Information sharing has never been a challenge in the cybercrime underground. Threat actors routinely trade stolen data, best practices and know-how with each other to increase their chances of success. Yet “above ground” it has not always been so straightforward. Competing commercial and other considerations sometimes complicate collaborative efforts. When that happens, the only winners are the bad guys.
That’s why Trend Micro has always taken an open, collaborative approach. We’ll partner with law enforcement, academia and industry vendors if it means making our connected, digital world more secure.
In this way, we have deepened our long-running collaboration with Adobe and Trend Micro Research. The move helps distribute Trend Micro vulnerability information about Adobe products to security vendors more quickly so they can enhance protection for their customers.
What’s new?
The speed at which the cybercrime community gets to work is almost impressive. When a new vendor patch is released, it can take threat actors just hours to reverse engineer a patch and develop an exploit. The challenge for organizations is that it often takes them far longer to apply patches—weeks, months or even years longer. One of the top 10 vulnerabilities exploited during 2016-2019 was from 2012. The top two exploited in 2020 were patched the year before.
It’s therefore increasingly important that we take a holistic approach to security. That means not only discovering and disclosing vulnerabilities, and encouraging prompt patching, but ensuring that security software is updated before a patch is released, so customers are protected from day one.
This is where the Microsoft Active Protections Program (MAPP) does great work—providing security vendors with early access to vulnerability information so they can update their AV software, intrusion detection/protection (IDS/IPS) and other tools.
Thanks to a new initiative with Adobe, Trend Micro Research will now be providing additional information to participating MAPP vendors. It will usually contain a detailed description of the bug, some source code (or pseudo code), stack traces, detection guidance, and in some cases, Proof of Concepts (PoCs).
The goal is to provide everything needed for security vendors to create a signature or filter that will block exploits of a soon-to-be-patched vulnerability. It’s about arming the security vendor community and our collective customers with the right information at the right time to head off cyber-risk.
A long history of collaboration
Of course, this is just the latest in a long line of collaborative efforts Trend Micro has sought to deliver to make the digital world a safer place. Through the Zero Day Initiative (ZDI), the world’s largest vendor agnostic bug bounty program, Trend Micro incentivizes researchers to find new bugs in vendor code and disclose responsibly. Over the years we’ve disclosed a total of nearly 1,200 vulnerabilities to Adobe. That’s made ZDI the number one source for new disclosures to Adobe over the past six years.
Beyond the day-to-day bug disclosures of the ZDI program, we also host Pwn2Own, an annual competition held twice a year that challenges contestants to find new bugs in popular products. The resulting work not only makes the internet a safer place – it also serves as inspiration to guide the vulnerability research community. There’s a high level of trust required between vendor, researcher and the ZDI team, which is evidenced by the sensitive discussions that go on behind closed doors in the “disclosure room” at these events. With Adobe, we have had many productive conversations over the years during Pwn2Own disclosures in which Adobe has utilized direct access to the researchers to ask questions and gain deeper knowledge of the vulnerabilities and new exploit techniques being presented. These conversations can help vendors identify bug variants and further harden their software.
Going beyond
The strength, depth and duration of our partnership helps Adobe further to embark on the next stage of the journey—providing Trend engineers with access to PoC files so we can deliver enhanced actionable vulnerability intelligence to the industry via MAPP.
This is one of many industry efforts we’re engaged in on an ongoing basis.
We’re immensely proud of what our research team has achieved, and what we can accomplish to further our mission through collaborations like this with Adobe.