At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan.Read More
In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several reasons for an attacker to use this scripting technique.
For one, users cannot easily spot any malicious behavior since PowerShell runs in the background. Another is that PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it an attractive tool for attackers for carrying out malicious activities while avoiding easy detection.Read More
As we are certain about some aspects of life, the same can be said about cybercrime. Tax Day draws closer in the U.S., and as millions of Americans are in the process of filing their taxes, cybercriminals are also stepping in to make this task profitable for them and difficult for their victims. We have seen recent incidents of organizations falling for business email compromise (BEC) schemes related to tax filing; now, it looks like online extortionists have joined the fray as well.Read More
The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies. Another factor is the continuous enhancements in their routines: just recently, we observe that the macro malware related to DRIDEX and the latest crypto-ransomware variant, Locky Ransomware used Form object in macros to obfuscate the malicious code. With this improvement, it could further aid cybercriminals or attackers to hide any malicious activity they perform in their target network or system.Read More
The Internet has no borders, countries do. And that’s what makes it so difficult for law enforcement to chase cybercriminals. Trend Micro works with these bodies for years and we see how painful and long these processes are, once the cybercriminal is somewhere else. We not only work close with local police but also with Europol and INTERPOL, which helps when it comes to international crime. They do a great job, but the bad guys clearly have an advantage as their flexibility and speed makes it easy for them to jump around in cyberspace and build up systems everywhere. And pretty often, they go to countries where cybercrime is not a crime or chasing them is low priority.Read More