Trend Micro is a cloud security pioneer. And for over 30 years, we’ve worked hand in hand with the channel to make the digital world a safer place. So we’re delighted to receive more recognition of the value we’re adding for partners and customers with the release of the latest CRN Cloud 100 list. This comes on the heels of another great recognition as Trend Micro was recently awarded the AWS Marketplace Partner of the…
Read More
More than any other industry, cybersecurity is constantly changing. But the number of major paradigm shifts that transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. The costly and global threat of ransomware has evolved alongside changing technology in the past two decades. Just as threat researchers and engineers rethink their solutions when the currents of cybersecurity shift, their adversaries are always following the…
Read More
2023 will be the ninth year of doing my monthly threat webinar series that I love. Each month I select a threat or a research report to discuss with my audience that I think can help educate them on the latest trends in the threat landscape. Over the years, I’ve covered such threats as advanced persistent threats (APT), botnets, crypto mining, fileless, key loggers, messaging, ransomware, spyware, trojans, vulnerabilities, web threats, and zero days. One…
Read More
In 2021, we published an entry identifying the weak parts of the supply chain security. In the face of the surge in documented attacks, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions. In this entry, we focus on one specific part of the supply chain: the developers themselves. To find a suitable attack model focusing on the developer, we must…
Read More
Ransomware continues to be a significant global threat for organizations in all sectors. In 2022, it accounted for 41% of breaches, with an average cost per breach of $4.5 million. While authorities have had some success cracking down on ransomware perpetrators, bad actors are expected to evolve their tactics and business models, generating new attack types and pursuing new targets such as the enterprise cloud. Since the ransomware risk is less a question of “if”…
Read More
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures Malware We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. By: Peter Girnus, Aliakbar Zahravi January 17, 2023 Read time: ( words) While threat hunting, we found an active campaign using Middle Eastern geopolitical themes as a lure to target potential…
Read More
GitHub Codespaces, initially in preview for specific users, became widely available for free in November 2022. This cloud-based integrated development environment (IDE) allows developers and organizations to customize projects via configuring dev container files, easing some previous pain points in project development. We investigated the services offered by this cloud IDE and found that one of its features for code development and collaboration – sharing forwarded ports publicly – can be abused by malicious actors…
Read More
Download Trend Micro’s Guide to Cyber Insurance Just a decade ago, it seemed like the only requirement from cyber insurance carriers was the need for a policy; the application process was easy, and the questionnaire was simple. But as ransomware attacks grew in popularity and damage, carriers were forced to tighten the reigns to keep a balanced book. In 2020, we witnessed the cyber insurance market harden for the first time ever. Since then, carriers…
Read More
In today’s increasingly connected world, red teaming has become a critical tool for organizations to test their security and identify possible gaps within their defenses. Red teaming, also known as red cell, adversary simulation, or Cyber Red Team, involves simulating real-world cyber attackers’ tactics, techniques, and procedures (TTPs) to assess an organization’s security posture. In the world of cybersecurity, the term “red teaming” refers to a method of ethical hacking that is goal-oriented and driven…
Read More
If there’s a common denominator to today’s security woes, it’s complexity. Industrial and enterprise IT environments are more open, interdependent, and essential than ever before. Practicing good data hygiene is one of the best ways for organizations to protect themselves, and it starts with a zero-trust approach to network access. Complexity is a security risk Part of what makes IT environments so complex today is the distributed nature of industrial and business operations, which decentralizes…
Read More
Introduction Cloud computing services have grown exponentially in