We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.
Tag: Trend Micro Research : Endpoints
Security Vendor News
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware
by Joseph C Chen •
We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software.
Security Vendor News
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
by Don Ovid Ladores •
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.
Security Vendor News
Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors
by Paul Pajares •
Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the …
Security Vendor News
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
by Hitomi Kimura •
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code
by Arianne Dela Cruz •
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report.
Security Vendor News
Celebrating 15 Years of Pwn2Own
by Trend Micro Research, News, Perspectives •
Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own’s 15th anniversary, what we’ve learned, and how the program will continue to serve the cybersecurity community in the future.
Security Vendor News
New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.
Security Vendor News
The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
by Magno Logan •
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
Security Vendor News
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
by Magno Logan •
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
Security Vendor News
Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR
by Buddy Tancio •
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
How to better manage your digital attack surface risk
by Trend Micro Research, News, Perspectives •
As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified …
Security Vendor News
New Partner Bit Discovery Helps TM with Attack Surface
by Trend Micro Research, News, Perspectives •
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, internet-facing assets.
Security Vendor News
Trend Micro Partnering with Bit Discovery
by Trend Micro Research, News, Perspectives •
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, internet-facing assets.
Security Vendor News
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners.
Security Vendor News
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
Security Vendor News
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
by Lucas Silva •
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in…
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 3
by Trend Micro Research, News, Perspectives •
In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.
Security Vendor News
MITRE Engenuity ATT&CK Tests
by Trend Micro Research, News, Perspectives •
Trend Micro Vision One achieved a protection score of 100% in this year’s evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
Security Vendor News
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
by Mickey Jin •
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 2
by Trend Micro Research, News, Perspectives •
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.
Security Vendor News
This Week in Security News – April 1, 2022
by Jon Clay •
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 1
by Trend Micro Research, News, Perspectives •
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Security Vendor News
This Week in Security News – March 25, 2022
by Jon Clay •
An investigation of cryptocurrency scams and schemes, and Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Security Vendor News
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
by Sherif Magdy •
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate ap…
Security Vendor News
New Nokoyawa Ransomware Possibly Related to Hive
by Don Ovid Ladores •
In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which t…
Security Vendor News
This Week in Security News March 4, 2022
by Jon Clay •
Global Cyberattacks: How to manage risk in times of chaos, and Ukraine-Russia cyber warzone splits cyber underground
Security Vendor News
Cyberattacks are Prominent in the Russia-Ukraine Conflict
by Trend Micro Research •
Alongside the physical conflict happening between Russia and Ukraine, there have also been an increasing number of alleged cyberattacks perpetrated by different groups.
Our research teams have verified and validated internal data and external reports t…
Security Vendor News
Global Cyberattacks: Managing Risk in Chaotic Times
by Trend Micro Research, News, Perspectives •
As global tension rises, cyber-risk management and security fundamentals are the key to cyber-resilience. 5 best practices are presented to manage your cyber risk.
Security Vendor News
Global Cyberattacks Tied to the Russian Invasion of Ukraine
by Trend Micro Research, News, Perspectives •
Cyber-risk management and security fundamentals are the key to cyber-resilience. 5 best practices to manage your cyber risk.
Security Vendor News
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network
by Luis Magisa •
A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic. We dive into old iterations of this malware, and also analyze the newest version.
Security Vendor News
Security Automation with Vision One & Palo Alto
by Trend Micro Research, News, Perspectives •
Trend Micro Vision One™ integrates with Palo Alto Networks Cortex™ XSOAR to drive automated response to incidents uncovered by Vision One.
Security Vendor News
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™
by Sunil Bharti •
This blog discusses how CVE-2021-4034 can be detected and blocked using Trend Micro™ Vision One™ and Trend Micro Cloud One™.
Security Vendor News
This Week in Security News – February 11, 2022
by Jon Clay •
Hidden scams in malicious scans, and feds arrest couple who allegedly laundered $1 Billion in stolen bitcoins