Author Archives: Jon Clay (Global Threat Communications)

This Week in Security News: Trend Micro Launches its XDR Center in India and EU Reports 5G Cybersecurity Risks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s new XDR Center in India that will help solve data sovereignty issues. Also, read about 5G network software use being a top security issue for mobile networks and devices.

Read on:

New Botnet Nabs Victims by Sending 30,000 “Sextortion” Emails Per Hour

The Phorpiex botnet is now capable of taking over unwitting email users’ accounts to bombard the masses with emails that threaten to publish personal sexual content on the web, social media, and to other email contacts unless they pay extortion money in the form of bitcoin. 

Apple iTunes, iCloud Zero-Day Exploited to Inject BitPaymer Ransomware in Windows PCs

A zero-day vulnerability found in Apple iTunes and iCloud was exploited by cybercriminals to infect Windows computers of an automotive company with the BitPaymer ransomware. It was found in the Bonjour component that iTunes and iCloud programs for Windows use to deliver software updates. The attack was reportedly not detected by antivirus solutions.

Trend Micro Launches Its XDR Data Center in India

Cybersecurity and defense company Trend Micro recently launched its local managed XDR data center service in India to solve data sovereignty issue. The company announced the news at its own security event named CLOUDSEC India 2019, which gathered more than 750 business and technology leaders from the cybersecurity industry.

EU Report Highlights Cybersecurity Risks in 5G Networks

The extent with which 5G networks use software is one of the top security issues for mobile networks as well as devices and current technologies (for example, 3G, 4G) that use or incorporate it, according to an EU report supported by the European Commission and European Union Agency for Cybersecurity.

Malware That Spits Cash Out of ATMs Has Spread Across the World

A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks. Trend Micro’s David Sancho, a senior threat researcher, discusses the wide accessibility of the malware.

Imperva Data Breach Caused by Stolen AWS API Key

Imperva recently revealed the primary cause of a breach that accidentally exposed customer data (which included email addresses, hashed & salted passwords, as well as TLS and API keys). It turned out to have been caused by a stolen Amazon Web Services (AWS) API key that was used to access a database snapshot containing the compromised data.

China’s Upgraded Cybersecurity Law Could Take a Toll

China is applying tougher cybersecurity standards more widely as of Dec. 1, requiring companies to open their networks and deploy government-approved equipment. The changes worry international organizations and underscore the difference between U.S. and Chinese approaches to cybersecurity.

Winnti Group Resurfaces with PortReuse Backdoor, Now Engages in Illicit Cryptocurrency Mining

The Winnti group used a previously undocumented and unreported backdoor named PortReuse to compromise a high-profile, Asia-based mobile hardware and software manufacturer, presumably as a jump-off point for launching supply chain attacks. This is what researchers at ESET found after an in-depth analysis of the Winnti group’s operations.

US Claims Cyber Strike on Iran After Attack on Saudi Oil Facility

Reuters reports that the United States launched a “secret cyber operation” against Iran in September, following the alleged drone and missile attack by Iran on Saudi Arabian oil facilities. Unnamed officials told Reuters that the late-September cyberattack targeted Iran’s “propaganda” infrastructure. The attack, one official said, affected physical hardware. But no further details were provided.

Monero-Mining Worm Infects Over 2,000 Unsecure Docker Hosts

Over 2,000 Docker hosts have been infected by a worm that discreetly uses them to mine the Monero cryptocurrency. According to the researchers who discovered the malware variant, the worm searched for and infected exposed Docker Engines to spread the worm to, then queried its command-and-control (C&C) server to look for more vulnerable hosts, choosing at random from among the possible targets.

Warning: Russian Hackers Break into European Embassy in Washington

The so-called Cozy Bear hackers, who were revealed in 2016 to have infiltrated the DNC along with a group called Fancy Bear as part of a Russian-government sponsored attack on American democracy, have hacked the Washington, D.C., embassy of a European member state. The hackers also broke into computers at the ministries of foreign affairs of three European countries.

 Do you know the signs of a jackpotting ATM attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Trend Micro Launches its XDR Center in India and EU Reports 5G Cybersecurity Risks appeared first on .

This Week in Security News: How a Partnership can Advance DevSecOps and Cybersecurity Issues in the Midwest and South U.S.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s partnership with Snyk will advance DevSecOps. Also, read about cyber attacks affecting hospitals in Alabama and Indiana as well as disregarded cybersecurity protocols in Mississippi.

Read on:

Trend Micro Partners with Snyk to Advance DevSecOps

Trend Micro announced an alliance with Snyk through which alerts about vulnerabilities in open source code will be passed on to the tools Trend Micro makes available to apply virtual patches to both monolithic and microservices-based applications.

Answering IoT Security Questions for CISOs

Given the permeating nature of IoT and Industrial IoT devices in our daily lives, from smart homes to smart cities, one cannot escape the growing cybersecurity risks associated with these devices. It might leave CISOs with a lot of questions about how this newer, growing attack vector could impact their business. Ed Cabrera, Trend Micro’s chief cybersecurity officer, answers a few of those questions here.

Tackling the BEC Epidemic in a New Partnership with INTERPOL

In just a few short years, Business Email Compromise (BEC) has gone from a peripheral threat to a major cyber risk for organizations. It’s making criminal gangs millions of dollars each month, hitting corporate profits and reputation in the process. In this blog, learn about the formidable array of resources that Trend Micro has built over the past few years to help protect our global customers from BEC.

Magecart Attack on Volusion Highlights Supply Chain Dangers

Magecart attackers have infiltrated cloud-based e-commerce provider Volusion to successfully infect at least 6,500 customer websites with malicious code designed to lift payment card information. This article also includes insights from Trend Micro researchers on Magecart actor groups.

Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches

October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Take a closer look at the notable vulnerabilities patched this month in this article.

CVE-2019-16928: Exploiting an Exim Vulnerability Via EHLO Strings

In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution attacks (RCE).

Mississippi State Agencies Not Complying with Cybersecurity Laws

In a recent cybersecurity audit undertaken by the office of the state auditor of Mississippi, it was found that a sizable number of state’s agencies are regularly failing to comply with the cybersecurity protocols. These protocols, which were devised in 2018 and called the Mississippi Enterprise Security program, were aimed at building cooperation among agencies on defense and cybersecurity.

Ransomware Attack Disrupts Medical Care in 3 Alabama Hospitals

Three hospitals of the DCH Health System were hit by a ransomware attack on October 1, forcing the medical institutions to turn away noncritical patients while they work to securely restore their affected IT systems.

Phishing Attack Exposes the Data of 60K Patients in Indiana

A new attack on healthcare data has been reported in Gary, Indiana, involving a phishing campaign that possibly exposed medical and personal information of 68,039 patients of Methodist Hospitals, Inc. An investigation determined that two of its employees had fallen victim to a phishing campaign that gave an unknown threat actor unauthorized access to their email accounts.

Three Recommendations for Securing the Network from Targeted Attacks

Targeted attacks remain a serious threat to organizations despite the emergence of advanced security technologies. A recent study shows that the average cost of cybercrime for each company — where sophisticated attacks are at play — has increased from US$11.7 million in 2017 to US$13.0 million in 2018. Read up on three security recommendations that can protect networks from targeted attacks.

Organizations Need Tools that Support DevOps Security

Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro. The company commissioned a survey, which polled 1,310 IT decision makers in SMB and enterprise organizations across the globe about their organizational culture.

September Malicious Cryptocurrency-Mining Attacks Showcase Current Malware Techniques and Capabilities

A spate of cryptocurrency-mining malware that affected Windows systems, Linux machines, and routers have been identified last August to September of this year. The malware variants employed a variety of methods – from the use of rootkit to MIMIKATZ – to hide and spread their malicious mining activities.

RobbinHood Ransomware Banks on Bad Reputation to Extort Money from Victims

A RobbinHood variant was found employing a scaring tactic in its new ransom note, prodding victims to search online for news of previous RobbinHood ransomware victims and how they ended up paying a larger cost by not paying the cybercriminals up front. 

US University Offers First Ever Healthcare-Specific Cybersecurity Certification

The McCombs School of Business at the University of Texas at Austin has launched America’s first professional cybersecurity certificate program specifically geared toward protecting healthcare providers from cyber-attacks. The Leadership in Healthcare Privacy and Security Risk Management program has been launched by the school in a bid to help close the 1.8-million-person info security gap.

Do you know how to protect your organization from falling victim to targeted attacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: How a Partnership can Advance DevSecOps and Cybersecurity Issues in the Midwest and South U.S. appeared first on .

This Week in Security News: How a GIF Can Hack Your Android and Vulnerabilities That Could Put Hospital Networks at Risk

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how smart home devices can be easily hacked and 11 vulnerabilities that could affect medical devices and hospital networks. Also, read about why AI could be vital to your security future and a massive Zynga breach affecting more than 200 million players.

Read on:

In Identity Theft the Target is You!

The hard truth is that identity data is the new gold—and criminal panhandlers are constantly mining for the sale and distribution of data on the Dark Web. But what can we as digital citizens do to protect ourselves? Trend Micro’s recent blog post describes how to keep yourself and your data safe.

Trend Micro Named a Leader in Endpoint Security

Trend Micro was cited as a leader with the second-highest score in the current offering category in The Forrester Wave: Endpoint Security Suites, Q3 2019 report. Trend received the highest possible score for Corporate Vision and Focus (a criterion under the Strategy category), a recognition of stable leadership, innovative technology and high-quality product management and development.

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

Trend Micro found a new modular fileless botnet malware called Novter that the KovCoreG campaign has been distributing since March. KovCoreG is known for using the Kovter botnet malware through malvertisements and exploit kits to commit click fraud.

Trend Micro: Why AI Could Be Vital to Your Security Future

With businesses of all sizes keen to ensure they don’t become the next big-name security attack victim, the need to stay on top of your data could be central to staying safe from the latest threats. Cybercrime tactics have become more professional and business-like in recent years, keeping them one step ahead of the game.

Hacker Compromised Family’s Wi-Fi, Taunted Family with Thermostat, Camera for 24 Hours

According to a recent report, a hacker was able to hack into a couple’s Nest security system, control their thermostat and talk to them via their camera. According to the report, changing their Wi-Fi password wasn’t enough to keep the hacker away and disturbances only stopped after changing the network ID. Read up on how to protect your smart home and IoT devices in Trend Micro’s analysis.

Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare

The industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. However, rapid adoption of IIoT is not without risks. Healthcare stakeholders must first understand the dangers it brings to the field when haphazardly implemented. Read more about addressing IIoT risks in healthcare in Trend Micro’s blog.

This Huge Android Trojan Malware Campaign Was Discovered After the Gang Behind It Made Basic Security Mistakes

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

Permanent Jailbreak on iPhones Possible Using Checkm8 Unpatchable Exploit

Security researcher axi0mX discovered “checkm8,” an exploit that could allow the jailbreak of millions of iOS devices. The exploit lies in the bootrom of the affected devices, which in turn is located on a read-only memory chip. This renders the exploit unpatchable and the resulting jailbreak permanent.

Exim Vulnerability CVE-2019-16928 Could Lead to Denial-of-Service and Remote Code Execution Attacks

A vulnerability involving the message transfer agent Exim — estimated to run roughly 57% of all email servers — has been discovered by security researchers from QAX-A-Team. Exploitation of the bug, assigned CVE-2019-16928, could result in threat actors being able to launch denial-of-service (DoS) or remote code execution (RCE) attacks.

Zynga Data Breach Exposed 200 Million Words with Friends Players

Publisher Zynga announced there was a data breach of account login info for Draw Something and Words with Friends players on Sept. 12.  A hacker that goes by the name of Gnosticplayers said they stole data from over 218 million Words with Friends player accounts.

FDA Warns Against URGENT/11 Vulnerabilities Affecting Medical Devices and Hospital Networks

The Food and Drug Administration (FDA) notified patients, healthcare professionals, and other stakeholders, warning them of a set of 11 vulnerabilities that could put medical devices and hospital networks at risk. The set of vulnerabilities was dubbed “URGENT/11,” and was discovered in a decade-old third-party software component called IPnet.

Who Should the CISO Report To, and Other CloudSec 2019 Takeaways

The second annual CloudSec event hosted by Trend Micro last week yielded valuable insight from industry leaders both on stage and during breakout sessions. Trend’s Mark Nunnikhoven, vice president of cloud research, discusses Canada’s position in the cloud adoption race.

Security 101: Zero-Day Vulnerabilities and Exploits

A zero-day attack exploits an unpatched vulnerability and could significantly affect organizations using vulnerable systems. Trend Micro provides an overview detailing what businesses need to know about zero-day vulnerabilities so they can better mitigate the risks and the threats that exploit them.

Were you aware that smart home devices could be hacked? Will it affect your decision to buy smart home devices in the future? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: How a GIF Can Hack Your Android and Vulnerabilities That Could Put Hospital Networks at Risk appeared first on .

This Week in Security News: Fake Apps on iOS and Google Play and Social Media Security Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the evolution of EDR to XDR (and why your CISO should care), stock trading app attacks and fake gambling apps. Also, read about how Instagram and the Heyyo dating app exposed its users’ data.

Read on:

Why Should CISOs Care About XDR?

Will the evolution of EDR to XDR meet the challenges we are seeing today? In Trend Micro’s latest Simply Security blog, learn how XDR fills the gaps that EDR can’t, including malicious artifacts that are siloed or missed at the network, cloud and gateway – and why your CISO should care.

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

As the use of stock trading apps continues to rise and gain popularity, cybercriminals continue to create and leverage fake trading apps to steal users’ personal data. Trend Micro found and analyzed a fake stock trading app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio.

Instagram Data Leak Exposes Account Information Including Full Names and Phone Numbers

Another day, another security issue for the Facebook family of companies. This time out, an Instagram data leak was discovered, exposing hidden contact information including the real names of millions of Instagram users and their phone numbers.

Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play

Trend Micro found hundreds of fake apps on iOS and Google Play stores, many of which posed as seemingly normal gambling games and were controlled to appear innocuous. Leveraging a “switch” feature, threat actors set the apps to either show or hide the app’s actual content.

Chrome Bug, Not Avid Software, Causes Damage to MacOS File Systems

Researchers have tracked a problem that caused corruption to the file systems of macOS users to a bug in a Google Chrome update after users originally feared it was a problem with Avid Media Composer. Users scrambled to find a fix for the problem, and eventually Google took responsibility for the issue.

From Homes to the Office: Revisiting Network Security in the Age of the IoT

As more businesses take advantage of rapidly developing IoT (Internet of Things) technology and begin adoption for their network environments, the underlying concern for network and data security has grown. In this blog, read about the commonly used features and types of home devices currently on the market, their security risks and Trend Micro’s best practices to defend and mitigate against attacks.

Magecart Web Skimming Group Targets Public Hotspots and Mobile Users

One of the web skimming groups that operate under the Magecart umbrella has been testing the injection of payment card stealing code into websites through commercial routers like those used in hotels and airports. The group has also targeted an open-source JavaScript library called Swiper that is used by mobile websites and apps.

Unsecure Pagers in Vancouver Expose Sensitive Patient Data: What This Means for Enterprises

The nonprofit group Open Privacy Research Society publicized in a press release that the confidential medical and personally identifiable information (PII) of patients across Vancouver, Canada, is being leaked through the paging systems of hospitals in the area. In this article, Trend Micro analyzes the security risks of pager technology.

Microsoft Releases Out-of-Band IE, Defender Security Updates

Microsoft released two out-of-band security patches to address critical issues for Internet Explorer (IE) and Microsoft Defender. While no exploit has been reported, Microsoft stated that an IE zero-day scripting engine flaw has been observed in the wild and advised users to manually update their systems immediately.

Heyyo Dating App Leaked Users’ Personal Data, Photos, Location, More

Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, which is believed to be the app’s entire userbase.

Emotet Disguises as Downloadable File of Edward Snowden’s New Book to Infect Users

Emotet malware expanded its campaign to bank on the popularity of former CIA contractor and NSA whistleblower Edward Snowden’s bestselling memoir. The cybercriminals behind the campaign sent spam emails containing a Microsoft Word document pretending to be a free “Permanent Record” copy, luring victims to open the malicious document containing Emotet.

Social Engineering Explained: How Criminals Exploit Human Behavior

Social engineering has proven to be a successful way for criminals to get inside your organization using the art of exploiting human psychology, rather than technical hacking techniques. This article breaks down various social engineering techniques and discusses five ways to defend your organization against social engineering.

Are you surprised that fake gambling apps are making it past Apple and Google Play app store reviews? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Fake Apps on iOS and Google Play and Social Media Security Issues appeared first on .

This Week in Security News: Magecart Attacks and Is Your Smart TV Spying on You?

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Magecart attacks and the security implications of PSD2. Also, read about how your smart TV might be leaking your data to the likes of Facebook, Google and Netflix.

Read on:

There She Breaches! Watch Out For Your Identity Data!

In the 21st century data breaches are inventible. According to a new report, there have been nearly 4,000 data breaches in the first six months of 2019, representing a 54% increase compared to the first six months of 2018. In Trend Micro’s blog, learn about the recent CafePress and StockX breaches and what you can do to keep your data safe.

Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites

If you’ve recently booked a hotel online using your mobile device, you might want to check on your credit card. Trend Micro discovered a series of incidents where credit card skimming attack, Magecart, was used to hit the mobile booking website of several chain-brand hotels.

When PSD2 Opens More Doors: The Risks of Open Banking

The European Union’s Revised Payment Service Directive (PSD2), otherwise known as Open Banking, is designed to make banking transactions more cost-efficient and secure but requires customer to give consent for banks to share their data with fintech companies. Trend Micro’s latest research paper explores the ins and outs of possible security risks that may emerge as a result of PSD2.

Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

Cryptocurrency-mining threats have become increasingly complex and the Linux malware that Trend Micro recently discovered is no exception. Skidmap loads malicious kernel modules to keep its cryptocurrency mining operations under the radar.

Microsoft: Cyberattacks Now The Top Risk, Say Businesses

Cyberattacks are now considered by most execs to be the top business concern, far outranking economic uncertainty, brand image, and regulation. In a global survey of more than 1,500 business leaders, Microsoft and insurance consultancy Marsh found that 62% of respondents saw cyberattacks as a top-five risk.

Emotet Ends Hiatus With New Spam Campaigns

The threat actors operating the Emotet malware broke a nearly four-month hiatus by launching a spate of malicious spam emails targeting German-, Italian-, Polish-, and English-speaking users. This wave of Emotet-related spam emails and its related malicious components are proactively blocked by Trend Micro’s machine learning detection capabilities.

Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics

What attack opportunities lie in radio frequency (RF) technology? As a growing number of IoT and IIoT ecosystems are based on RF communication, Trend Micro believes that RF security research is of great importance. In this blog post, The Trend Micro team showcases the vulnerabilities of LED Wristbands

Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads

Trend Micro observed a fileless cryptocurrency-mining malware, dubbed GhostMiner, that weaponizes Windows management instrumentation (WMI) objects for its fileless persistence, payload mechanisms, and AV-evasion capabilities. The malware was observed mining Monero cryptocurrency, however, the arrival details of this variant has not been identified.

Beyond The Standard CISO Cloud Security Guide

Verizon recently released a five-step process for evaluating cloud security products and services to inform purchase decisions. Read how Trend Micro can help provide visibility across physical, virtual, cloud and container environments

New Banking Regs Increase Cyber-Attack Risk

A report released today by Trend Micro has found that new European Open Banking rules could leave financial services organizations and their customers more susceptible to cyber-attacks.

Smart TVs Send User Data To Tech Heavyweights Including Facebook, Google, Netflix

University researchers say that smart TVs are leaking sensitive, private user information to companies including Google, Facebook, and Netflix without the consent of users, even while the device is idle. 

Data on Almost Every Ecuadorean Citizen Leaked

Personal data about almost every Ecuadorean citizen has been found exposed online. Names, financial information and civil data about 17 million people, including 6.7 million children, was found by security company vpnMentor.

Data of 24.3 Million Lumin PDF Users Shared on Hacking Forum

The details of more than 24.3 million Lumin PDF users have been shared on a hacking forum, ZDNet has learned from a source. The hacker said they leaked the company’s data after Lumin PDF administrators failed to answer his queries multiple times over the past few months.

How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks

We are moving towards an era where cybercriminals can reach their targets in any part of the world at any time; the need for cybersecurity has never been more critical than now.

Were you surprised by the number of data breaches in the first half of 2019? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

 

The post This Week in Security News: Magecart Attacks and Is Your Smart TV Spying on You? appeared first on .

This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how fileless malware abuses PowerShell. Also, read how Trend Micro researchers are pulling back the curtain on the cybercriminal underground to warn consumers and businesses about potential threats against IoT devices.

Read on:

Are IoT Threats Discussed In The Cybercriminal Underground?

Trend Micro researchers from around the globe monitored five different cybercriminal undergrounds and, given the amount of chatter, found that there is no doubt that IoT devices, mainly routers, are certainly a target.

From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-201901208 in Internet Explorer

Researchers share a proof of concept showing how a use-after-free vulnerability in Internet Explorer can be fully and consistently exploited in Windows 10 RS5. The flaw was discovered through BinDiff and addressed in Microsoft’s September Patch Tuesday.

‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

The newest iteration of Purple Fox that researchers came across, being delivered by Rig, retains its rookit component by abusing publicly available code and now eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. This blog discusses features of this malware and security recommendations to avoid these types of threats.

Trend Micro Security’s Family of 2020 Releases Provide Enhanced Protections for PCs, Macs, Mobile Devices, and Home Networks

Trend Micro ensures its family of products is progressively enhanced to meet the needs of consumers and the Trend Micro Security 2020 Fall Release is no exception. Endpoint and network security products are improved to provide the most advanced protections from persistent, new, and emerging threats.

Smart Cities Will Require Smarter Cybersecurity

As cities become smarter, officials and security experts say that current defenses are unlikely to keep hackers at bay. Ideas for making cyber defenses smarter include reducing reliance on passwords and open-sourcing security standards to benefit from the perspective of a wider range of security professionals.

September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days

Continuing the trend from last month, several critical patches were for Remote Desktop Clients – all Remote Code Execution (RCE) vulnerabilities. Microsoft also patched two zero-days which are both elevation of privilege vulnerabilities.

Cybersecurity: 99% of email attacks rely on victims clicking links

Social engineering is by far the biggest factor in malicious hacking campaigns and nearly all successful email-based cyberattacks require the target to open files, click on links, or carry out some other action. While many of these attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack.

Business Roundtable calls on Congress to pass consumer data privacy law

CEOs of 51 companies from the Business Roundtable, including Amazon, IBM and Salesforce, signed a letter to U.S. congressional leaders urging them to create a comprehensive consumer data privacy law.

Wikipedia Gets $2.5M Donation to Boost Cybersecurity

Wikipedia confirmed that it was hit by a malicious DDoS attack that took it offline across many countries. Following the attack, the Wikipedia Foundation received a $2.5M donation from Craigslist founder, Craig Newmark, to further expand security programs.

Ransomware attack on Premier Family Medical reportedly impacts records of 320K patients

The medical provider noted that the malware restricted employee’s access to their systems and data and has officially revealed the approximate number of affected patients in a disclosure to the federal government.

IoT Security: Now dark web hackers are targeting internet-connected gas pumps

Cyber criminals are increasingly turning their attention to hacking Internet of Things devices as connected products proliferate. While routers remain the top target for IoT-based cyberattacks, there’s a lot of discussion in underground forums about compromising internet-connected gas pumps.

Enhanced Trend Micro Security protects inboxes from scams and phishing attacks
Trend Micro announced the latest version of its flagship consumer offering, Trend Micro Security, which features enhanced protection from web threats and a new AI-powered Fraud Buster tool to protect Gmail and Outlook inboxes across the globe.

Texas Municipalities Hit by REvil/Sodinokibi Paid No Ransom, Over Half Resume Operations

Cybercriminals who held to ransom the files of 22 Texas local government units for a combined ransom amount of US$2.5 million did not get a single cent thanks to a coordinated state and federal cyber response plan.

Are you well-versed on Trend’s suggestions for protecting your routers and other devices from malware? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground appeared first on .

Are IoT Threats Discussed In The Cybercriminal Underground?

With IoT devices expected to reach tens of billions in the next few years, is it any wonder that cybercriminals are looking for ways to take advantage of this massive attack surface to generate illicit money?

A number of Trend Micro researchers from around the globe decided to look into this and launched a research project to dive into five different cybercriminal undergrounds (Russia, Portuguese, English, Arabic, and Spanish) to identify what conversations are occurring, what attacks and threats are being utilized, and the reasons for using IoT by members of these undergrounds. A detailed report can be downloaded here for those who want to read up on their findings.

I’d like to give you my three key takeaways from the research:

  1. Not all Undergrounds are alike: Russia has the most experienced membership and are the best at monetizing IoT attacks. Portuguese is next with the other three still very early in their abilities to monetize attacks. A lot of undergrounds include tutorials to help educate members on many different areas of IoT threats. We think this collaboration will improve their abilities quickly and turn this threat into a significant one in the near future.
  2. Monetization is mainly through botnets: Most of the money today is made through attacks perpetrated by already infected devices that have been turned into botnets. From DDoS to VPN Exit Nodes, malicious actors infect many devices and utilize the power of many to turn their limited computing power into a collective powerhouse. Other actors sell their services to peers who don’t have the knowledge or don’t have the resources to perpetrate an attack.
  3. Routers are a primary target: In our analysis, many of the attacks and threats being distributed within the undergrounds target routers, mainly consumer routers. Routers are a good target as they access many devices within the network behind it which can then be used to launch attacks against others.

There is no doubt that IoT devices are being used more and more in attacks or as the target of an attack, and there is a lot of chatter within multiple undergrounds around the world to raise awareness and interest around this attack surface.Our report is intended to give information on what cybercriminals are doing now or will be doing with IoT in the future and show it is a global phenomenon.

For consumers and organizations, be aware that devices you own are a likely target for attacks, and most likely today to be added into an existing botnet. Mirai is the dominant IoT threat today and will likely continue as malicious actors create variants of this malware.

Check out our report for more details on what our researchers found and for more information about IoT and how to protect devices, visit our IoT Security section on the web.

The post Are IoT Threats Discussed In The Cybercriminal Underground? appeared first on .

This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system. 

Read on:

Finding a Better Route to Router and Home Network Security

New research published reveals that many of the home routers sold in the US today are still missing basic protections. Read on to learn about how your router is exposed to hackers, what attacks are possible and how to protect your router and smart home with Trend Micro’s help.

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

Jenkins, a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably, recently published security advisories that included problems associated with plain-text-stored credentials. Vulnerabilities that affect Jenkins plugins can be exploited to siphon off sensitive user credentials.

Big Tech Companies Meeting with U.S. Officials on 2020 Election Security

Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election.

Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions

Trend Micro recently caught a malvertising attack distributing the malware Glupteba, an older malware that was previously connected to a campaign named Operation Windigo and distributed through exploit kits to Windows users. This blog discusses features of this malware and security recommendations to avoid this kind of attack.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

A Trend Micro honeypot detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers, which then sends an email with an embedded link to a scam site to specific email addresses.

Google, Trend Micro, IBM’s Red Hat ID’d Among Top Container Security Vendors

Container security presents a hot growth opportunity for the channel, with the global market expected to more than quadruple by 2024, reaching nearly $2.2 billion. North America is expected to account for the highest market share through 2024.

IPhone Theft Leads to Stolen Apple Credentials Through Phishing Attack

Of the hundreds who had their cellphones stolen or lost during the Lollapalooza music festival, one woman’s attempt to find her iPhone led her to a phishing scheme that stole her credentials. Like a regular phishing scheme, she received a seemingly legitimate text message with a link to what looked like the Find My iPhone webpage, but realized they were fake after she entered her credentials.

Ransomware Attacks Hit Taiwan Hospitals and Dubai Firm

Two notable ransomware attacks targeted several hospitals in Taiwan and a contracting company in Dubai last week. The ransomware attack in Taiwan prevented several hospitals from accessing their information systems, while the attack in Dubai froze a company’s systems.

Trend Micro, AWS Deliver Transparent, Inline Network Security for Enterprise Clouds

Trend Micro is taking new steps to help enterprises using Amazon Web Services to better deliver network security for cloud and hybrid operations.  IDN looks at Trend Micro Cloud Network Protection, along with the firm’s new XDR solution.

Sextortion Scheme Deployed by ChaosCC Hacker Group Demands US$700 in Bitcoin

A recently discovered email scheme reportedly deployed by a hacking group called ChaosCC claims to have hijacked recipients’ computers and recorded videos of them while watching adult content. This sextortion scheme reportedly attempts to trick recipients into paying US$700 in bitcoin.

Unusual CEO Fraud via Deepfake Audio Steals US$243,000 From U.K. Company

This fraud incident used a deepfake audio, an artificial intelligence (AI)-generated audio, and was reported to have conned US$243,000 from a U.K.-based energy company. According to a report, in March, the fraudsters used a voice-generating AI software to mimic the voice of the chief executive of the company’s Germany-based parent company to facilitate an illegal fund transfer. 

Zero-Day Disclosed in Android OS

Yesterday, Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system after Google published the September 2019 Android Security Bulletin, which didn’t include a fix for their bug. The vulnerability resides in how the Video for Linux (V4L2) driver that’s included with the Android OS handles input data.

Container Security in Six Steps

Containers optimize the developer experience. However, as with any technology, there can be tradeoffs in using containers. This blog contains sex steps developers can follow to minimize risks when building in containers.

Are you well-versed on Trend’s suggestions for protecting your router and smart home from hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams appeared first on .

This Week in Security News: Ransomware Campaigns Persist with WannaCry as Most Common

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how a total of 118 new ransomware families emerged in the first half of 2018, but only 47 new ones debuted in the first six months of this year, according to Trend Micro’s 2019 Mid-Year security report. Also, read on about how Trend Micro was once again named a Leader in Gartner’s 2019 Magic Quadrant.

Read on:

Trend Micro Named a Leader in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms

Trend was named a Leader in Gartner, Inc.’s 2019 Magic Quadrant for Endpoint Protection Platforms in evaluation of its Apex One endpoint security solution. Trend has been named a Leader in every Gartner Magic Quadrant for this category since 2002.

Three Common Email Security Mistakes that MSPs Make

MSPs can generate recurring revenue by being proactive about educating customers about email threats and how to defeat them—if they avoid three common mistakes: failing to educate customers, placing too much faith on end-user training and leaving service revenue on the table.

WannaCry Remains No. 1 Ransomware Weapon

According to Trend Micro’s 2019 mid-year security report, WannaCry remains the most commonly detected ransomware by far: about 10 times as many machines were found targeted by WannaCry in the first half of this year than all other ransomware variants combined. Bill Malik, vice president of infrastructure strategies at Trend Micro, discusses the prevalence of this ransomware and how it works.

TA505 at it Again: Variety is the Spice of ServHelper and FlawedAmmyy

TA505 continues to show that they intend to wreak as much havoc while maximizing potential profits. Just like in previous operations, this cybercriminal group continues to make small changes for each campaign such as targeting other countries, entities, or the combination of techniques used for deployment.

‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information

Heatstroke demonstrates how far phishing techniques have evolved — from merely mimicking legitimate websites and using diversified social engineering tactics — with its use of more sophisticated techniques such as steganography. 

Hackers to Stress-Test Facebook Portal at Hacking Contest

Hackers will soon be able to stress-test the Facebook Portal at the annual Pwn2Own hacking contest, following the introduction of the social media giant’s debut hardware device last year. Introducing the Facebook Portal is part of a push by Trend Micro’s Zero Day Initiative, which runs the contest, to expand the range of home automation devices available to researchers in attendance.

Fortnite Players Targeted by Ransomware via Fake Cheat Tool

An open-source ransomware variant called “Syrk,” based on the source code of the Hidden-Cry ransomware, was found pretending to be a cheat tool that improves the accuracy of a player’s aim and provides visibility over other players’ location on the map. Upon infection, a ransom note will demand payment from victims in exchange for a decryption password.

Cybercriminal Group Silence Has Reportedly Stolen US$4.2 Million from Banks So Far

Contrary to their moniker, the Silence cybercriminal group has been reported to be actively targeting banks and financial institutions in more than 30 countries. Silence reportedly stole US$4.2 million from June 2016 to August 2019. 

US Cyberattack Damaged Iran’s Ability to Target Oil Tankers, Report Says

A database used by Iran’s paramilitary arm to devise attacks against oil tankers was wiped out by a US cyberattack in June, temporarily reducing Tehran’s means of targeting Persian Gulf shipping traffic.

Nemty Ransomware Possibly Spreads through Exposed Remote Desktop Connections

A new ransomware family dubbed “Nemty” for the extension it adds to encrypted files has recently surfaced. According to a report from Bleeping Computer, New York-based reverse engineer Vitali Kremez posits that Nemty is possibly delivered through exposed remote desktop connections.

Abuse of WS-Discovery Protocol Can Lead to Large-Scale DDoS Attacks

Security researchers have discovered that attackers can abuse the Web Services Dynamic Discovery (WS-Discovery) protocol to launch massive distributed denial of service (DDoS) campaigns. These researchers have issued a warning after seeing cybercriminals abuse the WS-Discovery protocol in different DDoS campaigns over the past few months.

Phishing Attack Tricks Instagram Users via Fake 2-Factor Authentication

Although 2FA remains a valid and highly useful tool, Instagram users should not be complacent and rely on it alone, especially when fake 2FA notifications can be used for malicious purposes. In this blog, Trend Micro recommends some best practices users can combine with their existing security tools to help protect against phishing.

Q&A: In a Cloud-Connected World, Cybersecurity is Key

Cloud computing is becoming a critical tool for business, in terms of storing an assessing data. With the increases use of the cloud comes greater security risks. Mark Nunnikhoven, vice president of cloud research at Trend Micro, assesses the solutions.


Will you be following Trend’s best protection practices when playing Fortnite or using Instagram? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Ransomware Campaigns Persist with WannaCry as Most Common appeared first on .

This Week in Security News: DevOps Implementation Concerns and Malware Variants

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how most respondents to a Trend Micro survey shared their concern for the risks in implementing DevOps. Also, read on about how Trend Micro uncovered a MyKings variant that had been hiding for roughly two years before it was discovered.

 

Read on:

How Do Threats Align with Detection and Solutions?

There are many different threats targeting many different areas of a corporate network. I built an interactive graphic to help others understand the full ecosystem of how security works across your network, how to detect threats and ultimately what solutions can be utilized in the different areas of networks to protect themselves and their systems and data.

XDR Is the Best Remedy as Attackers Increasingly Seek to Evade EDR

Greg Young, vice president of cybersecurity at Trend Micro, discusses how many enterprises don’t effectively manage their endpoints and how Trend Micro’s XDR solution is a more effective solution for endpoint management and dealing with evasive threats.

Nest Enrages Users by Removing Option to Disable Camera Status LEDs

Google just made good on one of the promises it made at I/O 2019 — it’s removing the option to disable camera status LEDs. Nest customers have responded with almost universal anger to the change. They’ll be able to dim the lights on Nest Cam, Dropcam, and Hello devices, but you won’t be allowed to turn them off while they’re recording.

The Sky Has Already Fallen (You Just Haven’t Seen the Alert Yet)

Rik Ferguson, vice president of security research at Trend Micro, discusses how the typical security operations center (SOC) of today is drowning in a volume of alerts. In the financial world, 60 percent of banks routinely deal with more than 100,000 alerts every day, with 17 percent of them reporting more than 300,000 security alerts, and this pattern is repeated across industry verticals.

Innovate or Die?

Bill Malik, vice president of infrastructure strategies at Trend Micro, discusses how a recent series of IT acquisitions and IPOs highlight a simple economic fact: companies that fail to keep up with the fast-paced innovation of technology can easily become targets for acquisition.

MoviePass Exposed Thousands of Unencrypted Customer Card Numbers

Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. A massive, exposed database on one of the company’s many subdomains was found containing 161 million records at the time of writing and growing in real time.

The Path to Secure DevOps Initiatives: Bridging the Gap Between Security and DevOps

The growing demand for faster and more efficient software development brings DevOps to the fore, but not without disrupting the inner workings of production and security teams. In a survey commissioned by Trend Micro, majority of the respondents shared their concern for the risks in implementing DevOps.

FAKE APPS! Courtesy of Agent Smith

Early this month a new global Android malware campaign called Agent Smith was revealed to have compromised 25 million handsets across the globe including many in the U.S., serving as another reminder to users not to take mobile security for granted. Fortunately, users can make giant strides towards keeping the hackers at bay with a few easy steps.

Google Android Adware Warning Issued To 8 Million Play Store Users

Security researchers at Trend Micro have revealed that the Google Play Store hosted 85 apps ridden with adware. Worse still, these apps have netted more than 8 million downloads. The adware-ridden apps were posing as legitimate services focusing on gaming or photography. 

OVIC Finds PTV in Violation of Privacy and Data Protection Act 2014 in myki Records Disclosure

The Office of the Victorian Information Commissioner (OVIC) determined that the Public Transport Victoria (PTV) breached the Information Privacy Principle (IPP) under the Privacy and Data Protection Act 2014. The decision came after the PTV released data in 2018 that exposed more than 15 million myki cards’ “touch on” and “touch off” travel history data, which could be used to identify specific users.

BEC Scam Costing Almost US$11 Million Leads to FBI Arrest of Nigerian Businessman

The CEO of the Invictus Group of Companies, Obinwanne Okeke, has reportedly been arrested by the U.S. Federal Bureau of Investigation (FBI) after he was accused of conspiracy to commit computer and wire fraud. The FBI investigation into Okeke was initiated after a victim of a business email compromise (BEC) scam informed the FBI that it had been defrauded of nearly US$11 million.

22 Texas Towns Hit with Ransomware Attack In ‘New Front’ Of Cyberassault

State officials confirmed this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files. The Federal Bureau of Investigation and state cybersecurity experts are examining the ongoing breach, and officials have not disclosed which specific places are affected.

Uncovering a MyKings Variant with Bootloader Persistence via Managed Detection and Response

MyKings alone has already infected over 500,000 machines and mined an equivalent of US$2.3 million as of early 2018. The timing of the attack we recently found could indicate that it may have been part of the campaign we previously found in 2017.

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector, which inject code in Word and PDF files respectively.

They’re Attacking the Brain of Your Smart Home (or Office)

A smart device that turns your lights off when you leave or checks to see if you left any doors or windows unlocked may be convenient, but adding and connecting more smart items to your house can cause new and unexpected problems and let the bad guys in. Greg Young, Trend Micro’s vice president of cybersecurity, discusses various ways to protect smart homes from these kinds of cyber attacks.

Are you up to speed on how security works across your network, how to detect threats and what solutions can be utilized in different network areas to protect systems and data? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: DevOps Implementation Concerns and Malware Variants appeared first on .