Research, News, and Perspectives

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint

Research Oct 25, 2022

Save to Folio

Research Oct 25, 2022

Save to Folio

Uncovering Security Blind Spots in CNC Machines

Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how manufacturers can mitigate the associated risks.

Research Oct 24, 2022

Save to Folio

Research Oct 24, 2022

Save to Folio

Privacy & Risks

Attack Surface Management 2022 Midyear Review Part 1

In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year.

Research Oct 20, 2022

Save to Folio

Research Oct 20, 2022

Save to Folio

Cloud

TeamTNT Returns – or Does It?

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.

Oct 19, 2022

Save to Folio

Oct 19, 2022

Save to Folio

Cyber Crime

Oil and Gas Cybersecurity: Trends & Response to Survey

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations.

Research Oct 13, 2022

Save to Folio

Research Oct 13, 2022

Save to Folio

Network

Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike

We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.

Research Oct 12, 2022

Save to Folio

Research Oct 12, 2022

Save to Folio

Cyber Threats

How Water Labbu Exploits Electron-Based Applications

In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.

Research Oct 05, 2022

Save to Folio

Research Oct 05, 2022

Save to Folio

APT & Targeted Attacks

Tracking Earth Aughisky’s Malware and Changes

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

Oct 04, 2022

Save to Folio

Oct 04, 2022

Save to Folio

Cyber Crime

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Research Oct 03, 2022

Save to Folio

Research Oct 03, 2022

Save to Folio

Cloud

Stronger Cloud Security in Azure Functions Using Custom Cloud Container

In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions.

Research Sep 29, 2022

Save to Folio

Research Sep 29, 2022

Save to Folio