• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Trend Micro Cyber Safety Solutions Team

Cyber Safety Solutions Team

Perl-Based Shellbot Looks to Target Organizations via C&C
  • Posted on:November 1, 2018
  • Posted in:Botnets, Internet of Things, Malware
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.

Read More
Tags: androidIOTIRC botLinuxWindows

Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response
  • Posted on:October 31, 2018
  • Posted in:Malware, Ransomware, Spam, Vulnerabilities
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018.

However, the prevalence of these older threats should not be misconstrued as a sign that threat actors are resting on their laurels. In fact, it should be taken as proof that they are constantly improving proven tools and techniques to get ahead in the never-ending cat-and-mouse game between cybercriminals and security providers.

Read More
Tags: cryptocurrency minersManaged Detection and ResponseransomwareVulnerabilities

Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  • Posted on:October 9, 2018
  • Posted in:Malware
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.

Read More
Tags: MalwareManaged Detection and ResponsephishingSpamURSNIF

Supply Chain Attack Operation Red Signature Targets South Korean Organizations
  • Posted on:August 21, 2018
  • Posted in:Malware, Targeted Attacks
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

Together with our colleagues at IssueMakersLab, we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the attacks around the end of July, while the media reported the attack in South Korea on August 6.

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

9002 RAT also installed additional malicious tools: an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper. These tools hint at how the attackers are also after data stored in their target’s web server and database.

Read More
Tags: Operation Red SignatureSouth Koreasupply chain

The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
  • Posted on:July 31, 2018
  • Posted in:Malware
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

Current data on the threat landscape of North America shows the need for a comprehensive and proactive approach to security. A traditional approach would be to build a threat response team. However, to be effective against current threats, a threat response team needs to have a considerable amount of skills, time, and resources, which may not be feasible for some organizations. This is only exacerbated by the daily tasks associated with keeping the business up and running. If treated as just a part of the broader job of regular IT staff, threat management can prove overwhelming, as it includes vulnerability assessment, patching, firmware upgrades, vendor management, intrusion detection and prevention systems (IDS/IPS) and firewall monitoring, and other specialized focus areas. And even if enterprises were willing to allot people to react to security incidents, the sheer volume of events and the time-consuming tasks of prioritizing and analyzing them often prove too much to handle.

These could be handled better by security professionals especially focused on threats — an advantage that managed detection and response (MDR) can bring to organizations. MDR provides advanced threat hunting services, faster alert prioritization, root cause analysis, detailed research, and a remediation plan that empowers organizations with better ability to respond to sophisticated attacks, examples of which have been found throughout North America for the second quarter of 2018.

Read More
Tags: cryptocurrency minerinformation stealerManaged Detection and ResponseNorth Americaransomware
Page 1 of 712 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
  • Fake Banking App Found on Google Play Used in SMiShing Scheme

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.