Attackers in Profile: menuPass and ALPHV/BlackCat

June 26, 2024 at 11:50AM MITRE Engenuity combined the tactics of cyber attackers menuPass and ALPHV/BlackCat to evaluate the effectiveness of managed security services. The blog highlights the selection of these sophisticated threat actors and their targeting of managed service providers. Trend Micro achieved 100% detection in the assessment, emphasizing the significance of advanced cybersecurity … Read more

Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

June 18, 2024 at 12:35PM Trend Micro achieved 100% detection in MITRE Engenuity ATT&CK Evaluations for managed detection and response (MDR) services against menuPass and BlackCat/AlphV adversary groups. Featuring Trend Service Oneā„¢ powered by Trend Vision One, the evaluation highlighted MDR’s success in early threat detection, rapid response, and higher-confidence alerts, enhancing security operations. From … Read more

New Cross-Platform Malware ‘Noodle RAT’ Targets Windows and Linux Systems

June 13, 2024 at 02:42AM Chinese-speaking threat actors have utilized a new cross-platform malware, Noodle RAT, for espionage or cybercrime since at least July 2016. This previously undocumented backdoor is distinct from existing malware, with both Windows and Linux versions. Analysis suggests it’s shared among Chinese-speaking groups and likely sold commercially within China’s cyber espionage … Read more

Linux version of TargetCompany ransomware focuses on VMware ESXi

June 5, 2024 at 07:19PM A new Linux variant of TargetCompany ransomware targets VMware ESXi environments using a custom script to execute payloads, exfiltrate data, and drop a ransom note. Trend Micro reports the ransomware encrypts specific file extensions, attributes the attacks to an affiliate named “vampire,” and provides recommendations for defense. The operation’s shift … Read more

SANS’s 2024 Threat-Hunting Survey Review

June 5, 2024 at 12:48PM The 2024 SANS Threat-Hunting Survey reveals a growing maturity in threat-hunting methodologies, reflecting an increased adoption of formal processes in cybersecurity strategies. The survey also highlights evolving practices in sourcing intelligence, outsourcing threat hunting, and challenges related to skill shortages and tool limitations. Organizations are striving to enhance threat hunting … Read more

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

June 4, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in Oracle WebLogic Server to the catalog of Known Exploited Vulnerabilities, allowing unauthorized server access and control. A China-based group, 8220 Gang, has used the flaw for crypto-mining botnet attacks. Federal agencies are advised to apply fixes by … Read more

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

June 2, 2024 at 05:32PM Trend Micro is showcasing its integration of NVIDIA NIM inference microservices at COMPUTEX in Taipei, with a focus on AI-driven cybersecurity solutions for next-generation data centers. The demonstrations and speaking sessions will highlight the advanced AI capabilities of Trend Vision One platform and its integration with NVIDIA’s AI infrastructure for … Read more

Criminal Use of AI Growing, But Lags Behind Defenders

May 9, 2024 at 11:18AM Trend Micro’s 2023 investigation at the 2024 RSA Conference revealed criminals continue to lag in AI adoption. They identified a criminal LLM called WormGPT and potential scams, like EscapeGPT and FraudGPT. Criminals prefer mainstream AI products over building their own systems and use deepfake services for illicit activities. Trend Micro … Read more

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals

May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more