We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.
Tag: Trend Micro Research : Articles, News, Reports
Security Vendor News
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
by Mohamed Fahmy •
We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were …
Security Vendor News
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
by Shingo Matsugaya •
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.
Security Vendor News
Private Network 5G Security Risks & Vulnerabilities
by William Malik •
Why cybersecurity is the first step to private network deployment
Security Vendor News
Examples of Cyber Warfare #TrendTalksBizSec
by Trend Micro Research, News, Perspectives •
Cyber Warfare has been a topic of discussion for years but has reached a new level of prominence in this age of hyper-connected critical infrastructure. Our Trend Micro experts touch on this evolution, disinformation campaigns, and cyber mercenaries.
Security Vendor News
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware
by Joseph C Chen •
We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software.
Security Vendor News
State of OT Security in 2022: Big Survey Key Insights
by Hiroyuki Ueno •
Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan.
Security Vendor News
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
by Don Ovid Ladores •
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.
Security Vendor News
Why It’s Time to Map the Digital Attack Surface
by Bharat Mistry •
Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces.
Security Vendor News
Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
by Trend Micro Research, News, Perspectives •
In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.
Security Vendor News
YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
by Ieriz Nicolle Gonzalez •
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Security Vendor News
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
by Ieriz Nicolle Gonzalez •
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Security Vendor News
Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors
by Paul Pajares •
Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the …
Security Vendor News
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
by Hitomi Kimura •
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code
by Arianne Dela Cruz •
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report.
Security Vendor News
New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.
Security Vendor News
The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
by Magno Logan •
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
Security Vendor News
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
by Magno Logan •
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
Security Vendor News
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
by Adolph Christian Silverio •
During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content.
Security Vendor News
Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR
by Buddy Tancio •
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report.
Security Vendor News
Trend Micro’s One Vision, One Platform
by Trend Micro Research, News, Perspectives •
Why Trend Micro is evolving its approach to enterprise protection
Security Vendor News
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
by Cifer Fang •
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys.
Security Vendor News
S4x22: ICS Security Creates the Future
by Kazuhisa Tagaya •
The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE.
Security Vendor News
Security Above and Beyond CNAPPs
by Trend Micro Research, News, Perspectives •
How Trend Micro’s unified cybersecurity platform is transforming cloud security
Security Vendor News
Examining the Black Basta Ransomware’s Infection Routine
by Ieriz Nicolle Gonzalez •
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics.
Security Vendor News
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
by Aliakbar Zahravi •
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
How to better manage your digital attack surface risk
by Trend Micro Research, News, Perspectives •
As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified …
Security Vendor News
New Partner Bit Discovery Helps TM with Attack Surface
by Trend Micro Research, News, Perspectives •
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, internet-facing assets.
Security Vendor News
Trend Micro Partnering with Bit Discovery
by Trend Micro Research, News, Perspectives •
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, internet-facing assets.
Security Vendor News
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners.
Security Vendor News
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
Security Vendor News
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
by Trend Micro Research, News, Perspectives •
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conf…
Security Vendor News
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
by Lucas Silva •
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in…
Security Vendor News
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
by Jon Clay •
We take a look at our latest Cyber Risk Index (CRI) findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk.