• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Trend Micro Forward-Looking Threat Research Team

FTR

Understanding Code Signing Abuse in Malware Campaigns
  • Posted on:April 5, 2018
  • Posted in:Malware
  • Posted by:
    Trend Micro Forward-Looking Threat Research Team
0

Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post.

Code signing is the practice of cryptographically signing software with the intent of giving the operating system (like Windows) an efficient and precise way to discriminate between a legitimate application (like an installer for Microsoft Office) and malicious software. All modern operating systems and browsers automatically verify signatures by means of the concept of a certificate chain.

Valid certificates are issued or signed by trusted certification authorities (CAs), which are backed up by parent CAs. This mechanism relies entirely and strictly on the concept of trust. We assume that malware operators are, by definition, untrustworthy entities. Supposedly, these untrustworthy entities have no access to valid certificates. However, our analysis shows that is not the case.

Read More
Tags: code signingcybercriminal undergroundMalware

Understanding Motivations and Methods of Web Defacement
  • Posted on:January 22, 2018
  • Posted in:Bad Sites
  • Posted by:
    Trend Micro Forward-Looking Threat Research Team
0

Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement – the process of compromising and vandalizing a website. Typically, these attackers – known as web defacers – replace the original page with their own version, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. The data we’ve analyzed goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.

Read More
Tags: defacementhacktivisim

UK Conviction Arises out of Trend Micro and NCA Partnership
  • Posted on:January 15, 2018
  • Posted in:Malware
  • Posted by:
    Trend Micro Forward-Looking Threat Research Team
0

On January 15, Goncalo Esteves from Essex, UK plead guilty on 3 charges of computer offenses under UK law:

  • 2 charges against Section 3A of the Computer Misuse Act 1990 (Making/adapting/supplying an article intended for use/to assist in commission of section 1 or 3 Computer Misuse offense)
  • 1 charge against Section 327(1) and Section 334 Proceeds of Crime Act 2002 (Concealing/disguising/converting/transferring/removing criminal property)

This marks the result of a collaborative investigation that Trend Micro and the National Crime Agency (NCA) in the United Kingdom initiated back in 2015, when the two organizations signed a Memorandum of Understanding (MOU) to work together in the fight against cybercrime. This collaboration is not restricted to this case alone, with Trend Micro actively continuing to assist the UK, as well as other international law enforcement partners, in their fight against cybercrime.

Read More
Tags: Counter Antivirus (CAV)cryptexCryptex LiteCryptex Rebornlaw enforcementRefud.me

Dissecting PRILEX and CUTLET MAKER ATM Malware Families
  • Posted on:December 14, 2017
  • Posted in:Malware
  • Posted by:
    Trend Micro Forward-Looking Threat Research Team
0

For a while now, Trend Micro has focused its efforts on covering ATM malware, especially new families that come up with features that stealthily target banking customers. In this blog post, we’re going to cover two that have recently come to our attention: Prilex and Cutlet Maker. Each of them is interesting in their own right, but for different reasons.

Read More
Tags: AliceATM malwareCUTLET MAKERPRILEX

Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices
  • Posted on:November 14, 2017
  • Posted in:Malware, Mobile, Social
  • Posted by:
    Trend Micro Forward-Looking Threat Research Team
0

Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable global market for stolen mobile phones—and by extension, iCloud fraud. From Ireland and the U.K. to India, Argentina, and the U.S., the demand for unlocking services for stolen phones is staggering: last year, stolen iPhones were sold in Eastern European countries for as much as US$2,100. In the U.S. 23,000 iPhones from the Miami International Airport, valued at $6.7 million, were stolen last year.

The fraudsters’ attack chain is relatively straightforward. They spoof an email or SMS from Apple notifying victims that their device has been found. The eager victim, wanting their phone back, clicks on the link that will compromise their iCloud credentials, which is then reused to unlock the stolen device. The thieves will then subcontract third-party iCloud phishing services to unlock the devices. These Apple iCloud phishers run their business using a set of cybercriminal tools that include MagicApp, Applekit, and Find My iPhone (FMI.php) framework to automate iCloud unlocks in order to resell the device in underground and gray markets.

Read More
Tags: ApplefraudiCloud FraudiphonephishingPhysical CrimeTheft
Page 1 of 712 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.