In our latest research paper on healthcare cybersecurity, Securing Connected Hospitals, which was produced in partnership with HITRUST, we examined internet-connected medical-related devices and systems such as databases, hospital admin consoles, and medical devices. We also looked into the supply chain, which has been an attack vector that is often overlooked.Read More
Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post.
Code signing is the practice of cryptographically signing software with the intent of giving the operating system (like Windows) an efficient and precise way to discriminate between a legitimate application (like an installer for Microsoft Office) and malicious software. All modern operating systems and browsers automatically verify signatures by means of the concept of a certificate chain.
Valid certificates are issued or signed by trusted certification authorities (CAs), which are backed up by parent CAs. This mechanism relies entirely and strictly on the concept of trust. We assume that malware operators are, by definition, untrustworthy entities. Supposedly, these untrustworthy entities have no access to valid certificates. However, our analysis shows that is not the case.Read More
Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement – the process of compromising and vandalizing a website. Typically, these attackers – known as web defacers – replace the original page with their own version, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. The data we’ve analyzed goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.Read More
On January 15, Goncalo Esteves from Essex, UK plead guilty on 3 charges of computer offenses under UK law:
- 2 charges against Section 3A of the Computer Misuse Act 1990 (Making/adapting/supplying an article intended for use/to assist in commission of section 1 or 3 Computer Misuse offense)
- 1 charge against Section 327(1) and Section 334 Proceeds of Crime Act 2002 (Concealing/disguising/converting/transferring/removing criminal property)
This marks the result of a collaborative investigation that Trend Micro and the National Crime Agency (NCA) in the United Kingdom initiated back in 2015, when the two organizations signed a Memorandum of Understanding (MOU) to work together in the fight against cybercrime. This collaboration is not restricted to this case alone, with Trend Micro actively continuing to assist the UK, as well as other international law enforcement partners, in their fight against cybercrime.Read More
For a while now, Trend Micro has focused its efforts on covering ATM malware, especially new families that come up with features that stealthily target banking customers. In this blog post, we’re going to cover two that have recently come to our attention: Prilex and Cutlet Maker. Each of them is interesting in their own right, but for different reasons.Read More