Trend Micro blocked 12.6 billion threats in Q3, a 20% decrease from 2012, but warned that seismic security incidents during the period could be an indication of the kind of threats facing individuals and businesses going forward.
The third quarter saw some of the “worst-case security scenarios ever imagined," according to the vendor's Security Roundup report for the period.
First came the attack on Hacking Team reported back in July in which 400GB of stolen data was exposed, leading to the discovery of five new zero day flaws and specialist spying tools for iOS and Android.
One of these vulnerabilities was added into the Angler EK and used in attacks in South Korea and Japan and another in attacks on sites in Taiwan and Hong Kong.
Then came the Ashley Madison data dump, which it is claimed led to follow-up extortion and blackmail attacks on those exposed, even resulting in reports of suicide.
Trend Micro even discovered some honeypots it set up were used to create profiles on the site, leading some to speculate that some innocent netizens may also have been caught up in the fall-out from the attack.
The report had the following analysis:
“We believe we will see more of these chain reaction-type attacks. Bigger and better-secured organizations may experience breaches of their own if ever attackers successfully manage to leech off data from their smaller, less-secure partners. Consumers may also find their personal information at risk if companies continue to get breached due to this lateral progression of attacks.”
Elsewhere the quarter saw another major Android vulnerable—Stagefright—and even trojanized apps featuring a malicious version of Xcode were found on the App Store, putting iOS users at risk.
Despite blocking 1,588 threats per second, the figure continues to fall from 2012 highs, possibly due in part to attackers focusing their efforts on “well-chosen victims for better results,” Trend Micro said.
Trend Micro chief cybersecurity officer, Tom Kellermann, argued that incident response plans must be tweaked to manage the “secondary stages of attacks.”
“Intrusion suppression will become the goal of incident response as it is imperative that the dwell time of an adversary be limited. We must disrupt the capacity of an adversary to maintain a footprint on hosts, and thus inhibit their ability to conduct secondary infections,” he added.
“Virtual shielding, integration of breach detection systems with SIEMs, and file integrity monitoring will be key instruments in mitigating the punitive attacks of 2016.”