Cybercriminals are winning: How companies can turn the tide

Cybercriminals are winning: How companies can turn the tide

Cybercriminals are winning: How companies can turn the tide | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This…

Read More

Attackers Use Containers for Profit via TrafficStealer

Attackers Use Containers for Profit via TrafficStealer

Attackers Use Containers for Profit via TrafficStealer Cloud We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads. By: Alfredo Oliveira April 26, 2023 Read time:  ( words) Our team deploys containers and containerized honeypots to monitor any unwanted activities, as well as to reinforce cloud security solutions and recommendations. While these honeypots frequently capture cryptocurrency miners trying to exploit computational resources, we recently discovered…

Read More

ViperSoftX Updates Encryption, Steals Data

ViperSoftX Updates Encryption, Steals Data

Figure 11. Top 10 countries affected by ViperSoftX malware in the enterprise (top) and consumer (bottom) sectorsSource: Trend Micro Smart Protection Network (SPN) Conclusion and insights While other cybercriminals use sideloading to load another non-binary component (usually the encrypted payload, which comes together as a package with the normal executable and the sideloaded DLL), the chosen techniques of the actors behind ViperSoftX (which involve using WMI Query Language (WQL), DLL sideloading/DLL load order hijacking, PowerShell…

Read More

Mac Malware MacStealer Spreads as Fake P2E Apps

Mac Malware MacStealer Spreads as Fake P2E Apps

Conclusion While not new, P2E games are enjoying a renewed interest and rise in popularity, and so will the efforts of threat actors aiming to take advantage of this growing trend. MacStealer malware is just one of many to take advantage of P2Es’ traction. P2E gamers, in particular, are lucrative targets because the economic model of these games requires them to adopt cryptocurrencies and wallets. Security researchers can find investigating the delivery of the malware…

Read More

Fight Mercenaries with these Cybersecurity Principles

Fight Mercenaries with these Cybersecurity Principles

On March 27, 2023, the Cybersecurity Tech Accord (CTA) released a new set of principles to help guide the technology industry and others in dealing with the growing market of cyber mercenaries. Trend Micro was a co-author of these principles, bringing our expertise and research of cyber mercenaries to help craft these principles for the industry. Trend Micro is one of the founding members of the CTA, and we worked with other members, Cisco, META,…

Read More

Earth Preta’s Cyberespionage Campaign Hits Over 200

Earth Preta’s Cyberespionage Campaign Hits Over 200

This mix of traditional intelligence trade craft and cyber techniques could mean that these groups have access to advanced resources and support from nation states, since such techniques are not typically available to independent hackers. Moreover, this approach could signify the growing convergence of cyber- and physical security as cyberattacks continue to move beyond digital systems and into the physical world. Operation groups While this is not a comprehensive list, we summarize and attribute the…

Read More

Reflections on 35 years in the trenches

Reflections on 35 years in the trenches

Reflections on 35 years in the trenches | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses…

Read More

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

The persistence is ensured by copying a script similarly named as the current filename to the /usr/lib/systemd/system/ directory, and creating a symlink to this file in the /etc/ystem/system/multi-user.target.wants/ directory. Thus, this method only works if the current process has root privileges. The content of the script is: [Unit]Description=xxx[Service]Type=forkingExecStart=<path to current file> -xExecStop=/usr/bin/id[Install]WantedBy=multi-user.target After running the code dependent on the parameters, if the operator has not chosen a GUID with the “-f” parameter, the malware generates…

Read More

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

Technical perspectives Based on the arsenals and TTPs, we believe Earth Yako may be related to a number of existing groups. However, since we could only observe partial technical overlaps between Earth Yako and the following groups, we note that this is not our final attribution. We found the overlaps similar with the following groups: 1.      Darkhotel Darkhotel (a.k.a. DUBNIUM) is a threat actor observed to frequently target Japanese organizations in the past. Earth Yako’s…

Read More

Earth Zhulong Familiar Patterns Target Vietnam

Earth Zhulong Familiar Patterns Target Vietnam

Introduction In 2022, we discovered a hacking group that has been targeting telecom, technology, and media sectors in Vietnam since 2020. We track this particular group as Earth Zhulong. We believe that Earth Zhulong is likely related to the Chinese-linked hacking group 1937CN based on similar code in the custom shellcode loader and victimology. In this post, we’ll introduce Earth Zhulong’s new tactics, techniques, and procedures (TTPs) in the recent campaign and the evolution of…

Read More
1 2 3 9