Network detection & response: the SOC stress reliever

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important...

An In-Depth Look at Crypto-Crime in 2023 Part 1

Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses...

The Top 10 AI Security Risks Every Business Should Know

With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project OWASP flags risks enterprises should kee...

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly...

Mekotio Banking Trojan Threatens Financial Systems in Latin America

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does...

AI Pulse: Siri Says Hi to OpenAI, Deepfake Olympics & more

AI Pulse is a new blog series from Trend Micro on the latest cybersecurity AI news. In this edition: Siri says hi to OpenAI, fraud hogs the AI cybercrime spotlight, and why the Paris Olympics could be a hotbed of deepfakery...

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner...

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering ICO. Similar schemes have been found to use AI-generated images for their fake ICO websites...

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what...

AI Coding Companions 2024: AWS, GitHub, Tabnine + More

AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before. This blog looks at how the landscape is changing and key features of market-leading...

Omdia Report: Trend Disclosed 60% of Vulnerabilities

The latest Omdia Vulnerability Report shows Trend MicroTM Zero Day InitiativeTM ZDI spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention...

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023...

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023...

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer MSI files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are...

Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime...

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime...

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project...

TargetCompany’s Linux Variant Targets ESXi Environments

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution...

A SANS's 2024 Threat-Hunting Survey Review

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year...

SANS's 2024 Threat-Hunting Survey Review

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year...

It's Time to Up-Level Your EDR Solution

You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more...

Guide to Better Extended Threat Detection and Response (XDR)

Discover how XDR can enhance threat detection and response to improve a SecOps team’s efficiency and outcomes...

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud performance...

Decoding Water Sigbin's Latest Obfuscation Tricks

Water Sigbin aka the 8220 Gang exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against...

2 Weeks Out: Evolution at RSAC 2024

Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging threats...

RSAC 2024 Review: AI & Data Governance Priorities

Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data governance...

ISPM + ITDR: Proactive Cyber Defense in the AI Era

In the ever-evolving landscape of cybersecurity, staying ahead of malicious actors requires a multifaceted approach...

ISPM & ITDR Synergize for AI-Based Identity Security

In the ever-evolving landscape of cybersecurity, staying ahead of malicious actors requires a multifaceted approach...

Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024...

Deepfakes and AI-Driven Disinformation Threaten Polls

Cheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election year...

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024...

Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan

In this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan...

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost...

NCSC Says Newer Threats Need Network Defense Strategy

...

Cybersecurity Decluttered: A Journey to Consolidation

Learn how far cybersecurity has come from scattered resources to consolidation the future...

Importance of Scanning Files on Uploader Applications

Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware...

How Red Team Exercises Increases Your Cyber Health

Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effective...

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware...

Fileless Attacks Prompt Intel’s Next-Gen Security

Discover how Trend is strengthening its endpoint solutions to detect fileless attacks earlier. By leveraging Intel Threat Detection Technology, Trend enhances the scalability and resiliency of its solutions...

Why a Cloud Security Platform Approach is Critical

Explore how a cybersecurity platform with attack surface management and runtime protection capabilities can enhance your cloud security posture...

Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption

Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption...

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library DLL hijacking and application programming interface API unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON...

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers...

NIST Launches Cybersecurity Framework (CSF) 2.0

On February 26, 2024, the National Institute of Standards and Technology NIST released the official 2.0 version of the Cyber Security Framework CSF...

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems...

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897...

The Dynamic DoS Threat

ENISA Report Unveils a Complex Cyber Landscape...

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa...