Trend Micro's Q3 Security Roundup Details Unprecedented Vulnerabilities and New, Sophisticated Techniques
December 02, 2014
Shellshock revelation, new attacks against mobile and web platforms dissected in quarterly report

The third quarter saw a significant event with the new critical vulnerability, known as Shellshock, that threatened more than half a billion servers and devices worldwide. This major development, as well as an uptick in volume and sophistication of cyber-attacks are detailed in Trend Micro Incorporated's (TYO: 4704TSE: 4704) latest quarterly security roundup report,"Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface." The report also reveals web platform and mobile app vulnerabilities that have broadened significantly, resulting in high-impact attacks on businesses and consumers alike.

"Our findings confirm that we are battling rapidly moving cybercriminals and evolving vulnerabilities simultaneously," said Raimund Genes, CTO, Trend Micro. "With this fluidity, it's time to embrace the fact that compromises will continue, and we shouldn't be alarmed or surprised when they occur. Preparation is key and as an industry we must better educate organizations and consumers about heightened risks as attacks grow in volume and in sophistication. Understanding that cybercriminals are finding vulnerabilities and potential loopholes in every device and platform possible will help us confront these challenges so technology can be used in a positive way."

The report dissects vulnerabilities, such as Shellshock, which threatens popular operating systems, including Linux, UNIX and Mac OS X. The surprising discovery of the Shellshock vulnerability emerged after going unnoticed for more than 20 years, suggesting the likelihood of more long, undiscovered vulnerabilities lurking within operating systems or applications.

Vulnerabilities in mobile platforms and apps are also proving to be a greater challenge. As in previous quarters, the report cites that significant and critical vulnerabilities were found in mobile platforms, such as Android. Exploit kits were highly utilized in Web platforms and provided cybercriminals another resource to compromise victims' systems.

In an effort to steal credit card information and money, the report also reveals that threat actors are targeting large retailers' Point-of-Sale (PoS) systems to execute massive data breaches. This ongoing practice further indicates that PoS networks are highly accessible and vulnerable. Cyber thieves also utilized updated versions of older versions of popular malware and online banking malware to successfully target victims.

In addition, the Q3 report discloses data that the United States tops the list of countries with the most PoS malware, ransomware, malicious URL sources and visits to malicious sites. Government institutions were reported to be the most targeted organizations.

This quarter's report also includes expert insight from Trend Micro's threat researchers and evangelists. The following are a few highlights:

  • A summarized threat landscape, complete with statistics and insight, including mobile threats, etc.
  • In-depth information regarding prominent vulnerabilities
  • Details about successful attacks against popular web platforms and breakdown of sophisticated attacks that aggressively pursue financial data
  • Analysis of security challenges faced by mobile app developers, as well as users
  • Revelations of targeted attacks utilizing internal and external entry points

For the complete report, please visit:

A blog post regarding the report can be viewed here:\

About Trend Micro

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Built on 25 years of experience, our solutions for consumersbusinesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™ infrastructure, and are supported by more than 1,200 threat experts around the globe. For more information, visit