ID TRENDMICROBLOG:9D9C9C7B4E0E18962B85CB70415357A0 Type trendmicroblog Reporter Jon Clay Modified 2017-10-20T13:00:51
Description
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The malware, dubbed Sockbot, was found hiding in eight apps on Google Play, all offered by a single developer account.
_Threats leveraging malicious macros are constantly changing to evade security measures that detect and block them. Recently, in spam email distributing URSNIF, a malware famous for adopting new tools, Trend Micro saw simple checks that the malware uses to evade sandbox detections.__ _
The Necurs botnet has recently undergone a resurgence, distributing millions of malicious emails. The ransomware is also attaching a downloader with the functionality to gather telemetery from infected victims – taking screengrabs of infected machines and sending them back to a remote server.
_A new ransomware is being distributed by the Magnitude exploit kit, which Trend Micro found targeting South Korea via malvertisements on attacker-owned domains and sites. The development in Magnitude’s activity is notable because it eschewed Cerber –its usual ransomware payload– in favor of Magniber.__ _
A discovery from Forensiq, which focuses on the detection and prevention of ad fraud, claims advertisers are losing big money from a stealthy bot that’s using a new tactic to siphon millions of dollars away from sports websites including NFL team domains, ESPN and CBS Sports.
_North Korea’s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Trend Micro summarizes its findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses.__ _
_According to an industry survey, 45 percent of small business (SMB) owners believe they'll never be targeted. This is a dangerous assumption because SMBs are sitting ducks for cyber criminals, and as leaders better understand their risk, they struggle to take action against emerging threats.__ _
It’s an exciting future for sure but, as with everything, it is important to consider the potential “misuse case” as well as the obvious benefits. We are talking about a future where attackers no longer hack a device that you use, but rather hacking your perception of reality.
A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime.
_Trend Micro Deep Discovery has been recommended for the fourth year in a row by NSS Labs Breach Detection Systems report – scoring an unbeatable 100% detection rate. Powered by XGen™ security, it’s designed to help organizations detect, analyze, and respond to advanced malware.__ _
_It started as a small idea. Get a bunch of good people together, away from the pressures of their offices, and see if they could address some of the issues operational security teams have to deal with. It is now Year 4, and Trend Micro is expanding its role to become the lead sponsor of Canada’s GeekWeek.__ _
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.
{"type": "trendmicroblog", "cvss": {"score": 0.0, "vector": "NONE"}, "references": [], "enchantments_done": [], "cvelist": [], "viewCount": 17, "modified": "2017-10-20T13:00:51", "description": "\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.\n\nBelow you\u2019ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!\n\n \n\n[**Millions Download Botnet-Building Malware from Google Play**](<https://www.helpnetsecurity.com/2017/10/19/android-botnet-building-malware/>)\n\n_Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The malware, dubbed Sockbot, was found hiding in eight apps on Google Play, all offered by a single developer account._** **\n\n[**New Malicious Macro Evasion Tactics Were Exposed in URSNIF Spam Mail**](<http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/>)\n\n_Threats leveraging malicious macros are constantly changing to evade security measures that detect and block them. Recently, in spam email distributing URSNIF, a malware famous for adopting new tools, Trend Micro saw simple checks that the malware uses to evade sandbox detections.__ _\n\n[**Ransomware-Spreading Botnet Will Screengrab Your Desktop **](<http://www.zdnet.com/article/this-ransomware-spreading-botnet-will-now-screengrab-your-desktop-too/>)\n\n_The Necurs botnet has recently undergone a resurgence, distributing millions of malicious emails. The ransomware is also attaching a downloader with the functionality to gather telemetery from infected victims \u2013 taking screengrabs of infected machines and sending them back to a remote server._\n\n[**Magnitude Exploit Kit Is Now Targeting South Korea with Magniber Ransomware**](<http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit-now-targeting-korea-with-magniber-ransomware/>)\n\n_A new ransomware is being distributed by the Magnitude exploit kit, which Trend Micro found targeting South Korea via malvertisements on attacker-owned domains and sites. The development in Magnitude\u2019s activity is notable because it eschewed Cerber \u2013its usual ransomware payload\u2013 in favor of Magniber.__ _\n\n[**A Sophisticated \u2018Sports Bot\u2019 Is Costing Advertisers Up to $250 Million a Year**](<http://www.adweek.com/digital/a-sophisticated-bot-taking-over-major-sports-sites-is-costing-advertisers-250-million-a-year/>)\n\n_A discovery from Forensiq, which focuses on the detection and prevention of ad fraud, claims advertisers are losing big money from a stealthy bot that\u2019s using a new tactic to siphon millions of dollars away from sports websites including NFL team domains, ESPN and CBS Sports._\n\n**[Researchers Took a Closer Look at North Korea\u2019s Internet](<http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-north-koreas-internet/>)**\n\n_North Korea\u2019s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Trend Micro summarizes its findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses.__ _\n\n[**Cyber Criminals Are Targeting Small Business**](<http://blog.trendmicro.com/small-business-a-target-for-cyber-criminals/>)\n\n_According to an industry survey, 45 percent of small business (SMB) owners believe they'll never be targeted. This is a dangerous assumption because SMBs are sitting ducks for cyber criminals, and as leaders better understand their risk, they struggle to take action against emerging threats.__ _\n\n[**Trend Micro VP of Security Research Makes Predictions for Tomorrow\u2019s Internet**](<http://blog.trendmicro.com/todays-predictions-tomorrows-internet/>)\n\n_It\u2019s an exciting future for sure but, as with everything, it is important to consider the potential \u201cmisuse case\u201d as well as the obvious benefits. We are talking about a future where attackers no longer hack a device that you use, but rather hacking your perception of reality._\n\n[**Cybercrime Is Expanding to Cyberpropaganda**](<http://blog.trendmicro.com/trendlabs-security-intelligence/from-cybercrime-to-cyberpropaganda/>)\n\n_A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime._\n\n**[NSS Labs Announces Trend Micro at the Top Again for Breach Detection](<http://blog.trendmicro.com/trend-micro-top-breach-detection-says-nss-labs/>)**\n\n_Trend Micro Deep Discovery has been recommended for the fourth year in a row by NSS Labs Breach Detection Systems report \u2013 scoring an unbeatable 100% detection rate. Powered by XGen\u2122 security, it\u2019s designed to help organizations detect, analyze, and respond to advanced malware.__ _\n\n[**Trend Micro is Proud to Sponsor G33kW33k**](<http://blog.trendmicro.com/trend-micro-proud-sponsor-g33kw33k/>)\n\n_It started as a small idea. Get a bunch of good people together, away from the pressures of their offices, and see if they could address some of the issues operational security teams have to deal with. It is now Year 4, and Trend Micro is expanding its role to become the lead sponsor of Canada\u2019s GeekWeek.__ _\n\nPlease add your thoughts in the comments below or follow me on Twitter; [@JonLClay.](<https://twitter.com/jonlclay>)", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2017-10-25T19:33:12"}, "dependencies": {"references": [], "modified": "2017-10-25T19:33:12"}, "vulnersScore": -0.2}, "href": "http://blog.trendmicro.com/week-security-news-60/", "history": [{"edition": 1, "bulletin": {"reporter": "Jon Clay", "cvss": {"score": 0.0, "vector": "NONE"}, "references": [], "cvelist": [], "viewCount": 17, "modified": "2017-10-20T13:00:51", "description": "\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.\n\nBelow you\u2019ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!\n\n \n\n[**Millions Download Botnet-Building Malware from Google Play**](<https://www.helpnetsecurity.com/2017/10/19/android-botnet-building-malware/>)\n\n_Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The malware, dubbed Sockbot, was found hiding in eight apps on Google Play, all offered by a single developer account._** **\n\n[**New Malicious Macro Evasion Tactics Were Exposed in URSNIF Spam Mail**](<http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/>)\n\n_Threats leveraging malicious macros are constantly changing to evade security measures that detect and block them. Recently, in spam email distributing URSNIF, a malware famous for adopting new tools, Trend Micro saw simple checks that the malware uses to evade sandbox detections.__ _\n\n[**Ransomware-Spreading Botnet Will Screengrab Your Desktop **](<http://www.zdnet.com/article/this-ransomware-spreading-botnet-will-now-screengrab-your-desktop-too/>)\n\n_The Necurs botnet has recently undergone a resurgence, distributing millions of malicious emails. The ransomware is also attaching a downloader with the functionality to gather telemetery from infected victims \u2013 taking screengrabs of infected machines and sending them back to a remote server._\n\n[**Magnitude Exploit Kit Is Now Targeting South Korea with Magniber Ransomware**](<http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit-now-targeting-korea-with-magniber-ransomware/>)\n\n_A new ransomware is being distributed by the Magnitude exploit kit, which Trend Micro found targeting South Korea via malvertisements on attacker-owned domains and sites. The development in Magnitude\u2019s activity is notable because it eschewed Cerber \u2013its usual ransomware payload\u2013 in favor of Magniber.__ _\n\n[**A Sophisticated \u2018Sports Bot\u2019 Is Costing Advertisers Up to $250 Million a Year**](<http://www.adweek.com/digital/a-sophisticated-bot-taking-over-major-sports-sites-is-costing-advertisers-250-million-a-year/>)\n\n_A discovery from Forensiq, which focuses on the detection and prevention of ad fraud, claims advertisers are losing big money from a stealthy bot that\u2019s using a new tactic to siphon millions of dollars away from sports websites including NFL team domains, ESPN and CBS Sports._\n\n**[Researchers Took a Closer Look at North Korea\u2019s Internet](<http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-north-koreas-internet/>)**\n\n_North Korea\u2019s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Trend Micro summarizes its findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses.__ _\n\n[**Cyber Criminals Are Targeting Small Business**](<http://blog.trendmicro.com/small-business-a-target-for-cyber-criminals/>)\n\n_According to an industry survey, 45 percent of small business (SMB) owners believe they'll never be targeted. This is a dangerous assumption because SMBs are sitting ducks for cyber criminals, and as leaders better understand their risk, they struggle to take action against emerging threats.__ _\n\n[**Trend Micro VP of Security Research Makes Predictions for Tomorrow\u2019s Internet**](<http://blog.trendmicro.com/todays-predictions-tomorrows-internet/>)\n\n_It\u2019s an exciting future for sure but, as with everything, it is important to consider the potential \u201cmisuse case\u201d as well as the obvious benefits. We are talking about a future where attackers no longer hack a device that you use, but rather hacking your perception of reality._\n\n[**Cybercrime Is Expanding to Cyberpropaganda**](<http://blog.trendmicro.com/trendlabs-security-intelligence/from-cybercrime-to-cyberpropaganda/>)\n\n_A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime._\n\n**[NSS Labs Announces Trend Micro at the Top Again for Breach Detection](<http://blog.trendmicro.com/trend-micro-top-breach-detection-says-nss-labs/>)**\n\n_Trend Micro Deep Discovery has been recommended for the fourth year in a row by NSS Labs Breach Detection Systems report \u2013 scoring an unbeatable 100% detection rate. Powered by XGen\u2122 security, it\u2019s designed to help organizations detect, analyze, and respond to advanced malware.__ _\n\n[**Trend Micro is Proud to Sponsor G33kW33k**](<http://blog.trendmicro.com/trend-micro-proud-sponsor-g33kw33k/>)\n\n_It started as a small idea. Get a bunch of good people together, away from the pressures of their offices, and see if they could address some of the issues operational security teams have to deal with. It is now Year 4, and Trend Micro is expanding its role to become the lead sponsor of Canada\u2019s GeekWeek.__ _\n\nPlease add your thoughts in the comments below or follow me on Twitter; [@JonLClay.](<https://twitter.com/jonlclay>)", "enchantments": {}, "href": "http://blog.trendmicro.com/week-security-news-60/", "history": [], "id": "TRENDMICROBLOG:9D9C9C7B4E0E18962B85CB70415357A0", "type": "trendmicroblog", "title": "This Week in Security News", "lastseen": "2017-10-20T13:33:14", "objectVersion": "1.4", "bulletinFamily": "blog", "published": "2017-10-20T13:00:51"}, "lastseen": "2017-10-20T13:33:14", "differentElements": ["description", "href"]}, {"edition": 2, "bulletin": {"reporter": "Jon Clay", "cvss": {"score": 0.0, "vector": "NONE"}, "references": [], "cvelist": [], "viewCount": 17, "modified": "2017-10-20T13:00:51", "description": "\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.\n\nBelow you\u2019ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!\n\n \n\n[**Millions Download Botnet-Building Malware from Google Play**](<https://www.helpnetsecurity.com/2017/10/19/android-botnet-building-malware/>)\n\n_Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The malware, dubbed Sockbot, was found hiding in eight apps on Google Play, all offered by a single developer account._** **\n\n[**New Malicious Macro Evasion Tactics Were Exposed in URSNIF Spam Mail**](<http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/>)\n\n_Threats leveraging malicious macros are constantly changing to evade security measures that detect and block them. Recently, in spam email distributing URSNIF, a malware famous for adopting new tools, Trend Micro saw simple checks that the malware uses to evade sandbox detections.__ _\n\n[**Ransomware-Spreading Botnet Will Screengrab Your Desktop **](<http://www.zdnet.com/article/this-ransomware-spreading-botnet-will-now-screengrab-your-desktop-too/>)\n\n_The Necurs botnet has recently undergone a resurgence, distributing millions of malicious emails. The ransomware is also attaching a downloader with the functionality to gather telemetery from infected victims \u2013 taking screengrabs of infected machines and sending them back to a remote server._\n\n[**Magnitude Exploit Kit Is Now Targeting South Korea with Magniber Ransomware**](<http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit-now-targeting-korea-with-magniber-ransomware/>)\n\n_A new ransomware is being distributed by the Magnitude exploit kit, which Trend Micro found targeting South Korea via malvertisements on attacker-owned domains and sites. The development in Magnitude\u2019s activity is notable because it eschewed Cerber \u2013its usual ransomware payload\u2013 in favor of Magniber.__ _\n\n[**A Sophisticated \u2018Sports Bot\u2019 Is Costing Advertisers Up to $250 Million a Year**](<http://www.adweek.com/digital/a-sophisticated-bot-taking-over-major-sports-sites-is-costing-advertisers-250-million-a-year/>)\n\n_A discovery from Forensiq, which focuses on the detection and prevention of ad fraud, claims advertisers are losing big money from a stealthy bot that\u2019s using a new tactic to siphon millions of dollars away from sports websites including NFL team domains, ESPN and CBS Sports._\n\n**[Researchers Took a Closer Look at North Korea\u2019s Internet](<http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-north-koreas-internet/>)**\n\n_North Korea\u2019s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Trend Micro summarizes its findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses.__ _\n\n[**Cyber Criminals Are Targeting Small Business**](<http://blog.trendmicro.com/small-business-a-target-for-cyber-criminals/>)\n\n_According to an industry survey, 45 percent of small business (SMB) owners believe they'll never be targeted. This is a dangerous assumption because SMBs are sitting ducks for cyber criminals, and as leaders better understand their risk, they struggle to take action against emerging threats.__ _\n\n[**Trend Micro VP of Security Research Makes Predictions for Tomorrow\u2019s Internet**](<http://blog.trendmicro.com/todays-predictions-tomorrows-internet/>)\n\n_It\u2019s an exciting future for sure but, as with everything, it is important to consider the potential \u201cmisuse case\u201d as well as the obvious benefits. We are talking about a future where attackers no longer hack a device that you use, but rather hacking your perception of reality._\n\n[**Cybercrime Is Expanding to Cyberpropaganda**](<http://blog.trendmicro.com/trendlabs-security-intelligence/from-cybercrime-to-cyberpropaganda/>)\n\n_A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime._\n\n**[NSS Labs Announces Trend Micro at the Top Again for Breach Detection](<http://blog.trendmicro.com/trend-micro-top-breach-detection-says-nss-labs/>)**\n\n_Trend Micro Deep Discovery has been recommended for the fourth year in a row by NSS Labs Breach Detection Systems report \u2013 scoring an unbeatable 100% detection rate. Powered by XGen\u2122 security, it\u2019s designed to help organizations detect, analyze, and respond to advanced malware.__ _\n\n[**Trend Micro is Proud to Sponsor G33kW33k**](<http://blog.trendmicro.com/trend-micro-proud-sponsor-g33kw33k/>)\n\n_It started as a small idea. Get a bunch of good people together, away from the pressures of their offices, and see if they could address some of the issues operational security teams have to deal with. It is now Year 4, and Trend Micro is expanding its role to become the lead sponsor of Canada\u2019s GeekWeek.__ _\n\nPlease add your thoughts in the comments below or follow me on Twitter; [@JonLClay.](<https://twitter.com/jonlclay>)", "enchantments": {}, "href": "https://blog.trendmicro.com/week-security-news-60/", "history": [], "id": "TRENDMICROBLOG:9D9C9C7B4E0E18962B85CB70415357A0", "type": "trendmicroblog", "title": "This Week in Security News", "lastseen": "2017-10-24T17:32:45", "objectVersion": "1.4", "bulletinFamily": "blog", "published": "2017-10-20T13:00:51"}, "lastseen": "2017-10-24T17:32:45", "differentElements": ["description", "href"]}], "id": "TRENDMICROBLOG:9D9C9C7B4E0E18962B85CB70415357A0", "reporter": "Jon Clay", "title": "This Week in Security News", "lastseen": "2017-10-25T19:33:12", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "objectVersion": "1.4", "bulletinFamily": "blog", "_object_type": "robots.models.rss.RssBulletin", "published": "2017-10-20T13:00:51"}
