Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations. By: Kenneth Adrian Apostol, Paolo Ronniel Labrador, Mirah Manlapig, James Panlilio, Emmanuel Panopio, John Kenneth Reyes, Melvin Singwa June 30, 2022 Read…

Read More

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Lateral movement to machines in the network After the initial infection with Cobalt Strike, we observed that the threat actor dropped node.exe, which is a stowaway proxy tool that is publicly available on Github. The tool is written in the GO language and can provide many capabilities to threat actors: remote shell execution, upload/downloading files, and more. In this case, the tool is used to provide a reverse shell to threat actors on IP: 45[.]32.108.54…

Read More

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups Ransomware We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022. By: Shingo Matsugaya, Matsukawa Bakuei, Vladimir Kropotov June 27, 2022 Read time:  ( words) Trend Micro has been monitoring the leak sites of multiple ransomware groups since November 2019 and continuously…

Read More

Misunderstood Private Network 5G Security Risks & Vulnerabilities

Misunderstood Private Network 5G Security Risks & Vulnerabilities

The move towards 5G is accelerating as enterprises seek greater security, flexibility, and reliability in 5G than earlier cellular, wireless, or wired connectivity. And while the underlying security capabilities of 5G NPN are superior to earlier communications media, they are not flawless. Recent research outlined four attack routes into a private 5G network, three areas where communications network topology presents opportunities to intercept signal traffic, and six methods for attacking the physical process infrastructure via…

Read More

Examples of Cyber Warfare #TrendTalksBizSec

Examples of Cyber Warfare #TrendTalksBizSec

Jon Clay, VP of Threat Intelligence: [00:00:00] Hey welcome everybody. Jon Clay, VP of Threat Intelligence here at Trend Micro and welcome to another episode of #TrendTalksBizSec. Joining me again is my cohort in crime. Ed Cabrera, Chief Cybersecurity Officer: My name’s Ed Cabrera. I’m the Chief Cybersecurity Officer at Trend Micro. It’s great to be here. Jon: You know, interesting Ed, I recently was able to travel to Switzerland, to Davos for the World…

Read More

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware Malware We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software. By: Joseph C Chen, Jaromir Horejsi June 17, 2022 Read time:  ( words) We noticed a new version of CopperStealer and analyzed these samples to be related to a previous campaign we’ve documented. We examined this new version reusing parts of code and observed the following similarities from previous versions: The…

Read More

State of OT Security in 2022: Big Survey Key Insights

State of OT Security in 2022: Big Survey Key Insights

State of OT Security in 2022: Big Survey Key Insights Compliance & Risks Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan. By: Hiroyuki Ueno June 15, 2022 Read time:  ( words) Industrial sectors affected by cyberattacks It has become evident that critical infrastructure and manufacturing industries worldwide are under threat from cyberattacks,…

Read More

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report. By: Don Ovid Ladores June 08, 2022 Read time:  ( words) Cuba ransomware is a malware family that has been seasonally detected since it was first observed in February 2020. It resurfaced…

Read More

Closing the Door DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

Closing the Door DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

The dark blue line in the survival analysis in Figure 8 shows the date range when victims paid the ransom amount. In this analysis, the victims that do not pay the ransom amount are referred to as survivors, while those who do are referred to as terminal. This analysis allows us to better understand the science of ransomware and ransom payout prevention. We can go further and say that for about 5 to 7.5 bitcoins…

Read More

Why It’s Time to Map the Digital Attack Surface

Why It’s Time to Map the Digital Attack Surface

Around a year ago a cyberattack on a little-known US oil pipeline thrust ransomware into the media spotlight and grabbed the attention of the White House. The ensuing months saw a flurry of government efforts designed to improve the security posture of global organizations, with cyber risk management planted firmly front-and-center of recommended best practices. The cybercriminals responsible for breaching Colonial Pipeline may have unintentionally done a great deal of good for the security community….

Read More
1 13 14 15 16 17 27