research

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

Posted on by Admin
Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

Initial Access Play’s ransomware actors commonly gain initial access through valid accounts that have been reused across multiple platforms, have previously been exposed, or were obtained through illegal means. This includes Virtual Private Network (VPN) accounts, not just domain and local accounts. Exposed RDP servers are also abused to establish a foothold. Another technique Play ransomware uses is the exploitation of the FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812. CVE-2018-13379 is a path traversal vulnerability in the…

Read More

BumbleBee a New Modular Backdoor Evolved From BookWorm

Posted on by Admin
BumbleBee a New Modular Backdoor Evolved From BookWorm

BumbleBee a New Modular Backdoor Evolved From BookWorm Malware In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. By: Vickie Su, Ted Lee, Nick Dai September 02, 2022 Read time:  ( words) In March 2021, we investigated a backdoor with a unique modular architecture and…

Read More

Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

Posted on by Admin
Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

According to our Trend Micro Smart Protection Network (SPN) platform, Emotet detections soared in the first six months of 2022 with 148,701 detections compared to the 13,811 detections in the first half of the previous year. Based on our telemetry, Japan was the country with the highest number of detections. Comparison of Emotet detections Year Count 1H 2021 13,811 1H 2022 148,701 Source: Trend Micro Smart Protection Network Top five countries with Emotet detections Country…

Read More

New Golang Ransomware Agenda Customizes Attacks

Posted on by Admin
New Golang Ransomware Agenda Customizes Attacks

Analysis and notable features The Agenda ransomware is a 64-bit Windows PE file written in Go. Go programs are cross-platform and completely standalone, meaning they will execute properly even without a Go interpreter installed on a system. This is possible since Go statically compiles necessary libraries (packages). Upon execution, this ransomware accepts various command-line arguments that define the malware flow and functionality, as listed in the table below. Argument  Description -alter {int}  Defines the port number…

Read More

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

Posted on by Admin
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

The mhyprot2.sys driver that was found in this sequence was the one built in August 2020. Going back to social media streams, we can see that shortly after Genshin Impact was released in September 2020, this module was discussed in the gaming community because it was not removed even after the game was uninstalled and because it allowed bypassing of privileges. A PoC, provided by user kagurazakasanae, showed that a library terminated 360 Total Security….

Read More

What Exposed OPA Servers Can Tell You About Your Applications

Posted on by Admin
What Exposed OPA Servers Can Tell You About Your Applications

With the proper request or token, an attacker could obtain even more information about these services and look for vulnerabilities or other entry points to get into an organization’s systems. We highly recommend that companies currently leveraging OPA as their policy-as-code solution to ensure that they are not unwittingly exposing their APIs and policies online. In certain cases, companies could be using OPA without them realizing it; multiple providers for Kubernetes-managed services rely on OPA for…

Read More

Oil and Gas Cybersecurity: Recommendations Part 3

Posted on by Admin
Oil and Gas Cybersecurity: Recommendations Part 3

Oil and Gas Cybersecurity: Recommendations Part 3 Cyber Threats In the final part of our series, we look at the APT33 case study and several recommendations from our expert team. By: Trend Micro August 15, 2022 Read time:  ( words) The oil and gas industry continues to be a prime target for threat actors who want to disrupt the operation and wreak havoc. In part two, we discussed various threats that can affect an oil…

Read More

Forecasting Metaverse Threats: Will it Become Metaworse?

Posted on by Admin
Forecasting Metaverse Threats: Will it Become Metaworse?

The term “metaverse” was first used by Neal Stephenson in his 1992 cyberpunk novel Snow Crash. It describes a virtual world that can be explored using avatars, offering players a completely immersive experience. Today, we see similar worlds in massively multiplayer online role-playing games (MMORPGs) such as Roblox, Minecraft, Fortnite, Second Life, and others, but these games are still nowhere close to the immersive experience described in Snow Crash.  The modern metaverse concept consists of…

Read More

SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

Posted on by Admin
SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates. By: Nathaniel Morales, Ivan Nicole Chavez, Monte de Jesus, Lala…

Read More
1 7 8 9 10 11 18