We must not forget that even specialized companies can suffer cybersecurity incidents. According to digital forensics experts, an employee of Japan-based security firm TrendMicro was discovered stealing information from the company’s customers and selling it to third parties aiming to deploy sophisticated tech support scam campaigns.
The targets of this campaign were the company’s
customers using a home-use security solution, who received phone calls from
threat actors posing as TrendMicro customer service employees.
The company began receiving reports on these
calls, in which criminals used information only operated by some of TrendMicro
employees, leading them to intuit that the attackers had the collaboration of
an insider. After an internal investigation, TrendMicro determined that an
employee had been improperly accessing a database operated by the company’s
customer service area to extract sensitive information and sell it to scammers.
“After a thorough investigation, our digital forensics team was able to confirm that this is an internal threat,” the company mentions a blog post. “One of our employees fraudulently accessed our customer support databases, extracting information including names, email addresses, phone numbers, and client support query backup”.
The company also added that, so far, there is no
evidence to prove that other sensitive data, such as payment card information,
was also compromised. The employee has already been fired by TrendMicro and is
awaiting legal proceedings against him.
The company claims that less than 1% of TrendMicro tech support users were affected by this fraudulent campaign. In addition, the company’s digital forensics team report highlights the fact that only English speakers were attacked in this campaign.
Although no financial data was extracted from
affected customers, it is possible that the attackers tried to make arbitrary
charges for support services that were not really needed.
As a security measure, users are reminded that
TrendMicro never makes unsolicited support calls, so in case of receiving a
call from an alleged customer service employee users must hang up immediately
and, if possible, notify TrendMicro.
International Institute of Cyber Security (IICS)
digital forensics specialists mention that TrendMicro’s corporate clients were
not targeted by the operators of this campaign, although they recommend that
the company remain vigilant, as this is the second incident of unauthorized
access to sensitive information that occurred recently on TrendMicro. A few
months ago, it was reported that an unidentified hacker accessed a company test
lab and managed to extract more than 30 terabytes of information, including
sensitive source code.