research

New OpcJacker Malware Distributed via Fake VPN Malvertising

Posted on by Admin
New OpcJacker Malware Distributed via Fake VPN Malvertising

New OpcJacker Malware Distributed via Fake VPN Malvertising Malware We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022. By: Jaromir Horejsi, Joseph C Chen March 29, 2023 Read time:  ( words) We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability),…

Read More

Azure Serverless Security Risks Exposed by New Study

Posted on by Admin
Azure Serverless Security Risks Exposed by New Study

Serverless architectures are increasingly popular, as the cloud provider does most of the heavy lifting, allowing developers to focus on building and running their apps. But this popularity has attracted the scrutiny of threat actors. Although serverless environments have a relatively reduced attack surface, with certain responsibilities shifted to the cloud provider (CSP), users must be careful not to introduce extra risk. This could happen if they write insecure code, misconfigure assets or fail to…

Read More

Earth Preta Updated Stealthy Strategies

Posted on by Admin
Earth Preta Updated Stealthy Strategies

We categorize the different TTPs into six stages: arrival vectors, discovery, privilege escalation, lateral movement, command and control (C&C) and exfiltration, respectively. In our previous research, we covered most of the new TTPs and malware during the first stage, arrival vectors. However, we observed that some of TTPs have been changed. In the following sections, we focus on the updated arrival vectors and their succeeding stages. We previously summarized the arrival vectors used by Earth…

Read More

Emotet Returns, Now Adopts Binary Padding for Evasion

Posted on by Admin
Emotet Returns, Now Adopts Binary Padding for Evasion

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/  The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Read More

Examining Ransomware Payments From a Data-Science Lens

Posted on by Admin
Examining Ransomware Payments From a Data-Science Lens

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques,…

Read More

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Posted on by Admin
Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con.    To successfully combat spam or phishing threats, organizations must…

Read More

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Posted on by Admin
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

The CVEs used by the top five groups varied in severity (Figure 2), though most of these CVEs had a score of at least 7.2 on the Common Vulnerability Scoring System (CVSS). As Figure 3 shows, the bulk of these vulnerabilities were exploited as a means of privilege escalation at 54.3%, followed by those for remote code execution (RCE) at 17.4%. Vulnerabilities exploited by the top five ransomware groups CVE-2021-30119, which has the lowest CVSS…

Read More

A Deep Dive into the Evolution of Ransomware Part 3

Posted on by Admin
A Deep Dive into the Evolution of Ransomware Part 3

A Deep Dive into the Evolution of Ransomware Part 3 Privacy & Risks This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 27, 2023 Read time:  ( words) Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises –…

Read More

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Posted on by Admin
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool Malware Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. By: Buddy Tancio, Abraham Camba, Catherine Loveria February 24, 2023 Read time:  ( words) Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used (via the DLL…

Read More

A Deep Dive into the Evolution of Ransomware Part 2

Posted on by Admin
A Deep Dive into the Evolution of Ransomware Part 2

Ransomware has become an increasingly damaging presence, wreaking havoc on organizations of all sizes and across industries. Without understanding the traditions that underpin these malicious strategies, combatting them can feel like a daunting task. In part one, we explore ransomware’s evolution to gain perspective on how cybercriminals adapt their tactics in response to changing threats. This entry looks into factors that trigger changes in cyber criminals’ business models. Triggers for a paradigm shift Cybercriminals are…

Read More
1 2 3 4 5 18