Research, News, and Perspectives

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organisation for financial fraud.

Attacks on 5G Infrastructure From Users’ Devices

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defence, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.

Sep 20, 2023

Cyber Threats

Unsung Hero in Cyber Risk Management

Behind the scenes of the world of vulnerability intelligence and threat hunting

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behaviour and SOCKS implementation.

Research Sep 18, 2023

Ransomware

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Research Sep 13, 2023

Compliance & Risks

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.

Security Strategies Sep 08, 2023

Malware

Analysing a Facebook Profile Stealer Written in Node.js

We analyse an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

Research Sep 05, 2023

Phishing

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

In this entry, we summarise the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Sep 01, 2023

Cyber Crime

Qakbot Takedown: The Road Ahead is Long and Winding

A long and challenging journey against cybercrime around the world

Expert Perspective Sep 01, 2023

APT & Targeted Attacks

Earth Estries Targets Government, Tech for Cyberespionage

We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analysing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organisations in the technology sector.

Aug 30, 2023

Research, News, and Perspectives

Earth Estries Targets Government, Tech for Cyberespionage

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

Attacks on 5G Infrastructure From Users’ Devices

Unsung Hero in Cyber Risk Management

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Analysing a Facebook Profile Stealer Written in Node.js

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

Qakbot Takedown: The Road Ahead is Long and Winding

Earth Estries Targets Government, Tech for Cyberespionage

Resources

Support

About Trend

Research, News, and Perspectives

Trending Topics

Resources

Support

About Trend

The Americas

Middle East & Africa

Europe

Asia & Pacific