Category: Trend Micro Research, News and Perspectives

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in…

Read more →

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who…

Read more →

MLOps provides a systematic approach to evaluating and monitoring ML models. Discover the various security concerns associated with MLOps and learn the best practices for using it securely. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack. This article has been…

Read more →

We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Configuration errors are a major cause of cloud security challenges for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve…

Read more →

Outline a cybersecurity plan to protect your operational technology network by studying the five techniques adversaries use to target them. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: OT Cybersecurity Plan to…

Read more →

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Read more →

The ransomware business model is poised to change. These four predictions could help to keep your organization secure from new forms of cyber extortion. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

This article explores how services provided by Amazon Web Services enable better container management with simplicity, flexibility, and complete control. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Guide to Container Management…

Read more →

In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Vietnam’s telecom, technology, and media sectors similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on…

Read more →

Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

In this investigation, we analyzed several prominent “passive income” applications and found out that there may be security risks upon participating in these programs. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Although Transport layer security (TLS) provides enhanced security, cybercriminals have become increasingly savvy, finding ways to circumvent many of these protections. Learn how malicious actors exploit vulnerabilities within TLS to introduce new forms of malware. This article has been indexed…

Read more →

Trend Micro named one of 2023’s coolest cloud security companies This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cloud-ready and Channel-first

Read more →

Simulation uncovers hidden features and urges greater user awareness This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Research Exposes Azure Serverless Security Blind Spots

Read more →

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the…

Read more →

In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 6…

Read more →

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from…

Read more →

We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What SOCs Need…

Read more →

Simulation uncovers hidden features and urges greater user awareness This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Research Exposes Azure Serverless Security Blind Spots

Read more →

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the…

Read more →

In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 6…

Read more →

To establish a better security posture, you must address vulnerabilities in your attack vectors and surfaces. While these terms are similar, they’re not the same. This article explores key differences between the two, helping you make your system more secure.…

Read more →

Stay informed and stay ahead This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Monthly Threat Webinar Series in 2023: What to Expect

Read more →

MSP partnerships are growing in line with rapid cloud migration and the evolving threat landscape. Discover how an MSP can help your business and tips for making an informed partner decision. This article has been indexed from Trend Micro Research,…

Read more →

Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. This article has been…

Read more →

Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management, and how vendors and cyber insurers can champion enhanced cybersecurity posture. This article has been indexed from Trend Micro Research,…

Read more →

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution…

Read more →

Discover the importance of dependency mapping and best practices for successful dependency management This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Dependency Mapping for DevSecOps

Read more →

In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. This article has been indexed from Trend Micro Research, News…

Read more →

It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy. This article has been indexed from Trend Micro Research, News…

Read more →

TLS is the backbone of encryption and key to ensuring data integrity, but its misconfiguration can leave your system vulnerable. Read on to discover how to secure your TLS connection and arm your organization against malicious attacks. This article has…

Read more →

Explore how businesses can make internal and external attack surface management (ASM) actionable. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What is Business Attack Surface Management?

Read more →

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. This article has been…

Read more →

Good cyber hygiene starts with buy-in across the enterprise. Discover how CISOs can establish a company-wide security culture to reduce risk. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cyber Hygiene: How…

Read more →

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader). This article has been indexed from Trend…

Read more →

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. This article has been indexed from Trend…

Read more →

Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file…

Read more →

As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2023. This article has been indexed from Trend Micro Research, News…

Read more →

Running real-world attack simulations can help improve organizations’ cybersecurity resilience This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What is Red Teaming & How it Benefits Orgs

Read more →

The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Dridex Returns, Targets…

Read more →

How can highly distributed organizations with complex, integrated supply chains defend against cyber threats? By practicing good data hygiene based on zero-trust principles. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Why…

Read more →

Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Improving Software Supply Chain Security

Read more →

Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: CISO’s Challenges Involved with Business Leader…

Read more →

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

Discover how AWS Graviton’s optimized processors help provide a superior price-performance ratio. Available for AWS-managed services, you’ll gain insight on strategies, use cases, and insight on how to get the most out of AWS Graviton. This article has been indexed…

Read more →

Highly destructive cybercrime is on the rise, and most of it is being funded with anonymous cryptocurrency. We review cryptocurrency trends and how enterprises can enhance their cybersecurity posture to prevent cyber extortion. This article has been indexed from Trend…

Read more →

From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings from our investigation of this ransomware and the tools that Royal ransomware actors used to carry out their attacks. This…

Read more →

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™. This article has been…

Read more →

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. This article has been indexed from…

Read more →

Learn how CISOs and security leaders can strategically manage their cybersecurity budget to run more productive security teams amid a recession and skills shortage. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

We discuss the use of the InterPlanetary File System (IPFS) in phishing attacks. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Web3 IPFS Only Used for Phishing – So Far

Read more →

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it…

Read more →

More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old…

Read more →

In this blog entry, we discuss the reasons why malicious actors choose to and opt not to pursue kernel-level access in their attacks. It also provides an overview of kernel-level threats that have been publicly reported from April 2015 to…

Read more →

If a stronger cyber security posture is one of your organization’s new year’s resolutions, focus on what matters with these five essential highlights from the Trend Micro Security Predictions for 2023. This article has been indexed from Trend Micro Research,…

Read more →

This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda’s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works. This article has…

Read more →

Explore the latest findings from Trend Micro’s Cyber Risk Index (1H’2022) and discover how to enhance cybersecurity risk management across the digital attack surface. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Trend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short…

Read more →

This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

IDPS, IDS, IPS… what’s the difference? Discover key differences between intrusion detection and prevention systems as well as 9 technical and non-technical questions to ask when evaluating vendors. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

In 2023, cybercriminals and defenders alike will have to move forward with caution in the face of a business landscape that’s fraught with security blindsides and economic ebbs and flows. This article has been indexed from Trend Micro Research, News…

Read more →

We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Linux Cryptocurrency Mining Attacks…

Read more →

Explore the world of zero-day threats and gain valuable insight into the importance of proactive detection and remediation. Learn how Trend Micro™ Research mitigates risk by providing global cybersecurity intelligence to continuously discover the ever-changing attack surface, understand and prioritize…

Read more →

Cybersecurity insurance is a must have for organizations of any size. John Hennessy, RVP at Cowbell discusses cyber insurance policy underwriting process, market trends, and the key security controls for businesses. This article has been indexed from Trend Micro Research,…

Read more →

This three-part blog series explores the risks associated with CNC machines This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Industry 4.0: CNC Machine Security Risks Part 3

Read more →

CISOs and security professionals need a cybersecurity plan to succeed. Explore three keys for a winning strategy. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cybersecurity Plan: 3 Keys for CISOs

Read more →

This three-part blog series explores the risks associated with CNC machines This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Industry 4.0: CNC Machine Security Risks Part 2

Read more →

A strong cybersecurity strategy isn’t just about choosing the right tools. Cybersecurity experts Greg Young and William Malik discuss three non-technical cybersecurity trends for 2023 to help security leaders reduce cyber risk across the enterprise attack surface. This article has…

Read more →

This three-part blog series explores the risks associated with CNC machines This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Industry 4.0: CNC Machine Security Risks Part 1

Read more →

Data exposure from SaaS and cloud applications is an increasing risk factor facing businesses today. Discover how SASE capabilities can help prevent data exfiltration and reduce cyber risk across the attack surface. This article has been indexed from Trend Micro…

Read more →

This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: WannaRen Returns…

Read more →

Decentralization can make enterprises more agile but it also makes IT and network security more complex. Creating a strong security culture, deploying the right tools, and defining an incident response plan are key to keeping the business protected. This article…

Read more →

iBynd VP of Insurance, Tim Logan, and Trend Micro’s Cyber Risk Specialist Vince Kearns provide insights on cyber insurance must-haves, pricing, services, and how the industry is changing in the face of ransomware attacks, cryptocurrency, and emerging cybersecurity technologies. This…

Read more →

North America Least Prepared for Cyberattacks This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Global Cyber Risk at Elevated Level

Read more →

Trend Micro Research reported a 137.6% growth in phishing attacks blocked and detected in 2021. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk. This article has been indexed from…

Read more →

We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide:…

Read more →

North America Least Prepared for Cyberattacks This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Global Cyber Risk at Elevated Level

Read more →

Trend Micro Research reported a 137.6% growth in phishing attacks blocked and detected in 2021. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk. This article has been indexed from…

Read more →

The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews 7 key initial attack vendors and provides proactive security tips to help you reduce cyber risk across the attack surface. This article has…

Read more →

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.…

Read more →

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations. This article has been indexed from Trend Micro Research, News and…

Read more →

Security threats have already begun to outpace cloud firewalls. It’s a fact. But organizations exploring new cloud-native solution find themselves more prepared to stay resilient. Find out how cloud-native network security’s features and benefits are making this possible. This article…

Read more →

This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files). This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

Discover the benefits of SASE in adopting modern security architectures to reduce cyber risk across the attack surface. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: A Secure Access Service Edge (SASE)…

Read more →

Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and crowd sourcing as well as tips to strengthen your defense strategy. This article has been indexed from Trend Micro Research,…

Read more →

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. This…

Read more →

Explore hybrid cloud management security challenges, components, and tips to minimize your cyber risk. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Hybrid Cloud Management Security Tools

Read more →

This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Find out if your container-based applications are vulnerable to the new OpenSSL vulnerabilities and the recommendations to help ensure you are protected. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Are Containers…

Read more →

We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Massive…

Read more →

63% of c-level executives in the US don’t have an incident response plan yet 50% of organizations experience a cyberattack. Explore incident response services and playbooks to strengthen your cyber defenses. This article has been indexed from Trend Micro Research,…

Read more →

Gain valuable insight into the emerging world of post-quantum computing. Understand the threats attackers with access to quantum computers pose. Learn how harnessing the power of cloud security posture management (CSPM) can mitigate these looming dangers. This article has been…

Read more →

In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

50% of teams in a Trend Micro global study said they’re overwhelmed by the number of alerts surfaced by disconnected point products and SIEMs. Discover how XDR can reduce false positives and enhance threat detection and response. This article has…

Read more →

Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management, and how vendors and cyber insurers can champion enhanced cybersecurity posture. This article has been indexed from Trend Micro Research,…

Read more →

Potential disruptions following vulnerabilities found in OpenSSL. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Latest on OpenSSL 3.0 Critical Bug & Security-Fix

Read more →

Potential disruptions following vulnerabilities found in OpenSSL. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Latest on OpenSSL 3.0.7 Critical Bug & Security-Fix

Read more →