will RAM scrapers14 to steal millions of customer do well to assume that all of the data they reveal data records from some of the biggest retailers online will land in cybercriminals’ hands. We’ll worldwide. Before 2013 ended, Target15 lost see two or more major data breach incidents each the credit card information of 70 million of its month. Banks and financial institutions, along with customers to cybercriminals in a PoS malware customer data holders, will always be attractive attack. Target wasn’t alone, however, as other breach targets. As a result, we will continue to see organizations like P.F. Chang’s suffered the same changes in victims’ upper management19 every fate. And months before 2014 is set to end, Home time they succumb to attacks. Depot16 took Target’s place as the biggest breach So how should organizations and individuals victim17 to date. The breached organizations lost respond? It’s best to assume compromise. customer data, which damaged their brands and Individuals should regularly change passwords cost them dearly. while organizations should constantly monitor

800 their networks for all kinds of threats and exploitable vulnerabilities. 614 606* Waiting for solutions like more secure payment systems20 and legal sanctions, though already 473 421 in the works, is no longer enough. Awareness of 400 threats is a must and so are ever-ready mitigation and remediation plans because no one is safe from compromise.

0 2011 2012 2013 2014 *As of October 2014

The number of recorded cyber attacks against all sorts of organizations that handle customer data has been steadily increasing from 2011 to the present. http://www.idtheftcenter.org/images/ breach/20052013UPDATEDSummary.jpg

4 Exploit kits will target Android, as mobile vulnerabilities play a 3| bigger role in device infection.

5 2015 Security Predictions

Apart from twice the current number of their systems and software. Bad guys can point Android™ threats foreseen in 2015, the number vulnerable device users to malicious websites, for of vulnerabilities in mobile devices, platforms, and instance. Successful exploitation can then give apps will pose more serious security risks. Data them access to any or all of the information stored stored in mobile devices will land in cybercriminals’ in affected devices. Worse, because exploit kits are hands for use in attacks or selling underground. known for affecting multiple platforms, should such a kit be made to target even mobile devices, who’s to say that the threats infected smartphones 8M 8M carry won’t spread to any device they have access to?

A steady rise in the number of mobile banking

4M malware will be seen as well. Earlier this year, 4M we saw the cybercriminals behind Operational Emmental26 prod a European bank’s customers to 1.4M install a malicious Android app to gain access to 350K their accounts. We will see more such attacks amid 0 2012 2013 2014 2015 the rise in mobile banking popularity.

The Android threat volume has steadily been Traditional computer threats like ransomware and increasing since 2012. We are likely to see the 2014 total to double in 2015. tactics like darknet service use will also figure in the mobile landscape. We already saw the first mobile The vulnerabilities we’ve seen so far did not only ransomware27 in the form of REVETON rear its reside on devices21 but also on platforms and apps. ugly head this year, along with another malware Platform threats like the master key vulnerability22 that used Tor28 to better evade detection. allowed cybercrooks to replace legitimate apps with fake or malicious versions. When exploited, Installing malicious apps and visiting malicious a certain Chinese third-party payment app websites will no longer be the sole mobile infection vulnerability23, meanwhile, allowed bad guys to vectors. Vulnerability exploitation across platforms phish information from infected devices. will become even bigger mobile threats. Security vendors should extend vulnerability shielding We will see mobile attackers use tools similar to the and exploit-prevention technologies to include Blackhole Exploit Kit (BHEK) to take advantage of protection for mobile devices. Finally, mobile problems like Android OS fragmentation24. The device manufacturers and service providers should success of BHEK25 and similar tools in infecting work more closely with one another to come up computers running different OSs will serve with scalable vulnerability-patching solutions to cybercrooks well in attacking Android devices since prevent infection and data theft. most users either don’t or can’t regularly update

6 4| Targeted attacks will become as prevalent as cybercrime.

7 2015 Security Predictions

Successful high-profile and widely talked-about or Russia. We’ve seen such attacks originate from targeted attack campaigns led to the realization other countries like Vietnam, India, and the United that cyber attacks are effective means to gather Kingdom. We’ve seen threat actors set their sights intelligence. Targeted attacks will no longer just on countries like Indonesia and Malaysia as well. be associated with countries like the United States

Taiwan 46% Japan 20% United States 12% Indonesia 11% China 8% India 6% Malaysia 4% Bangladesh 2% Philippines 2% Canada 2% Others 13%

Unusual country targets like Indonesia, India, and Malaysia figured in the targeted attack landscape in the first half of 2014.

In the next few years, we will see even more they’re safe from future attacks. Threat actors can diverse attack origins and targets. Threat actors’ still use them to get to even bigger targets, likely motivations will continue to vary. They will, their partners or customers. however, continue to go after top-secret government The demand for portable or proxy in-the-cloud data, financial information, intellectual property, solutions that offer self-defense for security risks industry blueprints, and the like. will rise. The popularity of network solutions such Although majority of targeted attacks seen to date as firewalls and unified threat management (UTM) are initiated by spear-phishing emails or watering software, meanwhile, will decline. Better security hole tactics, social media will increasingly be analytics will become crucial to combat targeted abused as infection vectors in the future. Threat attacks. Organizations should know what is normal actors will also explore the viability of exploiting for them and set this as a baseline when monitoring router vulnerabilities as a means of getting in to for threats. Network visualization and heuristic target networks. Organizations that have been or behavior detection will also help them avoid targeted in the past should not be complacent. Just becoming victims. Traditional or conventional because they’ve been breached before doesn’t mean security technologies will no longer be sufficient.

8 New mobile payment methods 5| will introduce new threats.

9 2015 Security Predictions

The recent iPhone® 6 release came with the card information, cybercriminals used the latest introduction of Apple’s version of digital payment― iPhone models32 as social engineering bait two Apple Pay™. This, along with the increasing use of months before they were even launched. It’s safe Google Wallet™ and other similar payment modes to assume that as early as now, the bad guys are will act as catalyst for mobile payment to become already looking for vulnerabilities to exploit in mainstream. We will see new threats specifically Apple Pay. They will continue to scrutinize NFC as target mobile payment platforms in the next few well. months akin to the Android FakeID vulnerability29, To stay safe from emerging threats, users would do which allowed cybercriminals to steal affected well to practice safe computing habits, particularly users’ Google Wallet credentials. those related to NFC use. Individuals who use This year, apps like WeChat30 also started allowing NFC readers via their mobile devices should users to purchase goods sold by certain retailers turn these off when they’re not in use. Locking with so-called “credits.” If this becomes big, we will their devices will help them avoid becoming a see cybercriminals take advantage of vulnerabilities cybercrime victim. Organizations that accept in similar apps to steal money from users. mobile payments, meanwhile, should install and use security solutions that protect from NFC- Although we have yet to see actual attacks and related and similar security threats. attempts to breach the Apple Pay31 ecosystem comprising NFC and Passbook, which holds users’

10 We will see 6| more attempts to exploit vulnerabilities in open source apps.

11 2015 Security Predictions

Vulnerabilities in open source protocols like Attackers will continue their search for seemingly Heartbleed33 and command processors like dormant vulnerabilities like Heartbleed and Shellshock34 that remained undetected for years Shellshock in the coming years. They will keep tabs were heavily exploited this year, leading to serious on oft-forgotten platforms, protocols, and software repercussions. Just hours after the initial discovery and rely on irresponsible coding practices to get to of Shellshock, we saw several malware payloads35 their targets. As in 201339, we will see even more in the wild. Distributed denial-of-service (DDoS) injection, cross-site-scripting (XSS), and other attacks and Internet Relay Chat (IRC) bots36 attacks against Web apps to steal confidential related to the vulnerability’s exploitation, which information. Attacks such as that on JPMorgan can disrupt business operations, were also Chase & Co.40, which put over 70 million customers’ spotted. More than Web surface attacks, however, personal data at risk, will continue to surface. Shellshock also put users of all Linux-based37 OSs Continuous security improvements in Microsoft™ and apps, which depended on protocols like HTTP, Windows® and other big-name OSs will lead to File Transfer Protocol (FTP), and Dynamic Host a decline in their number of vulnerabilities. This Configuration Protocol (DHCP) at risk. will push attackers to instead focus on finding Shellshock reminded the World Wide Web of vulnerabilities in open source platforms and Heartbleed, which put a lot of websites and mobile apps such as Open SSL v3 as well as OS kernels. apps that used Open SSL at risk earlier this year. A Individuals and organizations can, however, stay quick scan of the top 1 million TLDs according to protected by regularly patching and updating Alexa38, in fact, revealed that 5% were vulnerable their systems and software. Organizations are to Heartbleed. When exploited, Heartbleed allows also advised to invest in more intelligence-based attackers to read parts of affected computers’ security solutions backed by trusted global threat memory, which may contain confidential information sources, which can thwart exploitation information. attempts even if patches for vulnerabilities have yet to be issued.

12 Technological diversity will 7| save IoE/IoT devices from mass attacks but the same won’t be true for the data they process.

13 2015 Security Predictions

Attackers will find IoE/IoT devices viable attack Since IoE/IoT devices remain too diverse and a targets because of the endless possibilities their “killer app” has yet to emerge, bad guys will not be use presents. We are bound to see greater adoption able to truly launch attacks against them. Attackers of smart devices like smart cameras and TVs in are more likely to go after the data that resides the next few years, along with attacks against in these devices. In 2015, we expect attackers their users. As factors like market pressure41 push to hack smart device makers’ databases to steal device manufacturers to launch more and more information for traditional cyber attacks. smart devices sans security in mind to meet the Later on, however, aided by the formation of the rising demand, so will attackers increasingly find Open Interconnect Consortium (IOC)43 and the vulnerabilities to exploit for their own gain. launch of HomeKit44, we expect a shift in tides, as Despite mass smartification, however, the first common protocols and platforms slowly emerge. attacks we’ll see on smart appliances as well as As attackers begin to better understand the IoE/ wearable and other IoE/IoT devices will not be IoT ecosystem, they will employ scarier tactics financially motivated. They will be more whitehat akin to ransomware and scareware to extort hacks to highlight security risks and weaknesses money from or blackmail device users. They can, so manufacturers can improve their products, for instance, hold smart car drivers45 hostage until particularly the way they handle data. If and when they pay up when said vehicles officially hit the these devices are hacked for purposes other than road come 2015. As such, smart car manufacturers to bring vulnerabilities to light, cybercriminals will should incorporate network segmentation in their likely launch sniffer, denial-of-service (DoS), and smart car designs to adequately shield users from man-in-the middle (MiTM) attacks42. such threats.

14 8| More severe online banking and other financially motivated threats will surface.

15 2015 Security Predictions

Weak security practices even in developed countries In the next few years, cybercriminals will no longer like the United States such as not enforcing the just launch financially motivated threats against use of two-factor authentication and adoption of computer users, they will increasingly go after chip-and-pin technology will contribute to the rise mobile device users as well. They are likely to in online banking and other financially motivated use fake apps and Domain Name System (DNS) threats. changers and launch mobile phishing50 attacks similar to those we’ve already seen in the past. We’ve seen the online banking malware They won’t stop at just gaining access to victims’ volume steadily rise throughout the first half of online banking accounts, they will even go so 201446, 47. Apart from data-stealing ZeuS malware, far as stealing their identities51. And to come up VAWTRAK48 also affected a multitude of with even stealthier mobile threats, we will see online banking customers specifically in Japan, the emergence of packers akin to those used on contributing to the overall volume growth in the computer malware. second quarter of the year. Complex operations like Emmental49, which proved that even the The success of targeted attacks in obtaining user two-factor authentication measures that banks data will also inspire cybercriminals to better employed could be flawed, also figured in the employ reconnaissance to make more money from threat landscape. their malicious schemes. Cybercrooks will use proven targeted attack methodologies for short- selling and front-running schemes. 140K 137K The growing risks online banking threats pose should motivate individuals and organizations 112K 102K alike to use the two-factor authentication measures and hardware or session tokens that banks and 70K other financial institutions provide. Payment card providers in the United States and other countries, meanwhile, should put data security at the forefront by making the use of chip-and-PIN cards and PoS terminals mandatory, especially amid the breaches 0 1Q 2Q 3Q hitting big-name companies left and right.

We continued to see a steady rise in the online banking malware volume throughout the first half of 2014.

16 REFERENCES

1. Lord Alfred Remorin. (June 2, 2014). TrendLabs Security Intelligence Blog. “GameOver: ZeuS with P2P Functionality Disrupted.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with- p2p-functionality-disrupted/.

2. Trend Micro Incorporated. (September 2, 2014). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets Japan Users.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a- comeback-targets-japan-users/.

3. Trend Micro Incorporated. (May 22, 2014). TrendLabs Security Intelligence Blog. “SpyEye-Using Cybercriminal Arrested in Britain.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/spyeye-using- cybercriminal-arrested-in-britain/.

4. Arabelle Mae Ebora. (September 3, 2014). TrendLabs Secuirty Intelligence Blog. “iCloud Hacking Leak Now Being Used as Social Engineering Lure.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/icloud-hacking- leak-now-being-used-as-social-engineering-lure/.

5. Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle. (2013). Trend Micro Security Intelligence. “Deep Web and Cybercrime: It’s Not All About Tor.” Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/ pdfs/security-intelligence/white-papers/wp-deepweb-and-cybercrime.pdf.

6. Wikimedia Foundation Inc. (October 5, 2014). Wikipedia. “Darknet (File Sharing).” Last accessed October 13, 2014, http:// en.wikipedia.org/wiki/Darknet_(file_sharing).

7. Robert McArdle. (October 3, 2013). TrendLabs Security Intelligence Blog. “Deep Web and Cybercrime―It Is Not Just the Silk Road.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/deepweb-and-cybercrime-it- is-not-just-the-silk-road/.

8. Trend Micro Incorporated. (2013). Threat Encyclopedia. “Blurring Boundaries: Trend Micro Security Predictions for 2014 and Beyond.” Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/security-predictions/2014/blurring- boundaries/.

9. Trend Micro Incorporated. (August 11, 2014). TrendLabs Security Intelligence Blog. “Checking in on Africa: The Latest Developments in Cybercrime.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ checking-in-on-africa-the-latest-developments-in-cybercrime/.

10. Rhena Inocencio. (May 26, 2014). TrendLabs Security Intelligence Blog. “The BlackShades RAT―Entry-Level Cybercrime.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-level- cybercrime/.

11. Trend Micro Incorporated. (April 28, 2014). TrendLabs Security Intelligence Blog. “The Russian Underground, Revisited.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-underground-revisited/.

12. Max Goncharov. (2014). Trend Micro Security Intelligence. “Russian Underground Revisited.” Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf.

13. Ahmad Mukaram. (June 10, 2014). Recorded Future. “Cyberthreat Landscape: Forecast.” Last accessed October 13, 2014, https://www.recordedfuture.com/cyber-threat-landscape-forecast/.

14. Numaan Huq. (September 11, 2014). TrendLabs Security Intelligence Blog. “2014―An Explosion of Data Breaches and PoS RAM Scrapers.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of- data-breaches-and-pos-ram-scrapers/.

15. Gregory Wallace. (May 5, 2014). CNN Money. “Timeline: Retail Cyber Attacks Hit Millions.” Last accessed October 13, 2014, http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/.

16. Jonathan Leopando. (September 9, 2014). TrendLabs Security Intelligence Blog. “Home Depot Breach Linked to BlackPOS Malware.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breach- linked-to-blackpos-malware/. 17. Trend Micro Incorporated. (2014). Threat Encyclopedia. “Home Depot Confirms Breach of U.S. and Canada Stores, Reported to Be Largest in Record.” Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/special-reports/data-breach/ home-depot-confirms-breach-of-us-and-canada-stores/index.html.

18. Masayoshi Someya. (August 18, 2014). TrendLabs Security Intelligence Blog. “Risks from Within: Learning from the Amtrak Breach.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/risks-from-within- learning-from-the-amtrak-data-breach/.

19. Clare O’Connor. (May 5, 2014). Forbes. “Target CEO Gregg Steinhafel Resigns in Data Breach Fallout.” Last accessed October 13, 2014, http://www.forbes.com/sites/clareoconnor/2014/05/05/target-ceo-gregg-steinhafel-resigns-in-wake-of-data-breach- fallout/.

20. Tracy Kitten. (June 18, 2014). Bank Info Security. “Revamping the U.S. Payments System: Security, Faster Payments Key to Fed’s 5-Year Plan.” Last accessed October 13, 2014, http://www.bankinfosecurity.com/interviews/feds-role-in-future- payments-i-2346/op-1.

21. Scott Webster. (March 7, 2013). CNET. “Security Bug Found for Samsung Galaxy S3.” Last accessed October 13, 2014, http://www.cnet.com/news/security-bug-found-for-samsung-galaxy-s3/.

22. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile Threats.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilities- the-other-side-of-mobile-threats/.

23. Weichao Sun. (July 29, 2014). TrendLabs Security Intelligence Blog. “Vulnerabilities in Alipay Android App Fixed.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-in-alipay-android-app-fixed/.

24. Ryan Certeza. (May 31, 2014). TrendLabs Security Intelligence Blog. “The Android Fragmentation Problem.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-android-fragmentation-problem/.

25. Jon Oliver. (July 31, 2013). TrendLabs Security Intelligence Blog. “The Current State of the Blackhole Exploit Kit.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-current-state-of-the-blackhole-exploit-kit/.

26. David Sancho. (July 22, 2014). TrendLabs Security Intelligence Blog. “Finding Holes in Banking Security: Operation Emmental.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/finding-holes-operation-emmental/.

27. Abigail Pichel. (May 26, 2014). TrendLabs Security Intelligence Blog. “Ransomware Moves to Mobile.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-moves-to-mobile/.

28. Weichao Sun. (June 17, 2014). TrendLabs Security Intelligence Blog. “Android Ransomware Uses Tor.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/.

29. Simon Huang. (August 12, 2014). TrendLabs Security Intelligence Blog. “The Dangers of the Android FakeID Vulnerability.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-dangers-of-the-android-fakeid- vulnerability/.

30. Steven Millward. (March 5, 2014). Tech in Asia. “Starting Today, Chinese Consumers Will Be Able to Buy Almost Anything Inside WeChat.” Last accessed October 13, 2014, http://www.techinasia.com/wechat-adds-payment-support-for-brands-and-retailers/.

31. Warren Tsai. (September 25, 2014). TrendLabs Security Intelligence Blog. “Apple Pay: Introducing (Secure) Mobile Payments?” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/apple-pay-introducing-secure- mobile-payments/.

32. Johnliz Ortiz. (July 7, 2014). TrendLabs Security Intelligence Blog. “iPhone 6 Rumors Spur Scams.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-6-rumors-spur-scams/.

33. Pawan Kinger. (April 8, 2014). TrendLabs Security Intelligence Blog. “Skipping a Heartbeat: The Analysis of the Heartbleed Open SSL Vulnerability.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/skipping- a-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/.

34. Pavan Thorat and Pawan Kinger. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability Leads to Shellshock: What It Is, How It Affects You.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security- intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/. 35. Trend Micro Incorporated. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs- security-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/.

36. Trend Micro Incorporated. (September 26, 2014). TrendLabs Security Intelligence Blog. “Shellshock―How Bad Can It Get?” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/.

37. Trend Micro Incorporated. (2014). Threat Encyclopedia. “About the Shellshock Vulnerability: The Basics of the ‘Bash Bug.’” Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-shellshock- vulnerability-bash-bug.

38. Maxim Goncharov. (April 10, 2014). TrendLabs Security Intelligence Blog. “Heartbleed Vulnerability Affects 5% of Select Top- Level Domains from Top 1M.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ heartbleed-vulnerability-affects-5-of-top-1-million-websites/.

39. OWASP Foundation. (August 26, 2014). OWASP. “Top 10 2013―Top 10.” Last accessed October 13, 2014, https://www.owasp. org/index.php/Top_10_2013-Top_10.

40. United States Securities and Exchange Commission. (October 2, 2014). “Form 8-K: JPMorgan Chase & Co.” Last accessed October 13, 2014, http://investor.shareholder.com/JPMorganChase/secfiling.cfm?filingID=1193125-14-362173.

41. Geoff Grindrod. (June 16, 2014). TrendLabs Security Intelligence Blog. “The Smartification of the Home, Part 1.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-smartification-of-the-home-part-1/.

42. David Sancho. (September 4, 2014). TrendLabs Security Intelligence Blog. “The Security Implications of Wearables, Part 1.” Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-security-implications-of-wearables- part-1/.

43. Open Interconnect Consortium Inc. (2014). Open Interconnect Consortium. “About Us.” Last accessed October 13, 2014, http://openinterconnect.org/about/.

44. Apple Inc. (2014). Apple Developer. “HomeKit.” Last accessed October 13, 2014, https://developer.apple.com/homekit/.

45. Trend Micro Incorporated. (2014). Threat Encyclopedia. “The Internet of Everything: Layers, Protocols and Possible Attacks.” Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/internet-of-everything/ioe-layers- protocols-and-possible-attacks.

46. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the Unexpected.” Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrime- hits-the-unexpected/.

47. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks.” Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/2Q/turning-the- tables-on-cyber-attacks/.

48. Trend Micro Incorporated. (2014). Threat Encyclopedia. “VAWTRAK Plagues Users in Japan.” Last accessed October 14, 2014, http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack//3141/vawtrak-plagues-users-in-japan.

49. David Sancho, Feike Hacquebord, and Rainer Link. (2014). Trend Micro Security Intelligence. “Finding Holes: Operation Emmental.” Last accessed October 14, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white- papers/wp-finding-holes-operation-emmental.pdf.

50. Paul Pajares. (February 21, 2012). TrendLabs Security Intelligence Blog. “When Phishing Goes Mobile.” Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/when-phishing-goes-mobile/.

51. Arabelle Mae Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attacks Ask for Government IDs.” Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asks- for-users-government-ids/. Created by:

Global Technical Support & R&D Center of TREND MICRO

Trend Micro Incorporated, a global leader in security software and solutions, strives to make the world safe for exchanging digital information. For more information, visit www.trendmicro.com.

©2014 Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.