Top IT Security Bloggers

TrendLabs - Malware Blog
  • August Patch Tuesday: A Tale of Two Zero-Days

    TrendLabs - Malware Blog
    This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
    The post August Patch Tuesday: A Tale of Two Zero-Days appeared first on .
  • Ransomware as a Service Princess Evolution Looking for Affiliates

    TrendLabs - Malware Blog
    We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig's traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.
    The post Ransomware as a Service Princess Evolution Looking for Affiliates appeared first on .
  • How Machine Learning Can Help Identify Web Defacement Campaigns

    TrendLabs - Malware Blog
    Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a previous paper and, in another post, emphasized how machine learning in our security research tool can help Computer Emergency Readiness Teams (CERTs)/Computer Security Incident Response Teams (CSIRTs) and web administrators prepare for such attacks. The latter took off from the analysis done in our most recent paper, Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG. Here we expound on why machine learning (ML) was an ideal method for our analysis to better understand how web defacers operate and organize themselves.
    The post How Machine Learning Can Help Identify Web Defacement Campaigns appeared first on .
  • Malware Targeting Bitcoin ATMs Pops Up in the Underground

    TrendLabs - Malware Blog
    With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.
    The post Malware Targeting Bitcoin ATMs Pops Up in the Underground appeared first on .
  • Adversarial Sample Generation: Making Machine Learning Systems Robust for Security

    TrendLabs - Malware Blog
    The history of antimalware security solutions has shown that malware detection is like a cat-and-mouse game. For every new detection technique, there’s a new evasion method. When signature detection was invented, cybercriminals used packers, compressors, metamorphism, polymorphism, and obfuscation to evade it. Meanwhile, API hooking and code injection methods were developed to evade behavior detection. By the time security solutions started using machine learning (ML)-based detection technologies, it was already expected that cybercriminals would develop new tricks to evade ML.
    To be one step ahead of cybercriminals, one method of enhancing an ML system to counter evasion tactics is generating adversarial samples, which are input data modified to cause an ML system to incorrectly classify it. Interestingly, while adversarial samples can be designed to cause ML systems to malfunction, they can also, as a result, be used to improve the efficiency of ML systems.
    The post Adversarial Sample Generation: Making Machine Learning Systems Robust for Security appeared first on .
  • Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmy RAT Distributed by Necurs

    TrendLabs - Malware Blog
    Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access tool) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft's Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.
    The post Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmy RAT Distributed by Necurs appeared first on .
  • The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape

    TrendLabs - Malware Blog
    Compared to the first quarter of 2018, where the prevalence of threats was the most pronounced trend, the second quarter in North America’s security landscape this year showed notable techniques that we foresee will be further honed. These include: combining the capabilities of cryptocurrency-mining or information theft malware and ransomware; hiding in the system until the payload is triggered; and embedding more functionalities in malware tools to steal more data.
    Indeed, the persistent as well as prevalent threats in North America — information stealers, cryptocurrency-mining malware, and ransomware — highlight the need for equipping organizations with actionable insights and contexts needed to prepare and defend themselves against tenacious and evolving threats.
    The post The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape appeared first on .
  • New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel

    TrendLabs - Malware Blog
    We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format (romfs). These make the exploit kits and its payload challenging to analyze.
    The post New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel appeared first on .
  • Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

    TrendLabs - Malware Blog
    Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.
    The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .
  • Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication

    TrendLabs - Malware Blog
    Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.
    The post Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication appeared first on .

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release