• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for July 2018

Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs

  • Posted on:July 31, 2018 at 7:00 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access tool) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft’s Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.

Read More
Tags: FlawedAmmy RATNECURSSettingContent-ms

The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape

  • Posted on:July 31, 2018 at 4:59 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

Current data on the threat landscape of North America shows the need for a comprehensive and proactive approach to security. A traditional approach would be to build a threat response team. However, to be effective against current threats, a threat response team needs to have a considerable amount of skills, time, and resources, which may not be feasible for some organizations. This is only exacerbated by the daily tasks associated with keeping the business up and running. If treated as just a part of the broader job of regular IT staff, threat management can prove overwhelming, as it includes vulnerability assessment, patching, firmware upgrades, vendor management, intrusion detection and prevention systems (IDS/IPS) and firewall monitoring, and other specialized focus areas. And even if enterprises were willing to allot people to react to security incidents, the sheer volume of events and the time-consuming tasks of prioritizing and analyzing them often prove too much to handle.

These could be handled better by security professionals especially focused on threats — an advantage that managed detection and response (MDR) can bring to organizations. MDR provides advanced threat hunting services, faster alert prioritization, root cause analysis, detailed research, and a remediation plan that empowers organizations with better ability to respond to sophisticated attacks, examples of which have been found throughout North America for the second quarter of 2018.

Read More
Tags: cryptocurrency minerinformation stealerManaged Detection and ResponseNorth Americaransomware

New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel

  • Posted on:July 26, 2018 at 7:01 am
  • Posted in:Bad Sites, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format (romfs). These make the exploit kits and its payload challenging to analyze.

Read More
Tags: bootkitcryptocurrency minerexploit kitUnderminer

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

  • Posted on:July 23, 2018 at 5:00 am
  • Posted in:Internet of Things, Mobile
  • Author:
    Trend Micro
0

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

Read More
Tags: ADBandroidIOTMiraiPortSatori

Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication

  • Posted on:July 17, 2018 at 5:01 am
  • Posted in:Targeted Attacks
  • Author:
    Joey Chen (Threats Analyst)
0

Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.

Read More
Tags: BLACKGEARComnieManaged Detection and ResponseMaradeProtuxTopgear
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.