Top IT Security Bloggers

TrendLabs - Malware Blog
  • The Long Arm of the Law: Multiple Cybercriminals Sent Behind Bars

    TrendLabs - Malware Blog
    April 2016 was a great month for putting cybercriminals in prison. On April 12 Paunch, the creator of the infamous Blackhole exploit kit, was sentenced to seven years in a Russian prison. This was soon followed by Aleksandr Panin, the creator of SpyEye: he was sentenced by a United States federal court to nine and a half years in prison for his role in creating SpyEye. One of his partners, Hamza Bendelladj, was sentenced to fifteen years.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    The Long Arm of the Law: Multiple Cybercriminals Sent Behind Bars
  • Dark Motives Online: Are Cybercriminals and Terrorist Organizations More Similar than We Think?

    TrendLabs - Malware Blog
    Are terrorists really any different from cybercriminals? We stumbled upon terrorist content during our investigations on cybercriminal activity in the underground, and after a thorough analysis of it, we uncovered parallels in the way these two distinct groups operate online.
    Terrorists’ usage of the Internet in their operations has been under heavy discussions as of late, with recent events such as the Paris and Belgium attacks bringing the controversial subject to the forefront. But better access to information will only solve a portion of the tracking problem when terrorist organizations are utilizing the latest cyber technologies, techniques, and applications spanning across mobile, surface web, as well as deep and dark web.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Dark Motives Online: Are Cybercriminals and Terrorist Organizations More Similar than We Think?
  • Crypto-ransomware Gains Footing in Corporate Grounds, Gets Nastier for End Users

    TrendLabs - Malware Blog
    In the first four months of 2016, we have discovered new families and variants of ransomware, seen their vicious new routines, and witnessed threat actors behind these operations upping the ransomware game to new heights. All these developments further establish crypto-ransomware as a lucrative cybercriminal enterprise. As we predicted, this year is indeed shaping up to be the year of online extortion,  and while the security industry may be doing an admirable job of keeping up with the latest new tactic and providing solutions, the not-so informed public and organizations may very well be on the receiving end of a crippling malware that can destroy personal and corporate files, as well as lead to huge financial losses.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Crypto-ransomware Gains Footing in Corporate Grounds, Gets Nastier for End Users
  • Locky Ransomware Spreads Via Flash and Windows Kernel Exploits

    TrendLabs - Malware Blog
    By Moony Li and Hugo Cao In early April of this year a zero-day exploit (designated as CVE-2016-1019) was found in Adobe Flash Player. This particular flaw was soon used by the Magnitude Exploit Kit, which led to an Adobe out-of-cycle patch. This flaw was being used to lead to drive-by download attacks with Locky ransomware as the payload. However, this did not...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Locky Ransomware Spreads Via Flash and Windows Kernel Exploits
  • New FAREIT Strain Abuses PowerShell

    TrendLabs - Malware Blog
    In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several good reasons for an attacker to use this particular feature.
    First, users cannot easily spot any malicious behavior since PowerShell runs in the background. Secondly, PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it a powerful tool for attackers.
    Last March 2016, we noted that PowerWare crypto-ransomware also abused PowerShell. Recently, we spotted a new attack where PowerShell was abused to deliver a FAREIT variant. This particular family of information stealers has been around since 2011.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New FAREIT Strain Abuses PowerShell
  • A Lesson on Patching: The Rise of SAMSAM Crypto-Ransomware

    TrendLabs - Malware Blog
    The critical role of patch management comes into play when vulnerabilities are used by attackers as entry points to infiltrate their target systems and networks or when security flaws are abused to spread any threats.  The case of the infamous SAMSAM crypto-ransomware supports this. The said threat deviated from other crypto-ransomware families. Instead of arriving...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    A Lesson on Patching: The Rise of SAMSAM Crypto-Ransomware
  • Looking Into a Cyber-Attack Facilitator in the Netherlands

    TrendLabs - Malware Blog
    A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another APT group, attacked the government of UAE using servers of the VPS provider through highly targeted credential phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their Command and Control (C&C) servers and to send spear phishing e-mails.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Looking Into a Cyber-Attack Facilitator in the Netherlands
  • SpyEye Creator Sentenced to 9 Years in Federal Prison

    TrendLabs - Malware Blog
    The creator of the banking malware SpyEye, Aleksandr Andreevich Panin, has just been sentenced on charges related to creating and distributing SpyEye. In early 2014, he pleaded guilty to charges related to creating and distributing SpyEye. Information provided by Trend Micro was used to help find the real identities of Panin and his accomplices.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    SpyEye Creator Sentenced to 9 Years in Federal Prison
  • New Crypto-Ransomware JIGSAW Plays Nasty Games

    TrendLabs - Malware Blog
    The evolution of crypto-ransomware in terms of behavior takes a step forward, and a creepy one at that. We have recently encountered a nasty crypto-ransomware variant called JIGSAW. Reminiscent to the horror film Saw, this malware toys with users by locking and deleting their files incrementally. To an extent, it instills fear and pressures users into paying the ransom. It even comes with an image of Saw’s very own Billy the puppet, and the red analog clock to boot.
    It’s no longer a surprise that crypto-ransomware is the prevalent threat in today’s computing landscape, given its promise of quick ROI for the cybercriminals behind it. It’s also not surprising that many have joined this bandwagon. These days, the name of the crypto-ransomware game is to add “unique” features or “creative” ways to instill fear and put more pressure to users to pay up, despite the fact that, when it comes to their technical routines, there’s not much difference among these malware. JIGSAW joins notable families like PETYA and CERBER that have emerged in the past couple of months alone.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New Crypto-Ransomware JIGSAW Plays Nasty Games
  • “Operation C-Major” Actors Also Used Android, BlackBerry Mobile Spyware Against Targets

    TrendLabs - Malware Blog
    Last March, we reported on Operation C-Major, an active information theft campaign that was able to steal sensitive information from high profile targets in India. The campaign was able to steal large amounts of data despite using relatively simple malware because it used clever social engineering tactics against its targets. In this post, we will focus on the mobile part of their operation and discuss in detail several Android and BlackBerry apps they are using. Based on our investigation, the actors behind Operation C-Major were able to keep their Android malware on Google Play for months and they advertised their apps on Facebook pages which have thousands of likes from high profile targets.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    “Operation C-Major” Actors Also Used Android, BlackBerry Mobile Spyware Against Targets

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place