We’re in bed together, admit Intel Security, Trend Micro and NCA

Infosec firms confirm they're dating – but not exclusively


The UK's National Crime Agency has enlisted two leading security firms as part of a collaborative intelligence-sharing effort.

Intel Security and Trend Micro will be part of the "virtual threat teams" which will provide the police with intelligence on cybercrime threats in the UK and the rest of the world.

As both companies provide security for hundreds of millions of customers globally, their access to global trends in malware development is of immense value to the NCA's Cyber Crime Unit.

Talking to the BBC last Friday, Andy Archibald, the head of that unit, acknowledged the collaboration which had developed between the law enforcement agency and the private sector over the last 10 months.

Rik Ferguson, Security Research veep at Trend Micro told The Register that although working partnerships had been established for a while, they were now being formalised across the board, not just with the NCA, but also at Europol and Interpol, with whom Trend Micro has a embedded researcher in Singapore.

From CryptoLocker and Gameover ZeuS, through to Beebone and RAMNIT, collaboration between security companies and law enforcement agencies has proven vital to protecting the public from cybercrime.

Talking to The Register, Raj Samani, CTO at Intel Security, said it was important to recognise the value of the collaborative approach, noting the success of such an approach was visible from the recent sentencing of Alex Yucel, the creator of Blackshades.

"Security firms have a far greater understanding of the threats in terms of what they see on a day-to-day basis," Archibald told the BBC. "They have a massively important part to play in terms of understanding and identifying who and where the threat comes from."

The ability to sense trends, recognise malware variants and comprehend the extent of the threat that the public faces would be inimitable if attempted in-house by the NCA, which does not have access to the expertise, nor the jurisdiction to investigate, when and where the companies are professionally engaged to provide.

When asked about notions of rivalry, Ferguson said they are perhaps "more apparent on the sales/marketing side of the business. Researchers really regard each other as allies, and the malicious actors and the malware is the enemy".

Samani told The Register that such collaborations are essential when dealing with this new emerging area of crime. "That activity, of holding information and keeping it secret, it just doesn't help."

Intel Security has officially endorsed public-private partnerships on several occasions, and cited the Beebone takedown as "further evidence that only a combined response is capable of slowing down the ever-growing menace of cybercrime."

"We have no choice," said Samani. "We have to collaborate. This is the future of crime. You are not going to walk into a bank with a gun anymore. It's dangerous. It's easier to sit at home in your pajamas. And it is." ®

Broader topics


Other stories you might like

  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading
  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading
  • Costa Rican government held up by ransomware … again
    Also US warns of voting machine flaws and Google pays out $100 million to Illinois

    In brief Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.

    Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the country's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

    The Costa Rican government said at least 30 of the agency's servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is now asking for $5 million in Bitcoin to unlock infected systems.

    Continue reading
  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Feds raid dark web market selling data on 24 million Americans
    SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more

    US law enforcement has shut down another dark web market, seizing and dismantling SSNDOB, a site dealing in stolen personal information.

    Led by the IRS' criminal investigation division, the DOJ, and the FBI, the investigation gained control of four of SSNDOB's domains, hobbling its ability to generate cash. The agents said it raked in more than $19 million since coming online in 2015.

    Continue reading
  • Healthcare organizations face rising ransomware attacks – and are paying up
    Via their insurance companies, natch

    Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.

    The outfit's team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely get all of their data returned if they do so. In addition, 78 percent of organizations are signing up for cyber insurance in hopes of reducing their financial risks, and 97 percent of the time the insurance company paid some or all of the ransomware-related costs.

    However, while insurance companies pay out in almost every case and are fueling an improvement in cyber defenses, healthcare organizations – as with other industries – are finding it increasingly difficult to get insured in the first place.

    Continue reading
  • Cops' Killer Bee stings credential-stealing scammer
    Fraudster and two alleged accomplices nabbed in joint op

    An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.

    The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam. 

    The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.

    Continue reading

Biting the hand that feeds IT © 1998–2022