Research, News, and Perspectives

APT & Targeted Attacks

Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.

Research Nov 08, 2024

Save to Folio

Research Nov 08, 2024

Save to Folio

Compliance & Risks

Preparing for Future Technology Crises: A Call to Action from the FCA

In light of recent operational crises, the Financial Conduct Authority (FCA) has issued a stark warning to the financial industry: firms must enhance their preparedness for technology-related disruptions like the CrowdStrike incident. This incident, which occurred in July, saw a faulty update from the cybersecurity firm disrupt services for approximately 8.5 million Microsoft Windows devices, resulting in significant operational fallout for various sectors, including aviation, healthcare, and banking.

Reports Nov 06, 2024

Save to Folio

Reports Nov 06, 2024

Save to Folio

Compliance & Risks

SOC Around the Clock: World Tour Survey Findings

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say.

Research Nov 04, 2024

Save to Folio

Research Nov 04, 2024

Save to Folio

Artificial Intelligence (AI)

AI Pulse: Election Deepfakes, Disasters, Scams & more

In the final weeks before November’s U.S. election, cybersecurity experts were calling October 2024 the “month of mischief”—a magnet for bad actors looking to disrupt the democratic process through AI-generated misinformation. This issue of AI Pulse looks at what can be done about deepfakes and other AI scams, and why defense-in-depth is the only way to go.

Expert Perspective Oct 31, 2024

Save to Folio

Expert Perspective Oct 31, 2024

Save to Folio

Cyber Threats

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.

Research Oct 30, 2024

Save to Folio

Research Oct 30, 2024

Save to Folio

Cyber Threats

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures.

Research Oct 24, 2024

Save to Folio

Research Oct 24, 2024

Save to Folio

Cyber Threats

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.

Research Oct 23, 2024

Save to Folio

Research Oct 23, 2024

Save to Folio

Cyber Threats

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

Latest News Oct 22, 2024

Save to Folio

Latest News Oct 22, 2024

Save to Folio

Malware

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.

Research Oct 21, 2024

Save to Folio

Research Oct 21, 2024

Save to Folio

Cloud

Gartner 2024 CNAPP Market Guide Insights for Leaders

As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging.

Reports Oct 18, 2024

Save to Folio

Reports Oct 18, 2024

Save to Folio