• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Marco Balduzzi (Senior Threat Researcher)

Senior Threat Researcher

Red on Red: The Attack Landscape of the Dark Web
  • Posted on:May 30, 2017
  • Posted in:Deep Web
  • Posted by:
    Marco Balduzzi (Senior Threat Researcher)
0

We’ve frequently talked about how limited-access networks such as the Dark Web is home to various cybercriminal underground hotspots. Hosted and accessed via the Tor network, these sites house underground marketplaces that sell various good and services, which include cryptocurrency laundering, hosting platforms for malware, and stolen/counterfeit identities.

What is less covered is the attack landscape within the Dark Web. Are these sites subject to their own hacking attempts and DDoS attacks? What are the sizes and characteristics of attacks within the Dark Web? This is what we have learned: these attacks are surprisingly common within the Dark Web, and are frequently carried out manually and aimed at subverting or spying on the services run by other cybercriminals.

Read More

How Mobile Phones Turn Into A Corporate Threat
  • Posted on:March 31, 2017
  • Posted in:Mobile
  • Posted by:
    Marco Balduzzi (Senior Threat Researcher)
0

Over the last year, the number of mobile phones overtook the world population. In countries like the United States, mobile subscribers outnumbered traditional landline users and half of Americans shifted to mobile-only to communicate. In modern smart cities, wireless-only buildings are becoming the new construction standard for homes, factories, and organizations in general. Landline phones are going away—sooner rather than later.

Read More

Evaluating the Security of Cyber-Physical Systems: AIS (Paper and Source Code Now Available)
  • Posted on:December 16, 2014
  • Posted in:Targeted Attacks
  • Posted by:
    Marco Balduzzi (Senior Threat Researcher)
0

When I am in the United States I tend to overwork, especially up in the air as many planes today are WiFi-enabled. I just got back from New Orleans, a city with a vibrant atmosphere that I found musically and culturally rich. New Orleans was the venue of this year’s Annual Computer Security Applications Conference…

Read More
Tags: AISautomated identification systemmaritimevessels traffic monitoring

Soundsquatting Unraveled: Homophone-based Domain Squatting
  • Posted on:October 16, 2014
  • Posted in:Bad Sites
  • Posted by:
    Marco Balduzzi (Senior Threat Researcher)
0

The Domain Name System (DNS) plays a vital role in the operation of the Internet. Over the years, it has been a primary target for malicious users looking for vulnerabilities in its protocol and infrastructure. Some examples include cache poisoning attacks, vulnerable DNS server implementations, and bogus user interactions. Taking advantage of users’ spelling mistakes…

Read More
Tags: domain squattingsoundsquattingtyposquatting

AIS Security: Your Questions Answered
  • Posted on:October 22, 2013
  • Posted in:Vulnerabilities
  • Posted by:
    Marco Balduzzi (Senior Threat Researcher)
5

After a week since our presentation at HiTB Kuala Lumpur 2013, our findings regarding Automatic Identification System (AIS) security have been picked up by notable media outlets, including ABC News, Softpedia, VesselFinder, Heise, Spiegel, and NetSecurity. It also raised some questions about AIS and, to a certain extent, our research. We want to briefly address…

Read More
Tags: AISattackHack in the BoxhackingMalwaremaritimeshippingvulnerability
Page 1 of 212

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Victims Lost US$1B to Ransomware
  • After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Analyzing Xavier: An Information-Stealing Ad Library on Android
  • Massive WannaCry/Wcry Ransomware Attack Hits Various Countries

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.