All the latest UK technology news, reviews and analysis

Trend Micro chief warns Russian cyber mobsters pose bigger threat than Chinese snoops

13 Mar 2013

Trend Micro chief technology officer Raimund Genes has warned that businesses' concern about state-sponsored attacks is blinding them to the larger threat posed by Russian cyber crooks.

Genes told V3 that the tit-for-tat accusations between nations about who hacked who is hampering security vendors' ability to help combat cyber crime.

Trend Micro chief technology officer Raimund Genes

"When I see a lot of stuff like the Mandiant report blaming the Chinese, I have to agree that the Chinese do dabble with corporate espionage but do you not think that the Americans do it as well? Do you not think the Russians do it?" said Genes (pictured left).

"I'm more concerned about the Russians. They perfected cybercrime a long time ago and have the dangerous guys for hire. You see more in Eastern Europe than you see in China, they perfected the model quite a while ago and the most sophisticated attack code we're seeing is coming out of Russia."

The Mandiant report was a released earlier in 2013. It claimed to have uncovered evidence linking two Advanced Persistent Threats (APT) campaigns to a Chinese military unit.

The report re-sparked the ongoing spat between the Chinese and American governments.

Genes said that the high interest around nation state hacking and the threat posed by APT has distracted businesses from the threat posed by criminals.

"I hate the term APT. Last week I was in RSA and everyone was ranting ‘APT this' and ‘APT that. The fact is a lot of the stuff we're seeing is not advanced. Stuxnet was advanced but it wasn't targeted, because it was spreading way too widely," said Genes.

"We know it was spreading everywhere. If it had only triggered when it was in a centrifuge system in Iran then it would be a different story. It's the same with all this Red October nonsense, if it's good you don't see it."

The Trend Micro CTO said that many criminals customised versions of existing tools to mount their targeted attacks, making them cheap to develop and difficult to detect.

"The funny thing is that very often the attack is targeted, but the attackers uses a variant of an existing attack tool. For example they'll use something like Poison Ivy with a remote access Trojan developed in the Russian underground or somewhere. He'll then use a crypto to ensure it's not detected," said Genes.

"He then scripts it so that it only triggers if it sees a specific employee name or document on the company network and then it actually gets persistent within the environment, making lateral movements to find its target.

"You don't see it because if it's targeted then I ensure that my payload only triggers in the network or area it wants to."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Project Manager - Agile, SaaS,

We are currently looking for a Senior Project Manager...

C#.NET and MVC 4/5 Contract Web Developer. near Chester

C#.NET and MVC 4/5 Contract Back end Developer. Near...

SQL Developer - SSIS / Integration Services / XML / Retail - London - £300-400pd

SQL Developer - SSIS / Integration Services / XML / Retail...

Lead Developer, Mobile, Agency, Greenfield, London, £70,000

Lead Developer, Mobile, Agency, Greenfield, London, £70...
To send to more than one email address, simply separate each address with a comma.