Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Targeted Attacks’ Category




    Recent data breaches in big enterprises like large banks and retail chains make one thing clear: data privacy and protection is a concern for all organizations, not just large ones. If  large enterprises with plenty of available resources can be affected by attacks and lose their data, smaller organizations without these resources are at risk as well. Users are not just worried about whether their data is secure; today they are also worrying if their data will be used properly by the sites and ...

    Posted in Targeted Attacks |



    On October 14th, a report was publicly released regarding the Sandworm team.  After beginning an investigation into the affiliated malware samples and domains, we quickly came to realization that this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform’s CIMPLICITY HMI solution suite.   We have observed this team utilizing .cim and .bcl files as attack vectors, both of which file types are used by the CIMPLICITY software.  As further proof of the malware targeting CIMPILICITY, it drops ...




    When it comes to targeted attacks, attackers are not omniscient. They need to gather information in the early stages to know the target they may gather information from various sources of intelligence, like Google, Whois, Twitter, and Facebook. They may gather data such as email addresses, IP ranges, and contact lists. These will then be used as lure for phishing emails, which inevitably result in gaining access in the targeted organization’s network. Once inside, the attackers will begin the lateral movement stage. In ...

    Posted in Targeted Attacks |



    Microsoft has announced the discovery of a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. Reports are also coming in that this specific vulnerability has been exploited and used in attacks against the North Atlantic Treaty Organization (NATO) and several European industries and sectors. According to reports, this vulnerability (CVE-2014-4114) was exploited as part of a cyber-espionage campaign of attackers dubbed as the “Sandworm Team.” This particular vulnerability has allegedly been in use since ...




    We have been investigating the MIRAS malware family, which was recently linked to attacks that targeted a Europe-based IT company. Our analysis shows that MIRAS, or BKDR64_MIRAS.B is a 64-bit malware that was used for the data exfiltration stage in a targeted attack. MIRAS is available in 32-bit (BKDR_MIRAS.B) and 64-bit (BKDR64_MIRAS.B) Windows operating systems. An analysis of BKDR64_MIRAS.B To serve as an overview for MIRAS, the backdoor’s capabilities mainly include file/system manipulation, which indicates that attackers know the victim's credentials. Apart from the backdoor's information-stealing routines, it appears ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice