What danger lies around the corner?
Tag: Trend Micro Research : Research
Security Vendor News
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
by Kenneth Adrian Apostol •
We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.
Security Vendor News
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
by Mohamed Fahmy •
We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were …
Security Vendor News
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
by Shingo Matsugaya •
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.
Security Vendor News
Private Network 5G Security Risks & Vulnerabilities
by William Malik •
Why cybersecurity is the first step to private network deployment
Security Vendor News
State of OT Security in 2022: Big Survey Key Insights
by Hiroyuki Ueno •
Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan.
Security Vendor News
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
by Don Ovid Ladores •
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.
Security Vendor News
Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
by Trend Micro Research, News, Perspectives •
In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.
Security Vendor News
YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
by Ieriz Nicolle Gonzalez •
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Security Vendor News
Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors
by Paul Pajares •
Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the …
Security Vendor News
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
by Ieriz Nicolle Gonzalez •
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code
by Arianne Dela Cruz •
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Security Vendor News
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report.
Security Vendor News
New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices
by Arianne Dela Cruz •
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.
Security Vendor News
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
by Adolph Christian Silverio •
During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content.
Security Vendor News
Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR
by Buddy Tancio •
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report.
Security Vendor News
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
by Cifer Fang •
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys.
Security Vendor News
Examining the Black Basta Ransomware’s Infection Routine
by Ieriz Nicolle Gonzalez •
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics.
Security Vendor News
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
by Aliakbar Zahravi •
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
by Daniel Lunghi •
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Security Vendor News
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners.
Security Vendor News
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
by Nitesh Surana •
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
Security Vendor News
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
by Trend Micro Research, News, Perspectives •
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conf…
Security Vendor News
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
by Lucas Silva •
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in…
Security Vendor News
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
by Deep Patel •
We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.
Security Vendor News
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™
by Sunil Bharti •
We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 3
by Trend Micro Research, News, Perspectives •
In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.
Security Vendor News
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
by Earle Maui Earnshaw •
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.
Security Vendor News
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
by Mickey Jin •
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 2
by Trend Micro Research, News, Perspectives •
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 1
by Trend Micro Research, News, Perspectives •
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Security Vendor News
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
by Mayra Rosario Fuentes •
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency.
Security Vendor News
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
by Sherif Magdy •
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate ap…
Security Vendor News
An Investigation of Cryptocurrency Scams and Schemes
by Cifer Fang •
We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets worldwide.
Security Vendor News
Cyclops Blink Sets Sights on Asus Routers
by Feike Hacquebord •
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.
Security Vendor News
New Nokoyawa Ransomware Possibly Related to Hive
by Don Ovid Ladores •
In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which t…
Security Vendor News
New RURansom Wiper Targets Russia
by Jaromir Horejsi •
We analyze RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper.
Security Vendor News
SMS PVA Part 3: Countries Most Impacted by Service
by Trend Micro Research, News, Perspectives •
In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats.