• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware

RATANKBA: Delving into Large-scale Watering Holes against Enterprises
  • Posted on:February 27, 2017 at 3:59 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

In early February, several financial organizations reported malware infection on their workstations, apparently coming from legitimate websites. The attacks turned out to be part of a large-scale campaign to compromise trusted websites in order to infect the systems of targeted enterprises across various industries. The strategy is typically known as a “watering hole” attack.

It was all sparked by a spate of recent malware attacks on Polish banks entailing a reportedly unknown malware in their own terminals and servers, along with the presence of dubious, encrypted programs/executables, and more prominently, suspicious network activity. More malware are delivered to the affected systems which were seen connecting to unusual and far-flung locations worldwide, possibly where company data are exfiltrated to.

The malware in question: RATANKBA. Not only was it tied to malware attacks against banks in Poland, but also in a string of similar incidents involving financial institutions in Mexico, Uruguay, the United Kingdom, and Chile. How did it infect their victims? Were there other malware involved? Does the campaign really have ties with a Russian cybercriminal group?

Read More
Tags: bankingRATANKBA

RAMNIT: The Comeback Story of 2016
  • Posted on:February 20, 2017 at 12:01 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

Earlier this year, Action Fraud, the UK’s fraud and cybercrime reporting center, issued a warning that cyber criminals were taking advantage of generous individuals by sending phishing emails purportedly from Migrant Helpline, a charity organization dedicated to assisting migrants across the country. These emails contain a link that is supposed to lead to a donations page. However, instead of landing on a legitimate website, the user instead unwittingly downloads one of the most tenacious malwares in the wild: the veteran Trojan known as RAMNIT, which staged a comeback in 2016.

Read More

CERBER Changes Course, Triple Checks for Security Software
  • Posted on:February 14, 2017 at 5:04 pm
  • Posted in:Malware, Ransomware
  • Author:
    Trend Micro
0

CERBER is a ransomware family that has seen its share of unusual features since its appearance early last year. From its use of audio warnings, to the targeting of cloud platforms and databases, to distribution via malvertising, emailed scripting files, and exploit kits, CERBER has always been willing to keep up with the times, as it was. One reason for its apparent popularity may be the fact that it is sold in the Russian underground, giving a wide variety of cybercriminals access to it.

However, we’ve started seeing CERBER variants (which we detect as RANSOM_CERBER.F117AK) add a new wrinkle to their behavior: they have gone out of their way to avoid encrypting security software. How did they do this?

Read More
Tags: CERBERransomware

Mirai Widens Distribution with New Trojan that Scans More Ports
  • Posted on:February 13, 2017 at 5:00 am
  • Posted in:Internet of Things, Malware
  • Author:
    Giannina Escueta (Technical Communications)
0

Late last year, in several high-profile and potent DDoS attacks, Linux-targeting Mirai (identified by Trend Micro as ELF_MIRAI family) revealed just how broken the Internet of Things ecosystem is. The malware is now making headlines again, thanks to a new Windows Trojan that drastically increases its distribution capabilities.

Read More
Tags: MiraiRDPTelnet

Brute Force RDP Attacks Plant CRYSIS Ransomware
  • Posted on:February 9, 2017 at 5:00 am
  • Posted in:Malware, Ransomware
  • Author:
    Jay Yaneza (Threats Analyst)
0

In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks. Since then, brute force RDP attacks are still ongoing, with both SMEs and large enterprises across the globe affected. In fact, the volume of these attacks doubled in January 2017 from a comparable period in late 2016. While a wide variety of sectors have been affected, the most consistent target has been the healthcare sector in the United States.

Read More
Page 4 of 253 « ‹ 345 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Victims Lost US$1B to Ransomware
  • After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Erebus Resurfaces as Linux Ransomware
  • Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Analyzing Xavier: An Information-Stealing Ad Library on Android
  • MS17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.