Pwn2Own Vancouver 2023 to Put Tesla to the Test

Pwn2Own Vancouver 2023 to Put Tesla to the Test

At Trend Micro, we’ve always said that cybersecurity is a team sport. But what happens when you put those teams in competition with each other? We believe you create the conditions in which the world’s best hackers thrive. And ultimately, you make the connected world safer in the process. That’s the philosophy of our Zero Day Initiative’s Pwn2Own competition. For the past 15+ years, teams from across the globe have battled each other for big…

Read More

S4x23 Review Part 2: Evolving Energy Cybersecurity

S4x23 Review Part 2: Evolving Energy Cybersecurity

While public-private partnerships may have been successful for large businesses, small businesses with limited financial and human assets still face challenges. The 100-day plan has certainly advanced cybersecurity in the energy sector by focusing on ICS security and grid security and facilitating coordination between public and private entities and agencies. However, challenges have been raised in the areas of information sharing among small utilities, solutions tailored for them, and sustainable initiatives. Innovative threat intelligence and…

Read More

Emotet Returns, Now Adopts Binary Padding for Evasion

Emotet Returns, Now Adopts Binary Padding for Evasion

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/  The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Read More

Examining Ransomware Payments From a Data-Science Lens

Examining Ransomware Payments From a Data-Science Lens

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques,…

Read More

Expanding Attack Blueprints 2022 Annual Cybersecurity Report

Expanding Attack Blueprints 2022 Annual Cybersecurity Report

The year 2022 — which was beset with economic turmoil, supply chain problems, and even a war — proved to be an arduous year for organizations not just offline, but online, too. While businesses worked overtime to keep their organizations protected against threats amid challenges and shortages, malicious actors also toiled around the clock to keep their criminal operations running. This is evidenced by the 146.4 billion threats we detected and blocked in 2022, a…

Read More

S4x23 Review Part 1: What’s New in OT Security

S4x23 Review Part 1: What’s New in OT Security

In this blog, I will introduce discussions from S4 over several posts. The first installment will cover two topics from the academic interviews. Interview with Michael Fischerkeller – Author of Cyber Persistence Theory Fischerkeller is a senior researcher in the Institute for Defense Analyses and has been involved in shaping US government security policy for over 25 years. Based on this experience, he published “Cyber Persistence Theory” with two co-authors, aiming to bridge the gap…

Read More

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

The CVEs used by the top five groups varied in severity (Figure 2), though most of these CVEs had a score of at least 7.2 on the Common Vulnerability Scoring System (CVSS). As Figure 3 shows, the bulk of these vulnerabilities were exploited as a means of privilege escalation at 54.3%, followed by those for remote code execution (RCE) at 17.4%. Vulnerabilities exploited by the top five ransomware groups CVE-2021-30119, which has the lowest CVSS…

Read More

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con.    To successfully combat spam or phishing threats, organizations must…

Read More

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

The persistence is ensured by copying a script similarly named as the current filename to the /usr/lib/systemd/system/ directory, and creating a symlink to this file in the /etc/ystem/system/multi-user.target.wants/ directory. Thus, this method only works if the current process has root privileges. The content of the script is: [Unit]Description=xxx[Service]Type=forkingExecStart=<path to current file> -xExecStop=/usr/bin/id[Install]WantedBy=multi-user.target After running the code dependent on the parameters, if the operator has not chosen a GUID with the “-f” parameter, the malware generates…

Read More

A Deep Dive into the Evolution of Ransomware Part 3

A Deep Dive into the Evolution of Ransomware Part 3

A Deep Dive into the Evolution of Ransomware Part 3 Privacy & Risks This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 27, 2023 Read time:  ( words) Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises –…

Read More
1 2 3 4 5 27