IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Credit to Author: Ian Kenefick| Date: Fri, 23 Dec 2022 00:00:00 +0000

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks.

Read more

Detecting Windows AMSI Bypass Techniques

Credit to Author: Jiri Sykora| Date: Wed, 21 Dec 2022 00:00:00 +0000

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™.

Read more

Raspberry Robin Malware Targets Telecom, Governments

Credit to Author: Christopher So| Date: Tue, 20 Dec 2022 00:00:00 +0000

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

Read more

Ransomware Business Models: Future Pivots and Trends

Credit to Author: Feike Hacquebord| Date: Thu, 15 Dec 2022 00:00:00 +0000

Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations (“revolutions”) they can redirect their criminal enterprises to in the long run.

Read more

Cyber Crime: INTERPOL Uses Trend Threat Intelligence

Credit to Author: Jon Clay| Date: Fri, 25 Nov 2022 00:00:00 +0000

INTERPOL recently conducted operation African Surge to take down malicious infrastructure across the African continent and requested the help of private enterprises. Trend Micro is proud to have been asked to participate, and provided global threat intelligence that was utilized in this operation.

Read more

Electricity/Energy Cybersecurity: Trends & Survey Response

Credit to Author: Mayumi Nishimura| Date: Wed, 16 Nov 2022 00:00:00 +0000

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations.

Read more

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Credit to Author: Hara Hiroaki| Date: Wed, 09 Nov 2022 00:00:00 +0000

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Read more

TeamTNT Returns — Or Does It?

Credit to Author: Sunil Bharti| Date: Wed, 19 Oct 2022 00:00:00 +0000

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.

Read more