Category: Trend Micro Research, News and Perspectives

Discover the best practices for cybersecurity that developers can implement when working remotely. These will secure your system against security breaches and threats like malware, phishing, data theft, ransomware, and spyware. This article has been indexed from Trend Micro Research,…

Read more →

We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights…

Read more →

Discover the challenges of AWS cloud workload security and the various technologies that can alleviate them. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 4 Tips for Better AWS Cloud Workload Security

Read more →

Misconfigured cloud and IT assets open the door to a wide range of cyber risks. Automated, continuous cybersecurity monitoring lets organizations watch accounts and systems for exposures in real time and maintain strong attack surface risk management. This article has…

Read more →

After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to…

Read more →

Learn how policy as code and compliance as code differ and how they can help prevent policy and compliance issues. Investigate the critical area of compliance where automation is playing an increasingly important role in IT management. This article has…

Read more →

To meet the expectations of today’s digital enterprises, cybersecurity operations need to modernize in three key ways: by optimizing extended detection and response (XDR), adopting proactive cyber risk management, and moving to a unified security platform. This article has been…

Read more →

Explore the drivers behind switching from VPN to Zero Trust Network Access (ZTNA) for any device access from anywhere. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: ZTNA vs VPN: Secure Remote…

Read more →

In this second report on S4x23 held last February, this article introduces the discussion on cyber security in the energy industry, which was one of the topics that attracted attention. This article has been indexed from Trend Micro Research, News…

Read more →

To help organizations shift security left, Greg Young, Vice President of Cybersecurity and CorpDev at Trend Micro and Andy Anderson, DataStream CEO and Co-Founder, discuss how IT decision makers can educate the board with a proactive cybersecurity plan. This article…

Read more →

Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Zero Day Threat Protection for…

Read more →

With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management. This article has been indexed from Trend Micro Research, News…

Read more →

This blog introduces discussions from S4x23, the ICS security conference in Miami over several posts. The first installment will cover two topics from the academic interviews. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups’ targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”…

Read more →

Find out how the Managed XDR team uncovered RedLine Stealer’s evasive spear-phishing campaign that targets the hospitality industry. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Managed XDR Exposes Spear-Phishing Campaign Targeting…

Read more →

With phishing attacks at an all-time high, phishing as a service (PhaaS) is turning this once-skilled practice into a pay-to-play industry. Understanding the latest attack tactics is critical to improving your email security strategy. This article has been indexed from…

Read more →

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems. This article has been indexed from…

Read more →

Learn how Jamstack has emerged as a new architectural paradigm for delivering websites and web-based applications with the promise of improved performance, scalability, and security over the traditional server-driven approach to web development. This article has been indexed from Trend…

Read more →

Discover the evolution of cyber risk quantification, criteria for an accurate risk score, and its benefits across the organization. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Decrypting Cyber Risk Quantification

Read more →

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: A Deep…

Read more →

Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. This article has been indexed from Trend Micro Research, News and…

Read more →

In an era of constant web security threats, learn how the AWS Security Maturity Model can help you enhance your organization’s cloud security. This article outlines tips to apply the model according to your organization’s stage of security maturity. This…

Read more →

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: A Deep…

Read more →

Discover the benefits of SASE, a network architecture built on zero trust principles, in adopting modern security architectures to reduce cyber risk across the attack surface. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: A Deep…

Read more →

An advanced cybersecurity audit helps identify overlooked IP addresses, forgotten devices, and misconfigured infrastructure that can expose organizations to ransomware and other cyber threats. Find out how to strengthen attack surface risk management. This article has been indexed from Trend…

Read more →

Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3. This article has been indexed from…

Read more →

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in…

Read more →

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in…

Read more →

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who…

Read more →

MLOps provides a systematic approach to evaluating and monitoring ML models. Discover the various security concerns associated with MLOps and learn the best practices for using it securely. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack. This article has been…

Read more →

We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Configuration errors are a major cause of cloud security challenges for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve…

Read more →

Outline a cybersecurity plan to protect your operational technology network by studying the five techniques adversaries use to target them. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: OT Cybersecurity Plan to…

Read more →

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Read more →

The ransomware business model is poised to change. These four predictions could help to keep your organization secure from new forms of cyber extortion. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

This article explores how services provided by Amazon Web Services enable better container management with simplicity, flexibility, and complete control. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Guide to Container Management…

Read more →

In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Vietnam’s telecom, technology, and media sectors similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on…

Read more →

Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

In this investigation, we analyzed several prominent “passive income” applications and found out that there may be security risks upon participating in these programs. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Although Transport layer security (TLS) provides enhanced security, cybercriminals have become increasingly savvy, finding ways to circumvent many of these protections. Learn how malicious actors exploit vulnerabilities within TLS to introduce new forms of malware. This article has been indexed…

Read more →

Trend Micro named one of 2023’s coolest cloud security companies This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cloud-ready and Channel-first

Read more →

Simulation uncovers hidden features and urges greater user awareness This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Research Exposes Azure Serverless Security Blind Spots

Read more →

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the…

Read more →

In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 6…

Read more →

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from…

Read more →

We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What SOCs Need…

Read more →

Simulation uncovers hidden features and urges greater user awareness This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Research Exposes Azure Serverless Security Blind Spots

Read more →

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the…

Read more →

In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 6…

Read more →

To establish a better security posture, you must address vulnerabilities in your attack vectors and surfaces. While these terms are similar, they’re not the same. This article explores key differences between the two, helping you make your system more secure.…

Read more →

Stay informed and stay ahead This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Monthly Threat Webinar Series in 2023: What to Expect

Read more →

MSP partnerships are growing in line with rapid cloud migration and the evolving threat landscape. Discover how an MSP can help your business and tips for making an informed partner decision. This article has been indexed from Trend Micro Research,…

Read more →

Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. This article has been…

Read more →

Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management, and how vendors and cyber insurers can champion enhanced cybersecurity posture. This article has been indexed from Trend Micro Research,…

Read more →

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution…

Read more →

Discover the importance of dependency mapping and best practices for successful dependency management This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Dependency Mapping for DevSecOps

Read more →

In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. This article has been indexed from Trend Micro Research, News…

Read more →

It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy. This article has been indexed from Trend Micro Research, News…

Read more →

TLS is the backbone of encryption and key to ensuring data integrity, but its misconfiguration can leave your system vulnerable. Read on to discover how to secure your TLS connection and arm your organization against malicious attacks. This article has…

Read more →

Explore how businesses can make internal and external attack surface management (ASM) actionable. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What is Business Attack Surface Management?

Read more →

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. This article has been…

Read more →

Good cyber hygiene starts with buy-in across the enterprise. Discover how CISOs can establish a company-wide security culture to reduce risk. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cyber Hygiene: How…

Read more →

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader). This article has been indexed from Trend…

Read more →

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. This article has been indexed from Trend…

Read more →

Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file…

Read more →

As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2023. This article has been indexed from Trend Micro Research, News…

Read more →

Running real-world attack simulations can help improve organizations’ cybersecurity resilience This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What is Red Teaming & How it Benefits Orgs

Read more →

The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Dridex Returns, Targets…

Read more →

How can highly distributed organizations with complex, integrated supply chains defend against cyber threats? By practicing good data hygiene based on zero-trust principles. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Why…

Read more →