**TOKYO****,** **May 11, 2023** **/PRNewswire/ --** Trend Micro Incorporated (TYO: 4704;TSE: 4704), a global cybersecurity leader, today announced earnings results for the first quarter of fiscal year 2023, ending March 31, 2023 by reporting 16% year-over-year growth. 

Trend Micro's business resilience continues to be achieved by diversifying between both enterprise and consumer customers spanning more geographies than any pure play cybersecurity company. With a singular focus on cybersecurity, these results were powered by a customer base of over 500,000 organizations across more than 175 countries.  

As the growth engine for the company, the enterprise customer segment grew 20% YoY net sales at actual currency driven by a 9% increase in SaaS deployments globally. Enterprise ARR increased by 25% YoY totaling more than US $692 at the company's internal plan exchange rate. The company protects over 68 million enterprise assets at a growth rate of 29% YoY.

As the value engine for the company, Trend continued to invest in its consumer business growing across all geographies at 6% YoY net sales at actual currency.

"We too see the economy impacting markets and expect this to continue for the remainder of the year despite cybersecurity being identified as a critical priority," said Trend Micro CEO and co-founder Eva Chen. "Organizations worldwide are tightening budgets and prioritizing vendors who understand and ease the pressures of the security operations center. We proudly empower every organization to thrive in a world with less risk."

For this quarter, Trend Micro posted consolidated net sales of 58,704 million Yen (or US $443 million, 132.40 JPY \= 1USD). The company posted operating income of 9,548 million Yen (or US $72 million) and net income attributable to owners of the parent of 6,374 million Yen (or US $48 million) for the quarter.

The company will not revise expected consolidated results for the full fiscal year ending December 31, 2023 (released on February 16, 2023). Based on information currently available to the company, consolidated net sales for the year ending December 31, 2023 is expected to be 248,500 million Yen (or US $1,840 million, based on an exchange rate of 135 JPY \= 1 USD). Operating income and net income are expected to be 34,800 million Yen (or US $257 million) and 25,100 million Yen (or US $185 million), respectively.

**Key Business Updates in Q1 2023**

**Innovative**: Trend nurtures a culture of innovation to drive advancements across its cybersecurity platform.

*   Acquired SOC experts Anlyz to extend its orchestration, automation and integration capabilities for the Trend Vision One platform and empower Managed Security Service Providers to improve operational efficiencies, cost effectiveness and security outcomes.
*   Launched a new incubation project as a subsidiary of Trend Micro, focused on combating emerging threats in the private 5G networks.

**Trusted**: Trend is a trusted partner to the customers and communities that it serves.

*   Disclosed newest ransomware survey that revealed how decision makers can leverage operational changes to collectively help drive down ransomware profitability.
*   Announced that the Trend Micro Zero Day Initiative's (ZDI's) Pwn2Own bug bounty competition will add a contest to secure connected vehicle ecosystems.
*   Conducted two Pwn2Own competitions in Q1 which collectively awarded over US $1 Million to external researchers who discovered over 50 unique zero-days, including the first-time generative AI like ChatGPT was used to detect a vulnerability.

**Global**: Trend has the most geographically diverse customers in the industry, with millions of sensors powering the Trend Vision One platform for superior attack surface risk management.

*   Released a global study revealing that while global organizations plan to increase cybersecurity budgets in 2023, while business leaders hold conflicting views on functions.
*   Established a new research and development center in Bangalore, India, with more than 40 technical employees, expanding its worldwide engineering team of over 3000.

**New Patents Filed**

Trend Micro was awarded the following patents in Q1 2023:

**Notice Regarding Forward-Looking Statements**

Certain statements included in this press release that are not historical facts are forward-looking statements. Forward-looking statements are sometimes accompanied by words such as "believe," "may," "will," "estimate," "continue," "anticipate," "intend," "expect," "should," "would," "plan," "predict," "potential," "seem," "seek," "future," "outlook" and similar expressions that predict or indicate future events or trends or that are not statements of historical matters. These statements are based on our current expectations and beliefs and are subject to a number of factors and uncertainties that could cause actual results to differ materially from those described in the forward-looking statements. Although we believe that the expectations reflected in our forward-looking statements are reasonable, we do not know whether our expectations will prove correct. You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof, even if subsequently made available by us on our website or otherwise. We do not undertake any obligation to update, amend or clarify these forward-looking statements, whether as a result of new information, future events or otherwise, except as may be required under applicable securities laws.

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.trendmicro.com.

SOURCE Trend Micro Incorporated

Trend Micro Reports Consistent Earnings Results for Q1 2023

Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said.

Smashing Pumpkins front man Billy Corgan was on a recent podcast to promote the band's new album, and he told the hosts that a hacker stole several of the songs before the release and threatened to leak them without a payoff.

"A fan contacted me and said nine of the songs have leaked," Corgan told the Klein/Ally Show, according to CBS News. "This is like six months ago. And they were all probably the most catchy, singley type songs."

Corgan added he paid off the cybercriminal out of his own pocket. After Corgan contacted the FBI, the hacker was tracked down, he explained.

"What we were able to do was stop the leak from happening," Corgan added, "because it was a mercenary person who had hacked somebody — I don't want to say who, excuse me — and they had other stuff from other artists."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs

Data on more than 830K people exposed in the 2021 cyberattack.

The Korean National Police Agency (KNPA) has concluded that a cyberattack on Seoul National University Hospital (NSUH), one of the largest hospitals in the country, was the handiwork of North Korean hackers.

The attack occurred between May and June 2021.

The police report does not explicitly name any particular threat group, but it is believed that the Kimsuky group is responsible for the attack, according to South Korean media reports. Using seven servers based in multiple countries, including South Korea, the attackers infiltrated the hospital's internal network, leading to data exposure for 831,000 people, most of whom were patients.

After two years conducting analytical investigations to identify the threat actors, South Korean law enforcement stated they attributed the attack to North Korean hackers based on the intrusion techniques, website registration, the IP addresses linked to threat actors in that country, and the North Korean language and vocabulary used in the attack.

"We plan to actively respond to organized cyberattacks backed by national governments by mobilizing all our security capabilities," the KNPA stated in a press release, "and to firmly protect South Korea's cybersecurity by preventing additional damage through information sharing and collaboration with related agencies."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

North Korean Hackers Behind Hospital Data Breach in Seoul

Field programmable gate arrays are particularly useful for organizations that are embracing new edge computing devices and applications.

As 5G and the Open Radio Access Network (ORAN) accelerate the emergence of new edge computing devices and applications, there has been no shortage of new security challenges. Firmware attacks have proliferated in recent years, increased Internet of Things (IoT) device connections are expanding the network attack surface, and legacy network risks are still being exploited. Between these threats and rising compliance standards, network architects face mounting pressure to ensure their systems are not just secure but cyber resilient.

Cyber resiliency is the ability to continuously protect systems, detect threats, and recover from firmware attacks. As the network becomes more decentralized, its attack surface becomes larger and bad actors find more ways to exploit vulnerabilities. To achieve cyber resiliency, network architects are looking at root-of-trust (RoT) foundations and automating the cycle of protection, detection, and recovery functions on RoT components.

Field programmable gate arrays (FPGAs) have proved to be particularly useful to serve as a hardware root of trust (HRoT) device, given their inherent flexibility, small form factor, and low power consumption. These characteristics make FPGAs an ideal security engine not just for telecommunication vendors, but also for a variety of industries that are rapidly moving to the edge.

As the number of 5G IoT connections continues to increase, the importance of security, power efficiency, and overall system performance cannot be overstated. FPGAs are helping ensure a cyber resilient future in a variety of applications.

**Data Centers**

Similar to telecommunication hardware, data centers need to have proactive measures in place to protect their data if they are to be cyber resilient. They must be able to automatically detect threats and recover, yet they face the additional pressure of maintaining enough functionality to deliver on their service-level requirements. Platform firmware resiliency (PFR) provides the "protect, detect, recover" real-time cycle to do so, and it starts with leveraging an HRoT device, such as an FPGA.

FPGAs don't just detect whether malware is directly present or a system is actively under attack. Instead, they proactively monitor systems pre- and post-boot, which is vital because bad actors understand that this is when a system is most vulnerable. If an attack on firmware manages to be successful, flash devices on the FPGA can load a golden image of the authorized firmware, override the unauthorized version, and ensure recovery of the system.

Beyond their built-in cyber resilient features, FPGAs can also be upgraded in the field if any new security vulnerabilities are found after a design is locked, including with post-quantum cryptographic algorithms. System architects can essentially "future-proof" their new hardware designs thanks to FPGAs' ability to be reprogrammed in-field, rather than needing devices to be brought back home for upgrades or to replace the entire system.

**Automotive Designs**

Although the automotive industry has made great strides to improve vehicle comfort and safety through advanced driver assist systems (ADAS), vehicle connectivity, and autonomous driving, it has also made vehicles newly susceptible to various security threats and cyberattacks. Beyond protecting their physical cars, consumers now also need to ensure that their vehicles are not being hacked or tampered with remotely.

This is where functional safety (FuSa) becomes increasingly important. FuSa ensures systems or pieces of equipment are operating correctly in response to inputs or failure; it is a crucial part of the overall safety of a system. FPGAs are often used to connect multiple displays and cameras in a vehicle and can help ensure that safety-critical information is reliably reproduced, while also notifying the driver of an error or failure.

Practices like PFR are moving into the automotive realm to bring consumers peace of mind, and FPGAs are providing HRoT capabilities to vehicles on the road. As the line between the physical highway and the digital network continues to blur, FPGAs offer an ideal platform for security.

**Smart Home Control and Security**

At home, smart devices, such as security cameras, smart doorbells, home assistance devices, and smart appliances, have proliferated over the years. Beyond hardware security to protect from mundane attacks, designers are looking for flexibility in sensor choices, powerful edge processors, and the ability to aggregate data from multiple sources for processing. FPGAs meet each of these requirements so smart home devices can function as smoothly — and therefore securely — as possible.

Moreover, since smart home control and security systems demand such high levels of data processing power, it's key that they function with the lowest latencies possible to prevent security vulnerabilities.

**Small in Size, Big in Impact**

The applications above only scratch the surface of the impact FPGAs are having across industries. It's remarkable to see a single technology be used in such a variety of applications, but good security is everyone's best interest.

No matter your business, pay close attention to the cybersecurity landscape and how FPGAs are helping us all live in a more digitally secure future.

Integrating Cyber Resiliency With FPGAs

RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.

Cybersecurity has traditionally secured the use of off-the-shelf IT hardware and software. Yet almost all the finalists at this year's RSA Innovation Sandbox centered around securing attack surfaces arising from the building of applications, machine learning systems, and API integrations. And while that may sound like the SecDevOps and software supply chain security of old, these innovators are focused on a larger opportunity.

Innovation Sandbox is RSA's _Shark Tank_\-like competition bringing 10 startup finalists to present onstage before judges. HiddenLayer took the top prize for defending ML systems against adversarial AI.

Today, every company is a software company, and more developers and data scientists arrive each year. Yet nondevelopers have begun to build software, too. Anyone can ask ChatGPT to code API integrations to their favorite SaaS app. Or to drag tasks into the playbooks of orchestration tools. This year's finalists highlighted new attack surfaces produced by this growing business activity of software building.

**Surprising Vulnerabilities in ML Systems**

Cylance was hit with an adversarial AI attack in 2019, directly targeting its ML systems. Those involved were so sure they witnessed the future of cyber warfare, they built the Innovation Sandbox winner, HiddenLayer.

HiddenLayer defends ML systems against attacks that the public may have heard of, like poisoned training data. Yet the industry hasn't really addressed how easy it is to steal intellectual property (IP) from ML systems. As an example, inference attacks probe deployed ML models, learning to create labels that automatically train new models to mimic the victim's now stolen IP.

HiddenLayer protects customer models while they’re still being staged, detects their vulnerabilities, then protects and obfuscates models once deployed. In addition to their product, HiddenLayer offers a managed detection and response service for this unfamiliar world.

Many want the insights and automation that third-party AI providers, such as OpenAI, can deliver. Yet they don't want to share sensitive data. Enter Zama, the finalist working on the holy grail of AI privacy, fully homomorphic encryption.

Zama's fully homomorphic encryption allows their end customer's application developers to encrypt sensitive data into structures of ciphertext, then share it with third-party AI providers. After this third-party AI provider has completed its work on the structured ciphertext, the new analytic insights are handed back to the customer who originally shared their data. Homomophic's magic now happens as it's decrypted, with the integrity of the third-party AI's insights and their relation to the customer's private data intact. Yet no secrets were ever shared, only encrypted cyphertext.

Zama's twist is a quantization technique that optimizes by using integers instead of decimals, the latter of which require extra CPU instructions for even basic math.

**Enabling Software Developers Instead of Critiquing Code**

The shift-left movement has failed to make developers fix insecure code. This year's startups focused less on analyzing code and more on helping developers write secure code in the first place.

Taking second place was Pangea, which provides already working security functionality that can be built into applications with one-line API integrations. Pangea calls it shifting left-of-left: enable developers, instead of creating arguments with SecDevOps.

Other finalists in this mold include Endor Labs, which comes from the founder of cloud posture management pioneer RedLock, which became Palo Alto Networks' Prism cloud. Endor Labs targets the open source side of software composition analysis. Open source libraries are everywhere. As Endor Labs tells it, there’s even foundational Internet code maintained by single part-time developers. And some of these folks have even served time in prison. Endor Labs helps developers choose open source wisely, as they develop.

Relyance AI enforces privacy by asserting compliance against a company's custom code. The advanced intelligence they built in only three years may cause a double take. Relyance AI cites advances in NLP, and generative AI's ability to rapidly prototype as having accelerated R&D. They've built an AI product that understands privacy clauses in compliance documents, and enforces these on developer code.

Dazz focuses on orchestrating remediation across the sprawling software development life cycle. Today a diverse set of code-to-cloud personnel deploy applications on numerous continuous integration and continuous development (CI/CD) pipelines. They maintain their own container images, write code and include who-knows-what libraries and artifacts. Dazz auto-maps these CI/CD pipelines, then orchestrates remediating vulnerabilities across sprawling departments and actors.

**API Integrations Threaten Software Supply Chain**

The most important supply chain issue no one is talking about is back-end API integrations. Hidden data flows between commercial SaaS vendors arise as business users build "shadow integrations" with orchestration platforms and generative AI — even without coding skills. Because these integration apps automate and authenticate, these integrations are often handled by nonhuman identities, and there are a lot more nonhumans than humans.

Astrix Security maps the web of APIs, monitors, and reins in these API-to-API shadow integrations. By Astrix's count, there are 45 times more nonhumans traversing these connections than employees, making this the new identity problem.

Valence Security maps the SaaS-to-SaaS mesh, handles misconfigurations, and remediates — including an education step. They explain how in the new decentralized world, business users may essentially end up as SaaS admins.

**Timely Topics: SBOMs, Blockchain Contracts**

SafeBase builds a secure role-based trust center allowing a vendor's salespeople and customers to share supply chain information, share software bills of materials (SBOMs), and facilitate the expensive questionnaire process.

The final competitor, AnChain, showcased a Web3 SOC product that monitors, detects, responds to, and investigates blockchain smart contracts.

Innovation Sandbox gave us a first glimpse at securing the upcoming automation era where developers, data scientists, _and_ business users go to work every day and build potentially vulnerable software.

Startup Competition Secures ML Systems, Vulnerabilities in Automation

New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors.

A previously unreported phishing-as-a-service (PaaS) tool allows even script kiddies to build compelling, effective phishing attacks against businesses.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cybercriminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

"It's designed to be accessible," says Nick Biasini, head of outreach for Cisco Talos. "It democratizes access to phishing campaigns."

**How Greatness Works**

To a victim, Greatness will come in the form of an email with a link, or usually an attachment disguising an HTML page. Clicking on the attachment will open a blurred image of a Microsoft document behind a loading wheel, giving the impression that the file is loading. But the document never loads. Instead, the victim is redirected to a Microsoft 365 login page.

That might seem suspicious if not for the fact that the victim's email address, as well as their company's logo, are already pre-filled on the page, lending an air of legitimacy to the whole affair.

At this point, the man-in-the-middle scheme begins. The victim submits their password to 365, not knowing they're helping to log in their own attacker. Even if a victim has MFA implemented, it's no problem. 365 requests a code, the victim submits it, Greatness intercepts it, and the ruse continues. Greatness collects its authenticated session cookies and passes it on to the threat actor via Telegram or its admin panel.

It used to take time, effort, and _coding_ to craft phishing attacks this convincing. With Greatness, all you have to do is fill out a form: title, caption, an image of an Excel spreadsheet to trick them with, and so on. Enabling the "autograb" feature automatically pre-fills the 365 login page with the victim's email address, according to Talos' findings.

"Basically you just pay, you get access to your API, and that's it," Biasani says. "You have to understand some basic things, like what API keys are, and how to apply it in the portal, but it's pretty, pretty user-friendly."

**Why Greatness Works So Great**

Because Greatness is so slick in presentation and so effortlessly bypasses MFA, simple awareness and cyber hygiene may not be enough to save an enterprise from its grasp.

One simple change organizations can make is to adjust cookie session timeouts. "Having a timeout value of, like, two weeks is not a good look in the threat landscape that we're looking at today," Biasani explains. He adds, though, that "the challenge is you also have a user base, and forcing people to use MFA every five minutes is not going to go over very well, either. So you're kind of sitting in that middle space: a security decision versus a usability decision. It's a very tough balance."

Where simple fixes won't solve the problem, more sophisticated security is required. "This is where you start getting into things like anomaly detection," he notes, "and location-based logins. Things like that. You're going to have to take your detection up a level."

Still, Biasani sees a silver lining. "To me, more than anything else, it shows that MFA actually works … because they're \[attackers\] really actively trying to do something to counter it now," he says. "MFA is hitting a point where they can't ignore it anymore."

Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

Relatively few organizations have the resources for security programs and security professionals, so the US cyber agency is putting programs in place to help them, while striving to understand the scope of the problem itself.

Every day, attackers are targeting US small businesses, election offices, local government agencies, hospitals, and K–12 school systems, but most such organizations do not have the funding — or the dedicated resources — to defend themselves or even to know whether they are being attacked. 

The US Cybersecurity and Infrastructure Security Agency (CISA) aims to help these "cyber poor" places both to shore up their defenses and respond more quickly to attacks, Jen Easterly, director of CISA, told attendees at the sixth annual Hack the Capitol event in McLean, Va. on May 10. While the agency continues to work with government, large companies, and technology vendors on improving security, CISA aims to see how much it can help smaller organization fend off cyber threats as well.

The goal is to understand their needs, what they need to be able to invest in security, and where CISA can help them defend their capabilities, Easterly said. 

"How do we help a school district, can we help a small hospital, or help a water facility using ... free services, using assessments, using things like our cyber hygiene, \[and\] vulnerability scanning?" she said. "Can we help them reduce threats? So we're trying to spend a whole year doing this, and at the end of the year, we will see if we have been able to make any difference."

The focus on smaller organizations acknowledges that often SMBs, local government agencies, and schools have been overlooked and not included in the push to create more resilient organizations. The government's efforts to create public-private partnerships have typically focused on large companies and critical industries, but attackers — especially ransomware gangs — have hunted for smaller groups who do not have deep cybersecurity resources. Those groups are numerous — 99% of all businesses in the US have 250 employees or less, according to US Census data.

"We really tried to shift the paradigm from decades of public-private partnerships, which, frankly, were episodic and unidirectional and not necessarily the right type of mechanism that we needed to defend the country," Easterly said. The idea is that "the private sector, with international partners, with state and local partners, should come together to create a tapestry of visibility that would allow us to better understand the threats and take down risks to the nation."

**Time for a Simpler, Easier Cybersecurity Framework**

While the Cybersecurity Framework published by the National Institute of Standards and Technology (NIST) is considered the gold standard for creating a cybersecurity plan for a business, the document is hard to understand and implementation is difficult, Easterly said. CISA has thus introduced Cybersecurity Performance Goals (CPGs), which aim to be lower cost and lower effort goals that organizations can take to improve the cybersecurity posture.

"You don't know how to use the NIST Cybersecurity Framework and so \[if\] you want a much simpler guide, you can actually take the CPGs in a checklist format, and then characterize them by cost complexity and speed," she said. "CPGs have really helped in terms of, again, an easier, simpler metric that these entities can use to help drive down risks."

Ransomware is a particular focus, since many small organizations have been hit by ransomware in the past five years. CISA has already created a vulnerability-warning pilot that enables the agency to scan private systems and provide the owner with information on the vulnerabilities in those systems. 

"We get those tips and we ... let them know, 'Hey ... you've got this ransomware, you got this bad stuff on your network,'" she said. "'You need to do something about it ASAP.'"

**True Threats Still Cloudy**

Overall, what's the level of the threat to the cyber poor? Perhaps, surprisingly, the government does not have the answer. The balkanized structure of the Internet — a mishmash of private, educational, and government networks — means that visibility is limited, and no one has a complete picture, Easterly said. 

"The big question is how do you actually measure reduction of risk, which is hard because ... we don't understand the universe of how many events there are," she said. "It's all anecdotal — whatever numbers are out there, whatever studies are out there, whatever vendor — it's all really just a guess."

As we rush into a world where artificial intelligence is used as a way to consume and filter data, the level of information could get worse, because of AI hallucinations — statements made by machine-learning systems, such as large language models (LLMs) and ChatGPT, which sound authoritative, but are wrong.

Easterly pointed out that the design of the Internet never accounted for most of the threats that we have today, and that our approach to AI needs to be better.

"So you had an Internet full of viruses, you had social media full of disinformation, and now we have AI, which is sort of like an infantry lieutenant — frequently wrong, never in doubt," she said. "So I think we need to be very, very mindful of making some of the mistakes with artificial intelligence that we've made with other technology."

CISA Addresses 'Cyber Poor' Small Biz, Local Government

Supplementing staff by hiring hackers to seek holes in a company's defense makes economic sense in a downturn. Could they be cybersecurity's unlikely heroes in a recession?

For 30 years, Silicon Valley Bank (SVB) helped technology clients transform the region, and the world, growing to hold more than $200 billion in total assets and $175 billion in deposits. And then — spectacularly, and seemingly overnight — collapsing. While the Federal Reserve's bailout might have helped to staunch the bleeding for now, those who witnessed the events of early March firsthand will not forget what those first few frantic, uncertain days were like. The psyches of the investor class and tech sector may not recover for some time to come.

This could manifest as skittishness among the investor class, impacting tech of all focuses, but I'm particularly concerned about cybersecurity startups. A downturn in cybersecurity funding threatens not just the sector itself, but all who rely on cybersecurity innovation to keep threat actors at bay.

A recent article makes interrelated points to this effect. One: SVB has long been central to the banking needs of the cybersecurity community in the US and abroad, with public reports that roughly 500 cybersecurity vendors banked with them. Two: investors spooked by the collapse of SVB will likely be "re-evaluating practices" in the short term. Already, cybersecurity funding in 2023 had dipped to 2020 numbers. The collapse of SVB serves to intensify that trend.

One approach that has helped organizations shore up their defenses and continue innovating since the heyday of investment will be critical in this tumultuous time. Ethical hackers have always been one of the best solutions to rising rates of cybercrime. These hackers replicate the strategies of bad actors to penetrate systems and inform organizations about vulnerabilities. At this precarious economic moment, with funding collapsing and companies slashing security budgets, they're an especially viable alternative.

A downturn in funding for innovative solutions such as hackers against a perpetually intensifying cyberthreat landscape could be disastrous for both private and federal security needs. But, before explaining exactly why hackers are so important, it's worth sketching out our current threat and economic landscape in greater detail.

**Cybercrime and the Economy**

There's no shortage of statistics illustrating the challenging state of our current cybersecurity landscape. One report says cyberattacks on industrial firms increased by 87% in 2022. Meanwhile, another report shows cyberattacks against governments jumped by 95% in the second half of 2022. According to another study, the global cyberattack volume surged by 38% last year. The financial impact is significant; according to IBM, the average total cost of a data breach has risen to $4.35 million.

In many IT departments, keeping on top of their attack surface is an ongoing, hour-to-hour struggle.

The looming economic downturn will make these problems worse. Economic turbulence and spikes in cybercrime go hand in hand. In the aftermath of the 2009 recession, cybercrime rose an average of 40% over the following two years. It was clear again when Interpol and others noted a surge in cybercrime during the COVID-19 pandemic.

In other words: Economic turbulence means less investment in cybersecurity _and_ a surge in cybercrime. Put simply, it's a recipe for disaster.

**Why Hackers Are the Answer**

You can see why reduced funding for cybersecurity startups is a major problem. Any reduction in funding will be compounded by yet _another_ problem: individual companies cutting back on cybersecurity spending.

I believe that hackers represent the most viable solution to mounting budget concerns. It's not just that hackers are as inventive as the criminals they're trying to combat — prone to exactly the kind of left-of-field, unconventional thinking that routinely allows criminals to infiltrate well-fortified organizations. It's that — in a word — they're _affordable_. And what could matter more in times of economic stress?

Companies can access a diverse range of expertise and knowledge by using hackers, who bring a different mindset to your system's defenses and let you know quickly where your vulnerabilities are and how you might remediate them. Many organizations now routinely incentivize hackers to bring vulnerabilities to their attention through vulnerability reward programs such as bug bounty. That being said, such programs aren't meant to replace your very important cybersecurity teams. They're meant to supplement them, reduce internal burnout, and overall make your organization more successful.

Hackers have been largely mainstreamed by now, but a not-insignificant number of organizations remain resistant to the concept, on the logic that inviting hackers of any kind or motivation into one's internal systems may prove risky. But this is an outdated way of thinking. For proof, look no further than the US government, which is not usually known to take radical risks in the cybersecurity department. And yet: in 2017, the Department of Defense (DoD) launched Hack the Pentagon, and since then, hackers have alerted the DoD to more than 45,000 vulnerabilities. The US isn't alone in this: Insights generated by hackers are now a routine part of government security in countries all over the world, including Singapore and the UK.

A few years from now, we'll have a clearer picture of how precisely the collapse of SVB impacted the tech sector and the larger economy. In the here and now, though, all organizations need to stay on high alert. It would be a shame to weather an economic downturn just to lose it all from a major breach. The latter scenario, at least, is preventable — and hackers can help.

Why Economic Downturns Put Innovation at Risk & Threaten Cyber Safety

Attackers compromised the personal email of a new employee and, when the initial attack failed, attempted through socially engineered messages to get the company to pay them off.

One might argue that security companies should be more prepared than most organizations to defend against a cyberattack. That was the case at Dragos recently, when a known ransomware group attempted, but failed, to extort money from the security vendor in a socially engineered attack that occurred after it compromised a new employee's personal email account.

The attack occurred May 8, with attackers gaining access to SharePoint and the Dragos contract management system by compromising the personal email address of a new sales employee prior to the person's start date, the company revealed in a blog post on May 10. The attacker then used stolen personal information from the hack to impersonate the employee and accomplish initial steps in Dragos' employee-onboarding process.

Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure, the company said.

"No Dragos systems were breached, including anything related to the Dragos Platform," according to the post.

However, the attackers didn't stop there. Once the group's initial compromise and ransomware strategy was unsuccessful, it quickly "pivoted to attempting to extort Dragos to avoid public disclosure," the company said. Attackers did this by sending a flurry of messages to Dragos executives that threatened to reveal the attack publicly if they weren't paid off.

In a creepy twist, the group even went so far as to get personal in the messages, making references to the family members and personal contacts of Dragos employees, as well as sending emails to the personal accounts of senior Dragos employees to elicit a response.

The company ultimately decided that "the best response was to not engage with the criminals," and managed to contain the incident, according to the post.

Still, Dragos acknowledged a data loss that will likely result in a public leak of information because the company chose not to pay a ransom, which is "regrettable." However, the company sticks by its decision not to engage or negotiate with cybercriminals, it said.

**Promoting Cyber Transparency**

It's not often that security companies reveal attacks that they experience, but Dragos said that it decided to do so as an example of how to defuse a security breach before it causes significant damage. Also, it wanted to "help de-stigmatize security events," the company wrote in the post.

Indeed, as security incidents have proven time and again, no company — not even ones that seem firmly locked down — is safe from attack, particularly with the current level of attackers' cleverness and sophistication when using social engineering tactics, according to one security expert.

In fact, the Dragos narrative "is one of the rare stories where you hear about a truly crafted social engineering attempt and a quick discovery which led to minimal damage," Roger Grimes, data-driven defense evangelist at security firm KnowBe4, wrote in an emailed statement.

The incident should drive awareness to "the very active social-engineering scams that are happening in the hiring space" in particular, he wrote. In fact, not every company is so lucky, nor defends itself so well, Grimes noted.

"There are also many stories of employers hiring fake employees who existed only to steal and scam from their employer, fake employees who actually didn't know their job and just collected paychecks until they were fired, and scams the other way where legitimate job seekers were scammed while seeking employment," he says.

**Response & Internal Mitigation Is Key During a Cyberattack**

While an investigation into the incident is ongoing, Dragos was able to prevent a more serious attack due to swift response and a layered security approach by the company, which should provide a blueprint for others, according to the post.

The company investigated alerts in its corporate security information and event management (SIEM) and blocked the compromised account, as well as activated its incident response retainer with a service provider, and engaged a third-party monitoring, detection and response (MDR) provider to manage incident-response efforts.

"Verbose system activity logs enabled the rapid triage and containment of this security event," the company said.

To avoid similar attacks in the future, the company said it has added an additional verification step to further harden its new-employee onboarding process to ensure that the technique used in the attack won't be repeated.

Moreover, since every thwarted access attempt was due to multistep access approval, Dragos also is evaluating the expansion of this strategy to other systems based on how critical they are.

**Cyber-Resilience Advice for Other Organizations**

Dragos also made some recommendations for other organizations to help avoid a similar attack scenario. The company advised that the hardening of identity and access management infrastructure and processes is ultimately a baseline linchpin for every organization looking for cyber resilience. And it's a good idea to implement separation of duties across the enterprise so no one person has full run of the environment.

Organizations also should apply the principle of least privilege to all systems and services, and implement multifactor authentication wherever possible, the company said.

Other steps for avoiding a similar employee compromise like Dragos suffered include applying explicit blocks for known bad IP addresses, and scrutinizing incoming emails for typical phishing triggers, including the email address, URL, and spelling.

Finally, organizations overall should ensure that continuous security monitoring is in place, with tested incident response playbooks ready in case an attack does occur, according to Dragos.

Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme

The 2023 AT&T Cybersecurity Insights Report examines how edge use cases are evolving, how organizations are changing to deliver better business outcomes through digital first experiences, and how an integrated ecosystem can work together to put security at the core of edge computing.

Each year, we look forward to the publication of the "AT&T Cybersecurity InsightsTM Report: Edge Ecosystem," a vendor-neutral and forward-looking report. It helps us gauge where the market is going, what lies ahead, and evolving business solutions — while understanding how cybersecurity connects to the ecosystem.

**Research Methodology**

This report is a vendor-neutral thought leadership piece offering a quantitative analysis of 1,418 global professionals in security, IT, application development, and line-of-business. It includes a qualitative analysis of cybersecurity subject matter experts.

The report includes common edge use cases in seven verticals — healthcare; retail; finance; manufacturing; energy; transportation; and US state, local, and higher education (SLED) — and presents actionable advice for securing and connecting an edge ecosystem. Finally, it looks at cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

**Embracing the Edge Computing Ecosystem**

We asked our respondents to help us define the key characteristics of edge computing. These characteristics define this new democratized version of computing with IoT devices (that are also evolving) that will process and deliver a previously unseen velocity, volume, and variety of data.

*   Edge computing relies on a distributed model of management, intelligence, and networks.
*   Applications, workloads, and hosting are closer to where data is generated and consumed.
*   It's software-defined, which can mean the dominant use of private, public, or hybrid cloud environments. This doesn't rule out on-premises environments.

**Business Is Realizing the Value of Edge Deployments**

Edge deployments and use cases are increasing because business recognizes their value. In 2023, the primary use case in each industry evolved from the previous year.     

Fifty-seven percent of survey respondents are in proof of concept, partial, or full implementation phases with their edge computing use cases.

One of the most pleasantly surprising findings is how organizations are investing in security for edge. We asked survey participants how they allocated their budgets for the primary edge use cases across four areas: strategy and planning, network, security, and applications.

The results show that security is an integral part of edge computing. This balanced investment strategy prioritizes much-needed security for ephemeral edge applications as a key component of strategic planning. Edge project budgets are nearly balanced across four key areas: 30% network, 23% overall strategy and planning, 22% security, and 22% applications.

**A Robust Partner Ecosystem Supports Edge Complexity**

Across all industries, external trusted advisers are being called upon as critical extensions of the team. During the edge project planning phase, 64% use an external partner. During the production phase, that same number increases to 71%. These findings demonstrate that organizations are seeking help because the complexity of edge demands more than a do-it-yourself approach.

A surprise finding comes in the form of the changing attack surface and changing attack sophistication. Our data shows that distributed denial-of-service (DDoS) attacks are now the top concern (when examining the data in the aggregate vs. by industry). Surprisingly, ransomware dropped to eighth place out of eight in attack type.

The qualitative analysis points to an abundance of organizational spending on ransomware prevention over the past 24 months and enthusiasm for ransomware containment. However, ransomware criminals and their attacks are relentless. Additional qualitative analysis suggests cyber adversaries may be cycling different types of attacks. This is a worthwhile issue to discuss in your organization.

**Building Resilience Is Critical for Successful Edge Integration**

Resilience is about adapting quickly to a changing situation. Together, resilience and security address risk, support business needs, and drive operational efficiency at each stage of the journey. As use cases evolve, resilience gains importance, and the competitive advantage that edge applications provide can be fine-tuned. Future evolution will involve more IoT devices, faster connectivity and networks, and holistic security tailored to hybrid environments.

Our research finds that organizations are fortifying and future-proofing their edge architectures and adding cyber resilience as a core pillar. Empirically, our research shows that as the number of edge use cases in production grows, there is a strong need and desire to increase protection for endpoints and data. For example, the use of endpoint detection and response grows by 12% as use cases go from ideation to full implementation.

**Key Takeaways**

You may not realize you've already encountered edge computing — whether through telemedicine, finding available parking places, or working in a smart building. Edge brings us to a digital-first world rich with new and exciting possibilities.

By embracing edge computing, you'll help your organization gain important and often competitive business advantages. This report is designed to help you start and further the conversation. Use it to develop a strategic plan that includes these key development areas.

*   Start developing your edge computing profile.
*   Develop an investment strategy.
*   Align resources with emerging security priorities.
*   Prepare for ongoing, dynamic response.

Download the newly released "AT&T Cybersecurity Insights Report: Edge Ecosystem" here.

**About the Author**

    

Theresa Lanowitz is a proven global influencer and speaks on trends and emerging technology poised to help today’s enterprise organizations flourish. Theresa is currently the head of cybersecurity evangelism at AT&T Business.

Prior to joining AT&T, Theresa was an industry analyst with boutique analyst firm Voke and Gartner. While at Gartner, Theresa spearheaded the application quality ecosystem, championed application security technology, and created the successful Application Development conference.

As a product manager at Borland International Software, Theresa launched the iconic Java integrated development environment, JBuilder. While at Sun Microsystems, Theresa led strategic marketing for the Jini project, a precursor to IoT (Internet of Things).

Theresa's professional career began with McDonnell Douglas where she was a software developer on the C-17 military transport plane and held a US Department of Defense Top Secret security clearance.

Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh.

Source

DARKReading