The Risk of Ransomware Supply Chain Attacks
Over the years, ransomware has become a major threat and it can put supply chains in deep trouble. Read More HERE…
Trend Micro Research : Articles, News, Reports
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints. Read More HERE…
Security Breaks: TeamTNT’s DockerHub Credentials Leak
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022. Read More HERE…
How Malicious Actors Abuse Native Linux Tools in Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact. Read More HERE…
Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques
We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing cloud resources. Read More HERE…
Play Ransomware’s Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate. Read More HERE…
Play Ransomware’s Attack Playbook Similar to that of Hive, Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people. Read More HERE…
Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. Read More HERE…
New Golang Ransomware Agenda Customizes Attacks
A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim. Read More HERE…
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Read More HERE…