Hector Diaz:<\/strong> \u00a0Based on the information that we collect through our Global Threat Intelligence Network, after three quarters of decline, the number of new malware samples (worldwide) resumed its ascent in Q4 2015, with 42 million new malicious hashes discovered, 10% more than in Q3 and the second highest on record. The growth in Q4 was driven, in part, by 2.3 million new mobile threats, 1 million more than in Q3.<\/p>\n
An important percentage of these types of threats are prevalent in the Caribbean region, especially:<\/p>\n
- \n
- Ransomware:<\/strong> based on the concept of encrypting personal\/important information, we have seen a 26% increase in new ransomware samples in Q4 2015. The reason? Opensource ransomware code (for example, Hidden Tear, EDA2) and ransomware-as-a-service (Ransom32, Encryptor) make it simpler to create successful attacks. TeslaCrypt and CryptoWall 3 campaigns also continue, making this the main concern of Caribbean Organizations and probably one of the threats that keep security admins up at night.<\/li>\n<\/ul>\n
![\"Figure1:](\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2016\/05\/New-and-Total-Ransonware-in-2014-and-2015-Source-McAfee.png?resize=460%2C860\")
Figure1: New and Total Ransonware in 2014 and 2015 (Source McAfee Labs)<\/p><\/div>\n
- \n
- Macro malware:<\/strong> a relic of the 1990s that is now seeing a resurgence due to the continued use of macros by enterprises coupled with the increased sophistication of social engineering attacks that are propagating new, stealthier macro malware. A macro is a shortcut used to automate a frequently performed task. It is a piece of code embedded inside a document\u2014typically a Microsoft Office document\u2014and is usually written in the programming language Visual Basic for Applications. When a macro is recorded, it is actually generating a program in Visual Basic for Applications. Today\u2019s macro malware attackers primarily leverage phishing email attachments, as well as spam campaigns, compromised web pages, and drive-by downloads to distribute their malware. These techniques are now far more sophisticated than they were in the 1990s, when macro malware first emerged. It has become quite difficult for users to spot these campaigns because they are targeted, short lived, and contain carefully designed attachments that avoid detection.<\/li>\n<\/ul>\n
![\"Figure](\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2016\/05\/New-Macro-Malware-in-2014-and-2015-Source-McAfee.png?resize=460%2C323\")
Figure 2: New Macro Malware in 2014 and 2015 (Source McAfee Labs)<\/p><\/div>\n
- \n
- Mobile:\u00a0<\/strong> with the rising adoption of Smartphones, tablets and other connected devices, in the Caribbean region, we have seen a 72% increase in new mobile malware samples (Android-oriented).. We believe that Google\u2019s August 2015 notification that it would release monthly updates to its Android mobile operating system forced malware authors to develop new malware more frequently in response to the enhanced security in each monthly release of the operating system.<\/li>\n<\/ul>\n
![\"Figure](\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2016\/05\/New-and-Total-Mobile-Malware-in-2014-and-2015-Source-McAfee.png?resize=460%2C805\")
Figure 3: New and Total Mobile Malware in 2014 and 2015 (Source McAfee Labs)<\/p><\/div>\n
- \n
- Insider Threat:<\/strong> continues to be one of the most important in the threat landscape. With the adoption and evolution in the way we compute, datacenters and users are no longer the same closed structures as in the past. Today we need to face that a company\u2019s information is either virtualized, residing in the cloud or moving around multiple types of devices that are often not inside a company\u2019s premises. Visibility, control and situational awareness are three key areas where Security administrators are investing a lot of time and effort.<\/li>\n
- Skills shortage:<\/strong> and last, but not least, companies facing this computational evolution along with the increased complexity of the threat landscape have a growing interest on what is being done to protect and defend their top non-human asset: information. Support for growth in cybersecurity staffing is here; the problem is that the pool of skilled cybersecurity talent is facing a drought in the region. It is very common to have very limited human resources dedicated to cybersecurity (if at all companies have people specifically assigned to those duties). We have to admit that most companies are working to change this situation. In addition, about half of companies are immature in their security operations and 86% are driving to evolve and mature their security solutions.<\/li>\n<\/ul>\n
![\"Figure](\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2016\/05\/2016-Cybersecurity-Skills-Gap-Source-ISACA.png?resize=975%2C527\")
Figure 4: 2016 Cybersecurity Skills Gap Infographic (Source ISACA)<\/p><\/div>\n
ICTP: \u00a0<\/strong>How has the threat landscape changed over the past two years? Are there any particular areas of concern that you have for Caribbean organisations?<\/h4>\n
HD: \u00a0<\/strong>The increase in the amount and complexity of the computing services that companies are offering to the public or for internal consumption, think about, Internet Banking, ATMs that can now receive deposits, Mobile apps, cloud services for multiple purposes, virtualization and the mobile worker that can connect and compute everywhere is causing concern on the level of effectiveness that the ICT teams may have in the event of an incident.<\/p>\n
An overwhelming volume of malware is reaching endpoint systems, especially when they travel off-network. New and emerging threats, specifically designed to get past traditional security (AV, firewall, URL filtering \u00a0etc.) defences, result in a hectic and reactive \u201cfirefighting\u201d IT security environment that pulls IT security resources away from more strategic activities.<\/p>\n
IT security wants to reduce the number of resources needed to manually piece together data for investigations and thus improve response times. If we think about it for a second, most companies have invested responsibly in capabilities, aligned against threats\/risk, yet they have little sustainable advantage over adversaries. They\u2019ve got all the right countermeasures, but the friction and fragmentation they are required to overcome is leaving the combat ineffective.<\/p>\n
Based on this reality, one area where this challenge is very visible is in incident response \u2013 Security teams are overwhelmed in a constant state of firefighting \u2013 exceeding their capacity. This is why many organisations are shifting their investments from primarily protection to a balance across protection, detection, and correction. We can think of Incident Response as a funnel with events entering at one end and over time, ultimately being eliminated at the other. Through this funnel we have the 3 stages of threat mitigation: protect, detect and correct.<\/p>\n
- \n
- Protect: Do their best to prevent incidents \u2013 zero-days, insider threats, and targeted attacks — from happening.<\/li>\n
- Detect: Identify important events and true incidents as quickly as possible.<\/li>\n
- Correct: Respond quickly and fully, limiting damage.<\/li>\n<\/ul>\n
I personally think that this new \u201cmindset\u201d is what drives most companies this year.<\/p>\n
ICTP: \u00a0<\/strong>At the CARICOM\/regional level, there has been a growing awareness of cybercrime and cybersecurity, and calls by leaders that something be done. In your opinion, has there been any improvement in the cybersecurity-associated resources or support structures in the region? What might still be missing?<\/h4>\n
HD:<\/strong> As you know, at a government\/law level, things take time and require consensus. Last march, CARICOM had a regional cybersecurity meeting that attracted a number of experts from Interpol, FBI and some other technology actors.<\/p>\n
We have also seen a number of efforts across the region to promote Cybersecurity at the state level with multiple initiatives and we as intel Security have participated in several meetings where IT security is a top priority.<\/p>\n
<\/p>\n
Part 2 of our Q&A session with Hector Diaz\u00a0of Intel Security Caribbean will be published on 13 May 2016.<\/strong><\/p>\n
In the meantime, do you\u00a0have any questions of comments? Please share them below.<\/strong><\/p>\n
<\/p>\n
Image\u00a0credits: \u00a0www.perspecsys.com<\/a><\/p>\n
______________<\/p>\n","protected":false},"excerpt":{"rendered":"
- Mobile:\u00a0<\/strong> with the rising adoption of Smartphones, tablets and other connected devices, in the Caribbean region, we have seen a 72% increase in new mobile malware samples (Android-oriented).. We believe that Google\u2019s August 2015 notification that it would release monthly updates to its Android mobile operating system forced malware authors to develop new malware more frequently in response to the enhanced security in each monthly release of the operating system.<\/li>\n<\/ul>\n
- Macro malware:<\/strong> a relic of the 1990s that is now seeing a resurgence due to the continued use of macros by enterprises coupled with the increased sophistication of social engineering attacks that are propagating new, stealthier macro malware. A macro is a shortcut used to automate a frequently performed task. It is a piece of code embedded inside a document\u2014typically a Microsoft Office document\u2014and is usually written in the programming language Visual Basic for Applications. When a macro is recorded, it is actually generating a program in Visual Basic for Applications. Today\u2019s macro malware attackers primarily leverage phishing email attachments, as well as spam campaigns, compromised web pages, and drive-by downloads to distribute their malware. These techniques are now far more sophisticated than they were in the 1990s, when macro malware first emerged. It has become quite difficult for users to spot these campaigns because they are targeted, short lived, and contain carefully designed attachments that avoid detection.<\/li>\n<\/ul>\n