How to Apply a Zero Trust Security Model to ICS

Discover how to leverage the zero trust strategy to protect ICS environments, enabling a stronger security posture and reducing risk...

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics...

Trend Micro Joins AWS Marketplace Vendor Insights

Streamlining and enhancing security in the cloud with AWS and Trend Micro...

Better Together: AWS and Trend Micro

This post relays the latest threat detection tool innovation of AWS - Amazon GuardDuty Malware Protection. This tool works closely with Trend Micro cloud solutions, providing another valuable layer of defense in our fight against a shared adversary...

LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities

In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware...

Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography

In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking...

Improving Software Supply Chain Cybersecurity

Explore use cases for software supply chain cyberattacks and mitigation strategies to improve security maturity and reduce cyber risk...

Improving Software Supply Chain Security

Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk...

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report...

Top 5 Infrastructure as Code Security Challenges

Learn how to counteract the top five challenges of IaC and discover how these obstacles pose a threat to security and gain valuable insight in how to mitigate these risks...

Worldwide 2021 Email Phishing Statistics & Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2021...

Worldwide 2021 Email Phishing Statistics & Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2021...

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community...

Private 5G Network Security Expectations Part 3

How to secure your private 5G networks; The challenge of complex ecosystem in DX...

Data Distribution Service: Mitigating Risks Part 3

In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors...

Private 5G Network Security Expectations Part 2

The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks?...

GraphQL vs gRPC: Which One Creates More Secure APIs?

Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API frameworks and how to prevent them...

Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that malicious actors exploit for easy monetary gain...

ICS & OT Cybersecurity Attack Trends

We explore Trend Micro’s latest research into industrial cybersecurity, including the impact of attacks, maturity of security programs, and recommendations for strengthening security...

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server

We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control C&C server to circumvent detection...

Data Distribution Service: Exploring Vulnerabilities and Risks Part 2

In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations...

Private 5G Network Security Expectations Part 2

The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks?...

Private 5G Network Security Expectations Part 1

Are "new" protocols and "private" networks sufficient for your cybersecurity requirements?...

Data Distribution Service: An Overview Part 1

In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate risks associated with it...

DevOps vs SRE: Differences & Similarities

While DevOps and site reliability engineering teams often work together and have shared goals, there are important distinctions between the two. This article explores the differences between their functions and responsibilities...

Hacking the Crypto-monetized Web

What danger lies around the corner?...

Hacking the Crypto-Monetized Web

What danger lies around the corner?...

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations...

How to Present Cloud Risk to the Board

Trend Micro Security Researcher, Erin Sindelar, breaks down three popular types of cloud risk assessments to help CISOs and security leaders better explain cyber risk to the board...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with ransomware days after the data...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022...

Private Network 5G Security Risks & Vulnerabilities

Why cybersecurity is the first step to private network deployment...

Trend Micro CEO Discusses Need for a Unified Cybersecurity Platform

In the face of evolving cyberattacks, an ever-expanding digital attack surface, and a global skills shortage, organizations need a more unified approach to managing cyber risk. Trend Micro co-founder & CEO Eva Chen discusses our vision and strategy for delivering a unified cybersecurity platform...

Azure vs. AWS Developer Tools

Both AWS and Azure developer tools provide key efficiencies in your DevOps environment, learn the comparison between tools, any overlap, and use cases for both...

Examples of Cyber Warfare #TrendTalksBizSec

Cyber Warfare has been a topic of discussion for years but has reached a new level of prominence in this age of hyper-connected critical infrastructure. Our Trend Micro experts touch on this evolution, disinformation campaigns, and cyber mercenaries...

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software...

Security 101: Cloud-native Virtual Patching

Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help...

State of OT Security in 2022: Big Survey Key Insights

Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan...

Addressing Cyber Risk with a Unified Platform

Hear from guest speaker, Forrester analyst, Allie Mellen, as she shares insights and advice on the factors firms should consider when looking at leveraging a security platform for managing the attack surface lifecycle...

Amazon EKS vs Azure Kubernetes Service

Managed Kubernetes services help organizations deploy, configure, and manage Kubernetes clusters. This article compares two of the biggest service providers: Amazon EKS and Azure Kubernetes Services...

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices...

Tutorial: How to Build Your First Node.js gRPC API

Compared to other API technologies like REST and GraphQL, gRPC is lightweight and exceptionally robust, thanks in large part to its use of protobufs. Interested in exploring how to build your own API? Read on to see how easy it is to do so with Node.js and gRPC...

YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation

The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives...

Cyber Risk Management Strategies from Arjo CIO

Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...

Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

Nigeria’s Economic and Financial Crimes Commission EFCC arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the group and their modus operandi...