• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for January 2018

Digital Extortion: A Forward-looking View
  • Posted on:January 30, 2018 at 5:02 am
  • Posted in:Malware, Ransomware
  • Author:
    David Sancho (Senior Threat Researcher)
0

In 2017, we saw digital extortion increasingly become cybercriminals’ first and foremost money-making modus operandi. It’s mostly due to ransomware — cybercriminals’ currently most popular weapon of choice, helping them in extorting cash from users all over the world and in hitting big businesses and organizations.

By infecting business-critical systems through their shotgun-style ransomware attacks and thus crippling enterprise day-to-day operations, cybercriminals managed to force big companies to bend to their will. Digital extortion has become the most successful moneymaking venture for cybercriminals, and the most effective in terms of the scale of their victims. Big or small, everyone gets hit, and everyone has to pay.

Read More
Tags: Digital ExtortionErebusOnline BlackmailpetyaWannaCry

Hacking Group Spies on Android Users in India Using PoriewSpy
  • Posted on:January 29, 2018 at 12:00 am
  • Posted in:Mobile, Targeted Attacks
  • Author:
    Mobile Threat Response Team
0

We have been seeing attacks that spy on and steal data from specific targets on the mobile platform since late 2017. We discovered the malicious apps victimizing Android users in India, and believe a hacking group—one previously known for victimizing government officials—carried out the attacks. We identified these malicious apps as PoriewSpy (detected by Trend Micro as ANDROIDOS_PORIEWSPY.HRX). We also suspect that the group used malicious apps built using DroidJack or SandroRAT (detected as ANDROIDOS_SANRAT.A), based on similarities in their command-and-control (C&C) server. DroidJack is a remote access Trojan (RAT) that allows intruders to take full control of a user’s Android device when installed.

Read More
Tags: PoriewSpy

Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners
  • Posted on:January 26, 2018 at 6:00 am
  • Posted in:Bad Sites
  • Author:
    Trend Micro
0

On January 24, 2018, we observed that the number of Coinhive web miner detections tripled due to a malvertising campaign. We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool. Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro™ Smart Protection Network™ shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google.

Read More
Tags: Coinhivecyrptocurrencymalvertisement

Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
  • Posted on:January 24, 2018 at 5:56 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro
0

We analyzed a new RATANKBA variant (BKDR_RATANKBA.ZAEL-A) that uses a PowerShell script instead of its more traditional PE executable form. In this entry, we provide in-depth analysis of the malware, as well as a detailed examination of its remote controller.

Read More
Tags: LazarusRATANKBA

Understanding Motivations and Methods of Web Defacement
  • Posted on:January 22, 2018 at 4:30 am
  • Posted in:Bad Sites
  • Author:
    Trend Micro Forward-Looking Threat Research Team
0

Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement – the process of compromising and vandalizing a website. Typically, these attackers – known as web defacers – replace the original page with their own version, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. The data we’ve analyzed goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.

Read More
Tags: defacementhacktivisim
Page 1 of 3123

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Fake Banking App Found on Google Play Used in SMiShing Scheme
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Exploring Emotet: Examining Emotet’s Activities, Infrastructure
  • Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
  • TrickBot’s Bigger Bag of Tricks

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.