All the latest UK technology news, reviews and analysis


Trend Micro chief warns Russian cyber mobsters pose bigger threat than Chinese snoops

13 Mar 2013

Trend Micro chief technology officer Raimund Genes has warned that businesses' concern about state-sponsored attacks is blinding them to the larger threat posed by Russian cyber crooks.

Genes told V3 that the tit-for-tat accusations between nations about who hacked who is hampering security vendors' ability to help combat cyber crime.

Trend Micro chief technology officer Raimund Genes

"When I see a lot of stuff like the Mandiant report blaming the Chinese, I have to agree that the Chinese do dabble with corporate espionage but do you not think that the Americans do it as well? Do you not think the Russians do it?" said Genes (pictured left).

"I'm more concerned about the Russians. They perfected cybercrime a long time ago and have the dangerous guys for hire. You see more in Eastern Europe than you see in China, they perfected the model quite a while ago and the most sophisticated attack code we're seeing is coming out of Russia."

The Mandiant report was a released earlier in 2013. It claimed to have uncovered evidence linking two Advanced Persistent Threats (APT) campaigns to a Chinese military unit.

The report re-sparked the ongoing spat between the Chinese and American governments.

Genes said that the high interest around nation state hacking and the threat posed by APT has distracted businesses from the threat posed by criminals.

"I hate the term APT. Last week I was in RSA and everyone was ranting ‘APT this' and ‘APT that. The fact is a lot of the stuff we're seeing is not advanced. Stuxnet was advanced but it wasn't targeted, because it was spreading way too widely," said Genes.

"We know it was spreading everywhere. If it had only triggered when it was in a centrifuge system in Iran then it would be a different story. It's the same with all this Red October nonsense, if it's good you don't see it."

The Trend Micro CTO said that many criminals customised versions of existing tools to mount their targeted attacks, making them cheap to develop and difficult to detect.

"The funny thing is that very often the attack is targeted, but the attackers uses a variant of an existing attack tool. For example they'll use something like Poison Ivy with a remote access Trojan developed in the Russian underground or somewhere. He'll then use a crypto to ensure it's not detected," said Genes.

"He then scripts it so that it only triggers if it sees a specific employee name or document on the company network and then it actually gets persistent within the environment, making lateral movements to find its target.

"You don't see it because if it's targeted then I ensure that my payload only triggers in the network or area it wants to."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Development Manager

This is a unique and senior opportunity to establish...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

Web Developer

The company is a growing software house providing system...

ICT Security Officer

ICT Security Officer This is a newly created...
To send to more than one email address, simply separate each address with a comma.