• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Trend Micro

Following the Trail of BlackTech’s Cyber Espionage Campaigns
  • Posted on:June 22, 2017
  • Posted in:Targeted Attacks
  • Posted by:
    Trend Micro
0

BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology.

Following their activities and evolving tactics and techniques helped us uncover the proverbial red string of fate that connected three seemingly disparate campaigns: PLEAD, Shrouded Crossbow, and of late, Waterbear.

Over the course of their campaigns, we analyzed their modus operandi and dissected their tools of the trade—and uncovered common denominators indicating that PLEAD, Shrouded Crossbow, and Waterbear may actually be operated by the same group.

Read More
Tags: BlackTechcyber espionagePLEADShrouded CrossbowWaterbear

Erebus Resurfaces as Linux Ransomware
  • Posted on:June 19, 2017
  • Posted in:Ransomware
  • Posted by:
    Trend Micro
0

On June 10, South Korean web hosting company NAYANA was hit by Erebus ransomware (detected by Trend Micro as RANSOM_ELFEREBUS.A), infecting 153 Linux servers and over 3,400 business websites the company hosts.

In a notice posted on NAYANA’s website last June 12, the company shared that the attackers demanded an unprecedented ransom of 550 Bitcoins (BTC), or US$1.62 million, in order to decrypt the affected files from all its servers.

Erebus was first seen on September 2016 via malvertisements and reemerged on February 2017 and used a method that bypasses Windows’ User Account Control. Here are some of the notable technical details we’ve uncovered so far about Erebus’ Linux version.

Read More
Tags: ErebusLinuxransomware

Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Posted on:June 15, 2017
  • Posted in:Ransomware
  • Posted by:
    Trend Micro
0

Fileless threats and ransomware aren’t new, but a malware that incorporates a combination of their characteristics can be dangerous. Take for instance the fileless, code-injecting ransomware we’ve uncovered—SOREBRECT, which Trend Micro detects as RANSOM_SOREBRECT.A and RANSOM_SOREBRECT.B.

Read More
Tags: Code InjectionfilelessPsExecransomwareSOREBRECT

Exploring the Online Economy that Fuels Fake News
  • Posted on:June 13, 2017
  • Posted in:Bad Sites, Social
  • Posted by:
    Trend Micro
0

“Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propaganda that we see today. Whether it’s a company trying to promote a brand or a political party pushing an ideal, today’s information wars are often for control of the public’s worldview.

Our latest research paper, “The Fake News Machine: How Propagandists Abuse the Internet and Manipulate the Public”, delves into this phenomenon. It also tackles how a group with means and motivations, use of social media, and online promotion tools and services can effectively spread these campaigns. These are the components of what we call the “Fake News Triangle”, which we’ve found to be the pillars of success for any fake news and public opinion manipulation campaign.

Read More
Tags: cyber propagandafake newsPublic Opinion Manipulation

Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • Posted on:June 9, 2017
  • Posted in:Malware, Spam
  • Posted by:
    Trend Micro
0

We found another unique method being used to deliver malware—abusing the action that happens when simply hovering the mouse’s pointer over a hyperlinked picture or text in a PowerPoint slideshow. This technique is employed by a Trojan downloader (detected by Trend Micro as TROJ_POWHOV.A and P2KM_POWHOV.A), which we’ve uncovered in a recent spam email campaign in the EMEA region, especially organizations in the U.K., Poland, Netherlands, and Sweden. Affected industries include manufacturing, device fabrication, education, logistics, and pyrotechnics.

Read More
Tags: GootkitMouseoverOTLARD
Page 1 of 6312 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Victims Lost US$1B to Ransomware
  • After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Analyzing Xavier: An Information-Stealing Ad Library on Android
  • MS17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.