Home - Article

Featured Article

November 24, 2019

Stopping an Insider Hack like this one from Trend Micro

Perhaps one of the most important breaches which took place this month was Trend Micro’s insider threat.

According to the company:

In early August 2019, Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.  The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack. 

Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat. A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.   

Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.  

Certainly the problem of insider threats can be very real and we have reported before the Mayor of Baltimore had to fire an insider who had hacking tools on his computer.

This is why it is crucial to consider using an outside company for your IT and cybersecurity. A qualified MSP or MSSP.

Can such a company have an insider breach as well? Yes. However, there are two reasons why outside firms can be safer.

Cybersecurity is built into what they do already. Assuming you pick the right firm, the business owners and management are aware of the potential for this to happen and put controls in place to minimize the risk.

Another solid reason is MSPs often swap out workers.

In fact, the best situation for a company using an MSP is to agree to have techs swapped from time-to-time.

The tech shouldn’t always be aware a change is coming.

The reason is, if there is something nefarious going on, it is tougher to cover your tracks if another tech is taking over for you at random times.

In the Trend Micro case – it is unclear if it was a tech worker who accessed and released the information but tech workers do have access to many corporate secrets and can be a major source of leaks. This is why it is crucial – if you are not outsourcing to ensure that multiple sets of eyes are involved in sensitive areas of the organization to reduce the chance of data theft.

For more information on how to stay secure, we welcome your inquiry.

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.


Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...



Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...



Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...


Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs

Contact us Now!