A Primer

5 REASONS WHY YOUR ANTIVIRUS SOFTWARE IS NOT ENOUGH

LEGAL DISCLAIMER

The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice.

Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.

Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.

The vast amount of data small and medium-sized businesses (SMBs) hold, as well as their lack of sufficient security practices, makes them prime targets for attackers.1 As a result, SMBs believe it is necessary to invest in storage security for their critical data, such as email messages, financial documents, and project files.

A study reveals that SMB spending on security technology will grow at a rate of 10-12% per year and will exceed $5.6 billion in 2015.2 However, security for most SMBs simply means using traditional antivirus technology that typically consists of a firewall, file scanner, and removal tools. This creates a risk for most SMBs since many new threats in the wild still manage to evade antivirus products.3

What makes traditional antivirus software inadequate to protect SMBs?

1 http://about-threats.trendmicro.com/smb-primers/is-your-business-at-risk-of-losing-data/2 http://www.idc.com/getdoc.jsp?containerId=prUS235079123 http://www.darkreading.com/smb/what-antivirus-shortcomings-mean-for-smb/240146877

Targeted attacks can bypass blacklisting.The basis of traditional antivirus security is blacklisting, or the technology used in identifying bad files and known malware and then stopping them.

In an ISACA and Trend Micro sponsored survey, a high percentage of enterprises claimed they use traditional network perimeter technologies to battle advanced persistent threats (APTs).4 APTs manage to stay undetected in a network or system for a long period while progressing toward their goal—usually to steal data.

Since attackers now consider SMBs prime targets, SMBs relying on the same security technologies are also at risk. An APT’s ability to bypass blacklisting allows them to move within the network without detection and steal corporate passwords in order to gain access to other systems.

Recent incidents indicate how attackers sidestep traditional antivirus technologies to carry out phishing attacks, breach security, and steal data. The attack on the New York Times, for example, is an example of how threats can avoid security system detection.5

4 http://www.trendmicro.com/cloud-content/us/pdfs/business/datasheets/wp_apt-survey-report.pdf

5 http://blog.trendmicro.com/trendlabs-security-intelligence/lessons-from-the-new-york-times-apt-attack/

Customized malware attacks account for most data breaches.A Verizon report still ranks malware as among the top methods used in data breaches. The report recorded 621 confirmed data breach incidents in 2012, 40% of which were caused by malware. Almost half of the total incidents occurred within companies with less than 1,000 employees. This includes 193 incidents in companies with fewer than 100 workers.6

The chances of data breach are higher when SMBs believe that their traditional antivirus is enough to protect their assets, particularly against customized attacks. Developments in the cybercriminal underground allow attackers to streamline their attacks to suit their targets’ specific circumstances. For example, attackers can use polymorphic malware7, target outdated software, and then perform social engineering. These added complexities give them the ability to bypass basic antivirus software detection.

6 http://www.verizonenterprise.com/DBIR/2013/7 http://about-threats.trendmicro.com/us/webattack/97/WORMVOBFUS%2BA%20

Polymorphic%20Downloader

Cybercrime is expanding.Along with the increased incidences of sophisticated attacks and customized malware, the cybercrime underground economy, too, has expanded rapidly over the past years. This spells trouble for IT administrators because these attackers may focus on collecting classified data from their systems.

Fraudsters who thrive in the cybercriminal underground have managed to make the Internet their playing field. According to a Trend Micro research paper, the Russian cybercriminal underground continuously improves technologies and modifies its targets to enhance their seemingly lucrative businesses.

Cybercrime enhancements put SMBs at risk. Improved ransomware, for example, prevents its victims from accessing their systems while holding their data hostage.8 Tools have also been crafted to serve mobile threats.9

Another research suggests that underground markets are primarily designed for illicit activities which may often involve selling business intelligence and trading information about software flaws.10

8 http://blog.trendmicro.com/trendlabs-security-intelligence/police-ransomware-bears-fake-digital-signature/

9 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

10 http://igcc.ucsd.edu/publications/igcc-in-the-news/news_20120731.htm

Traditional antivirus software isn’t a cure-all.Antivirus software will always be an important element in keeping computers secure against malware. Good antivirus software can analyze complex file behavior and block threats accordingly. However, it may not be able to protect against more sophisticated threats such as the ZACCESS malware, in which attackers keep its malware routines out of plain sight.11

11 http://about-threats.trendmicro.com/us/webattack/138/Revealing+the+Hidden+Routines+of+ZACCESS

Social engineering doesn’t go out of style.Even with a reliable antivirus solution in place, SMBs may find it a challenge to stay protected against social engineering attacks in the form of phishing scams and malicious URLs.12 Social engineering is a tactic that relies heavily on human interaction in order to manipulate people into revealing sensitive information or to click certain links. Threats can be disguised as official emails from sites users are familiar with, like Facebook.

Since social engineering does not require a high level of technical expertise. Attackers have long used this technique as a method to gather information about a company. Establishing employee trust and psychological manipulation are important components in a successful social engineering attack. These components are the reason why having antivirus software is not enough—once attackers take advantage of an employee’s trust, they can already gain access to confidential data.

12 http://www.trendmicro.com/us/security/social-engineering/index.html

What Should SMBs Do?In the current threat landscape, no organization is safe. Even SMBs with in-place antivirus solutions are prime cybercrime targets. The best you can do to protect your business is to:

• Empower your employees with best practices and guidelines to minimizethe risk of falling prey to the various aspects of cybercrime.

• Employ a smarter, more comprehensive all-in-one security solution toprotect your online experience—whatever you’re doing and whatever deviceyou’re doing it on.

• Set rules for employees using their own mobile devices at work.Antivirus solutions are not able to detect malicious mobile apps or providemobile Web reputation.

• Use a reputation-based solution as a countermeasure for non-traditionalthreats. Trend Micro solutions are powered by the Trend Micro™ SmartProtection Network™, a global cloud-based threat intelligence network thatuses reputation-based services and finely tuned custom data mining toolsto identify new threats.

©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

TRENDLABSSM

TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24x7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity.

Trend Micro Incorporated

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge—from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.