Threat actors take advantage of the spread of COVID-19 for malicious campaigns. Goods and services related to the virus also appear in underground marketplaces and cybercriminal forums.
Starting this year, Ryuk began using another dropper called BazarLoader (also known as BazarBackdoor), which is primarily distributed via phishing emails that contain either malicious attachments or links to websites that host malware.
Our underground monitoring revealed several ways how criminals have been entertaining themselves during isolation, with normal activities that offer cyber-crime-related prizes.
Bulletproof hosting (BPH) services have long been crucial parts of the cybercriminal infrastructure. How do they protect malicious activities, and how do cybercriminals use them to stay in business?
Our infographic shows how Trend Micro XDR is designed to combat threats like Ryuk using machine learning and analytics to correlate various events across multiple layers.
The provision of services, as well as the way criminals operate in the underground, have gone through many changes over the years to cater to the market’s different infrastructure demands.
Darkside ransomware surfaced, operators behind Crysis/Dharma released a hacking toolkit, a targeted email campaign was used to propagate Negasteal, and a coinminer was seen bundled with legitimate applications.