Skip to content

Research and Analysis

Mining Industry
under Attack

The global market for commodities is increasingly
becoming a target of espionage campaigns.


< >


Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies


Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks


2016 Trend Micro Security Predictions: The Fine Line


A Rising Tide: New Hacks Threaten Public Technologies


Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices

A year of destructive cyber attacks highlights the need for cyber-preparedness

TrendLabs 3Q 2014 Security Roundup: Vulnerabilities Under Attack

Targeted Attack Trends in Asia-Pacific: 1H 2014 Report

We continued to monitor targeted attack campaigns and trends in the Asia-Pacific region in the first half of 2014. We saw technique enhancements even though threat actors continued to exploit old vulnerabilities in various software and applications. Emails were still the most-used infection vector when instigating targeted attacks. Watering-hole attacks were also seen, just as we predicted would happen this year.

Download the full report

TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks

Recent events such as data breaches in the first half of 2014 strongly indicate that organizations need to start adopting a more strategic approach to protect digital information. This strategy includes protecting sensitive data such as intellectual property and trade secrets—often the crown jewels of any organization.

View the Web version of the Security Roundup
Download the full report

Targeted Attack Trends: 2H 2013 Report

Targeted attacks refer to a category of threats that pertain to intrusions by threat actors or attackers. Attackers aggressively pursue and compromise chosen targets in order to steal sensitive information. Targeted attacks are not one-off attacks; rather, they comprise a series of attempts over time to get deeper and deeper into a target network.

Read Targeted Attack Trends

TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the Unexpected

At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb. While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are aiming at previously nontargeted entities to carry out malicious deeds. Proof of these include the US$480-million digital heist Bitcoin exchange, MtGox, suffered from and recent attacks against large retailers via point-of-sale (PoS) terminals. These high-profile crimes targeted unexpected information sources even if attackers went after the same thing—money, used the same techniques despite more strategic planning, and were motivated by greed.

View the Web version of the Security Roundup
Download the full report

TrendLabs 2013 Annual Security Roundup: Cashing in on Digital Information

Good old-fashioned stick-’em-up bank heists have seemingly been pushed to the curb by digital heists in 2013.

Cybercriminals who used sophisticated techniques to get hold of credit card numbers, bank accounts, and even personally identifiable information (PII) in a matter of minutes have taken the place of traditional thieves. Information is, after all, the new currency. And with it on hand, cybercriminals can hold victims at their mercy, which should make us all realize that we stand to lose more than we think.

View the Web version of the Security Roundup
Download the full report

Blurring Boundaries: Trend Micro Predictions for 2014 and Beyond

Cybercriminals and attackers will use mobile devices as well as reliable exploits to gain entry to systems. While “wearable” technologies start to gain traction, attacks to these technologies/devices will be minimal and will only be for research. Businesses and end-users alike will have to battle threats to mobile banking, as well as ensuring that their online privacy is intact.

View the Web version of the 2014 Security Predictions
Download the full report

TrendLabs 3Q 2013 Security Roundup: The Invisible Web Unmasked

News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats. The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses.

View the Web version of the Security Roundup
Download the full report

TrendLabs 2Q 2013 Security Roundup: Mobile Threats Go Full Throttle

Device Flaws Lead to Risky Trail

The TrendLabs 2012 Annual Security Roundup showed that the past year ushered in the post-PC era as cybercriminals embraced mobile malware use. Mobile malware remained a big problem for users this quarter though the main concern went beyond their sheer number. The discovery of OBAD malware and the “master key” vulnerability highlighted cybercriminals’ ability to find ways to exploit flaws in the Android™ ecosystem. We noted that these incidents were designed to bypass security measures and serve as other means for cybercriminals to gain control over devices.

See the web version of the TrendLabs 2Q 2013 Security Roundup
Download the full report

TrendLabs 1Q 2013 Security Roundup: Zero-Days Hit Users Hard at the Start of the Year

While exploits and vulnerabilities are a common problem for users, zero-day exploits in high-profile applications are relatively rare. That was not the case in the first quarter of 2013. Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat, and Reader.

In addition, as predicted, we saw improvements in already-known threats like spam botnets, banking Trojans, and readily available exploit kits.

Other high-profile incidents include the South Korean cyber attacks in March, which reiterated the dangers targeted attacks pose. On the mobile front, fake versions of popular apps remained a problem though phishers found a new target in the form of mobile browsers.

Read Zero-Days Hit Users Hard at the Start of the Year

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World

Experts have been predicting the coming “post-PC” era for a few years. So the question has been, “when will we know that it’s really here?” A simple answer is, we’ll know it’s really here when cybercriminals move beyond the PC. By that measure, 2012 is truly the year we entered the post-PC era as cybercriminals moved to embrace Android, social media platforms, and even Macs with their attacks.

Read Evolved Threats in a “Post-PC” World

TrendLabs 2012 Mobile Threat and Security Roundup: Repeating History

Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space. And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace.

Read Repeating History


3Q 2012 Security Roundup: Android Under Siege: Popularity Comes at a Price

Smartphones are to the early 21st century what the PC was to the late 20th century–a universal tool valued for its productivity and fun factor but hated for the problems it can bring. Since smartphones are handheld computers that communicate, the threats they face are both similar and different from the PC challenges many of us are familiar with. Like the PC, many of today’s mobile malware prey upon the unwary. However, the nature of the mobile malware threat is, in some ways, very different.

Malware targeting Google’s Android platform increased nearly sixfold in the third quarter of 2012. What had been around 30,000 malicious and potentially dangerous or high-risk Android apps in June increased to almost 175,000 between July and September.

This report will examine what led to the increase and what it means for users and developers alike.

Read Android Under Siege: Popularity Comes at a Price

2Q 2012 Security Roundup: It's Big Business... and It's Getting Personal

Any kind of business can expose itself to attacks when its employees open themselves up to external threats. Most small businesses are not convinced that bad guys are after them. What they do not know is that everyone is a likely target, regardless of size. Attackers are now carefully selecting their targets, moving away from launching large-scale attacks to focus on more specific and somewhat more “personal” targets.

Read It's Big Business... and It's Getting Personal

1Q 2012 Security Roundup: Security in the Age of Mobility

“Mobile technology” is just what the name implies—portable technology that isn’t limited to mobile phones. This also includes devices like laptops, tablets, and global positioning system (GPS) devices. As with any other kind of technology though, there are drawbacks to “going mobile.” Mobile devices can expose users’ and organizations’ valuable data to unauthorized people if necessary precautions are not taken against mobile threats.

Read Security in the Age of Mobility

A Look Back at 2011: Information Is Currency

True to one of our predictions for the year, 2011 has been dubbed the “Year of Data Breaches,” as we witnessed organizations worldwide succumb to targeted attacks and lose what we have come to know as the new digital currency—data. As individuals and organizations alike embark on the cloud journey, we at Trend Micro, along with our fellow cybercrimefighters in law enforcement and the security industry, will continue to serve our customers by providing data protection from, in, and for the cloud.

Read Information is Currency

More in Threat Reports

Over the years, spam has rapidly become a major security threat—a catalyst for potential financial drain or intellectual property theft—to organizations worldwide.

This report discusses current spam trends and related major incidents affecting the spam volume. It highlights how spammers have been leveraging social media as new means to scam users and to launch spear-phishing attacks. It also provides information on our next-generation security solutions to address the changing nature of spam, which goes beyond the scope of traditional email security.

Read Spam Trends in Today’s Business World


Cyber Threats to the Mining Industry


Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015


The Spy Kittens Are Back: Rocket Kitten 2


The Russian Underground Today: Automized Infrastructure and Services, Sophisticated Tools


Criminal Hideouts for Lease: Bulletproof Hosting Services


Below the Surface: Exploring the Deep Web


Piercing the HawkEye: Nigerian Cybercriminals Use a Simple Keylogger to Prey on SMBs Worldwide


Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers


Australia and New Zealand Threat Landscape Report


IRS Scams and Tax Fraud


FighterPOS: The One-Man PoS Malware Campaign


Sextortion in the Far East


Operation Woolen Goldfish:When Kittens Go Phishing


Evolution of Exploit Kits: Exploring Past Trends and Current Improvements


Defending Against PoS RAM Scrapers: Current and Next-Generation Technologies


Operation Arid Viper: Bypassing the Iron Dome


Australian Web Threat Landscape (2014): Observation of TorrentLocker Attacks

Network Detection Evasion Methods: Blending with Legitimate Traffic

Suggestions to Help Companies with the Fight Against Targeted Attacks

This research paper provides some thoughts on how to configure a network in order to make lateral movement harder to accomplish and easier to detect, as well as how to prepare to deal with an infection. Given the advances attackers have been making, it is very unlikely that organizations will be able to keep motivated and patient adversaries out of their networks. In most cases, the best one can hope for is to detect targeted attacks early and limit the amount of information the attackers can obtain access to.

Read Suggestions to Help Companies with the Fight Against Targeted Attacks

The SCADA That Didn’t Cry Wolf: Who’s Really Attacking Your ICS Equipment? (Part 2)

“Who’s Really Attacking Your ICS Equipment?” presented a thorough outline of a honeynet specifically developed to catch attacks against industrial control systems (ICS). The devices featured in the paper were external facing and riddled with vulnerabilities commonly found plaguing ICS equipment worldwide.

Read The SCADA That Didn’t Cry Wolf: Who’s Really Attacking Your ICS Equipment? (Part 2)

Email Correlation and Phishing: How Big Data Analytics Identifies Malicious Messages

Phishing is a long-running problem that has taken a turn for the worse. Phishing emails now so closely resemble legitimate ones, making it very difficult both for users and automated systems alike to tell them apart. As such, users end up clicking links embedded in phishing messages that take them to malicious sites, which directly or indirectly steal their personal information.

Read Email Correlation and Phishing

Stealrat: An In-Depth Look at an Emerging Spambot

In recent years, we have seen a steady increase in the volume of spam originating from compromised websites. While these could be attributed to many parallel and isolated attacks primarily due to the vulnerable nature of the sites that are exploited, one particular operation we have dubbed "Stealrat" caught our attention. In as little as over two months, we have seen more than 170,000 compromised domains or IP addresses running WordPress, Joomla!, and Drupal send out spam.

Read An In-Depth Look at an Emerging Spambot


Targeted Attacks Detection with SPuNge

Over the past several years, we have seen a noticeable rise in the number of reported targeted attacks and advanced persistent threats (APTs). Security experts are seeing a landscape shift from widespread malware attacks that indiscriminately affect systems to those that take a more selective and targeted approach to pursue higher gains. One thing is clear, however, targeted attacks are difficult to detect and little research has been conducted so far on these types of attacks. In this research paper, we propose a novel system we call “SPuNge” that processes threat information collected from actual users to detect potential targeted attacks for further investigation. We used a combination of clustering and correlation techniques to identify groups of machines that share a similar behavior with respect to the malicious resources they access and the industry in which they operate (e.g., oil and gas). We evaluated our system against actual Trend Micro data collected from over 20 million customer installations worldwide. The results show that our approach works well in practice and can assist security analysts in cybercriminal investigations.

Read Targeted Attacks Detection with SPuNge

Windows 8 and Windows RT: New Beginnings

This research paper provides an overview of the changes Microsoft introduced in Windows 8 and Windows RT. It explores the changes Microsoft made upfront and "under the hood" to improve the security architecture of Windows 8 and Windows RT.

Read Windows 8 and Windows RT

Latin American and Caribbean Cybersecurity Trends and Government Responses

In a connected world, a trade-off exists between enjoying the convenience that information technology (IT) offers and minimizing the opportunities its use presents to cybercriminals. Cybercriminals can, for instance, spread sophisticated threats by exploiting popular mobile devices and cloud applications to infiltrate high-value targets. They have made cyberspace a means to victimize the public.

In collaboration with Trend Micro Incorporated, the Organization of American States (OAS) and its Secretariat for Multidimensional Security (SMS) would like to share this report to illustrate the cybersecurity and cybercrime trends in Latin America and the Caribbean. Information presented has been gathered through both quantitative and qualitative methods, drawing data from a survey of OAS Member-State governments, as well as an in-depth analysis of global threat intelligence from honeypots and client-provided data collected by Trend Micro. Unless otherwise noted, graphs and tables use data that was collected by Trend Micro. The analysis and conclusions of this report only cover countries that responded to the OAS survey.

Read Latin American and Caribbean Cybersecurity Trends and Government Responses

Safe: A Targeted Threat

Whether considered advanced persistent threats (APTs) or malware-based espionage attacks, successful and long-term compromises of high-value organizations and enterprises worldwide by a consistent set of campaigns cannot be ignored. Because “noisier” campaigns are becoming increasingly well-known within the security community, new and smaller campaigns are beginning to emerge.

This research paper documents the operations of a campaign we refer to as “Safe,” based on the names of the malicious files used. It is an emerging and active targeted threat.

* Note that any mention of “SafeNet” in this paper is completely unrelated to and has no association with SafeNet, Inc., a global leader in data protection and a valued partner of Trend Micro. The author of the Safe malware apparently maliciously used the word “SafeNet” as part of this viral campaign, and to the extent the word “SafeNet” appears in this paper, it appears solely as replicated in the attacking author’s malware configuration. There is no correlation between SafeNet Inc. and the Safe campaign and should not be interpreted as such.

Read A Targeted Threat

Who's Really Attacking Your ICS Equipment?

Industrial control systems (ICS) are devices, systems, networks, and controls used to operate and/or automate industrial processes. These devices are often found in nearly any industry—from the vehicle manufacturing and transportation segment to the energy and water treatment segment.

Supervisory control and data acquisition (SCADA) networks are systems and/or networks that communicate with ICS to provide data to operators for supervisory purposes as well as control capabilities for process management. As automation continues to evolve and becomes more important worldwide, the use of ICS/SCADA systems is going to become even more prevalent.

ICS/SCADA systems have been the talk of the security community for the past two years due to Stuxnet, Flame, and several other threats and attacks. While the importance and lack of security surrounding ICS/SCADA systems is well-documented and widely known, this research paper illustrates who’s really attacking Internet-facing ICS/SCADA systems and why. It also covers techniques to secure ICS/SCADA systems and some best practices to do so.

Read Who's Really Attacking Your ICS Equipment

Africa: A New Safe Harbor for Cybercriminals?

At the end of 2012, Trend Micro cited three reasons why we think Africa is poised to become a new cybercrime harbor. We cited the availability of fast Internet access, the expanding Internet user base, and the lack of cybercrime laws in some African countries as the main reasons why Trend Micro believes so.

This research paper discusses the reasons cited above in more detail. By taking a look at the recent developments in the continent’s Internet infrastructure, we will map Africa’s journey to becoming a safe harbor for cybercriminals in the next three years or so.

Read A New Safe Harbor for Cybercriminals

SCADA in the Cloud: A Security Conundrum?

Two of the hottest buzzwords circulating in the IT world today are “SCADA” and “cloud computing.” Combining the two technologies has been discussed and is starting to gather more attention in connection with cost savings, system redundancy, and uptime benefits. The question then is: “Are the savings substantial enough to offset the security concerns that users may have if they migrate integral SCADA devices to the cloud?”

Read A Security Conundrum

Asprox Reborn

This research paper documents the Asprox botnet’s current operations. The botnet comprises several components that work together to sustainably send out spam related to “rogue pharma” or that contains malware used to increase its size. In addition, Asprox issues commands that instruct compromised computers to download additional payloads provided by a pay-per-install (PPI) affiliate, from which botnet operators earn revenue.

Read Asprox Reborn

Home Automation and Cybercrime

Connectivity, whether over the Internet or a network; home automation; energy conservation; security; and various in-home applications remain driving factors of communication. All of these have varying requirements in terms of bandwidth, cost, and installation. The development of Internet-connected technologies particularly require implementing IP solutions at home to harness energy savings and improve one’s quality of life while staying safe from security threats.

Read Home Automation and Cybercrime

FAKEM RAT: Malware

The perpetrators of targeted attacks aim to maintain persistent presence in a target network in order to extract sensitive data when needed. To maintain persistent presence, attackers seek to blend in with normal network traffic and use ports that are typically allowed by firewalls. As a result, many of the malware used in targeted attacks utilize the HTTP and HTTPS protocols to appear like web traffic. However, while these malware do give attackers full control over a compromised system, they are often simple and configured to carry out a few commands.


The HeartBeat APT Campaign

This paper exposes a targeted attack called “HeartBeat,” which has been persistently pursuing the South Korean government and related organizations since 2009. This paper will discuss how their specifically crafted campaigns infiltrate their targets.

Read The HeartBeat APT Campaign

The Crimeware Evolution

The crimeware landscape continuously evolved, particularly in the past few years. Cybercriminals are spending more time securing their malicious creations and the servers where they are stored to prevent leakage or security researchers from getting hold of them.

ZeuS, Citadel, Ice IX, SpyEye, and the Blackhole Exploit Kit—some of the most notorious crimeware today—have been enhanced to better evade detection by security solutions. This research paper discusses some of the notable changes that have been made to the aforementioned crimeware. It specifically talks about two types of crimeware—toolkits and exploit kits—commonly sold underground and used by bad guys for their own malicious purposes.

Read Crimeware Evolution

Spear-Phishing Email: Most Favored APT Attack Bait

Advanced persistent threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. Campaigns’ routines may vary over time but their primary goal remains the same—to gain entry to a target organization’s network and obtain confidential information.

Read Spear-Phishing Email: Most Favored APT Attack Bait

Police Ransomware Update

A ransomware is a kind of malware that withholds some digital assets from victims and asks for payment for the assets’ release. Ransomware attacks were first seen in Russia in 2005–2006 and have since changed tactics and targets.

Read Police Ransomware Update

Russian Underground 101

This research paper provides a brief summary of the cybercriminal underground and sheds light on the basic types of hacker activity in Russia. The bulk of the information in this paper was based on data gathered from online forums and services used by Russian cybercriminals. We also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums’ shopping sites.

Read Russian Underground 101

Detecting APT Activity with Network Traffic Analysis

Today’s successful targeted attacks use a combination of social engineering, malware, and backdoor activities. This research paper discusses how advanced detection techniques can be used to identify malware command-and-control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered.

Read Detecting APT Activity with Network Traffic Analysis

W32.Tinba (Tinybanker): The Turkish Incident

The following report contains a technical analysis of the Tinba Trojan-banker family. The name “Tinba” was assigned by CSIS and represents the small size of this Trojan-banker (approximately 20 KB). The name is derived from the words “tiny” and “bank.” The malware is also known as “Tinybanker” and “Zusy.”

Read W32.Tinba (Tinybanker): The Turkish Incident

Adding Android and Mac OS X Malware to the APT Toolbox

While most of the malware associated with advanced persistent threats (APTs) focus on Windows platforms, attackers are actively developing malware targeting other platforms as well. Attackers are expanding their target base as their targets adopt new platforms and devices. In addition to Mac OS X malware, attackers are also exploring the use of mobile threats. While there has been talk of APT attackers likely targeting mobile platforms, we found evidence that the actors behind the Luckycat campaign are actively pursuing mobile malware creation.

Read Adding Android and Mac OS X Malware to the APT Toolbox

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs—An In-Depth Analysis

In the past few months, we investigated several high-volume spam runs that sent users to websites that hosted the Blackhole Exploit Kit. The investigation was prompted by a rise in the number of these spam runs. The spam in these outbreaks claim to be from legitimate companies such as Intuit, LinkedIn, the US Postal Service (USPS), US Airways, Facebook, and PayPal, among others.

Read Blackhole Exploit Kit

Operation Ghost Click: The Rove Digital Takedown

In the past few years, Trend Micro has been quietly cooperating with the Federal Bureau of Investigation (FBI), the Office of the Inspector General (OIG), and security industry partners in their attempts to take down the Estonia-based cybercriminal gang, Rove Digital. This collaboration was a huge success, as on November 8, 2011, law enforcement authorities seized Rove Digital’s vast network infrastructure from different data centers in the United States and Estonia as well as arrested six suspects, including the organization’s CEO, Vladimir Tsastsin.

This paper provides some information Trend Micro learned about Rove Digital since 2006. As early as 2006, Trend Micro learned that Rove Digital was spreading Domain Name System (DNS) changer Trojans and appeared to be controlling every step from infection to monetizing infected bots. We, however, decided to withhold publication of certain information in order to allow law enforcement agencies to take the proper legal action against the cybercriminal masterminds while protecting our customers. Now that the main perpetrators have been arrested and Rove Digital’s network has been taken down, we can share more details regarding the intelligence we gathered about the operation in the past five years.

Read Rove Digital Takedown

Automating Online Banking Fraud—Automatic Transfer System: The Latest Cybercrime Toolkit Feature

This research paper will discuss automatic transfer systems (ATSs), which cybercriminals have started using in conjunction with SpyEye and ZeuS malware variants as part of WebInject files. It will also provide some insights as to why some countries appear to be more targeted than others.

Read Automating Online Banking Fraud

IXESHE: An APT Campaign

The number of targeted attacks is undoubtedly on the rise. These highly targeted attacks focus on individual organizations in an effort to extract valuable information. In many ways, this is a return to the “old hacking days” before more widespread attacks targeting millions of users and the rise of computer worms came about. Sometimes, these targeted attacks are allegedly linked to state-sponsored activities but may also be carried out by individual groups with their own goals.

This research paper will delve into another prominent group of attackers referred to as “IXESHE” (pronounced “i-sushi”), based on one of the more common detection names security companies use for the malware they utilize. This campaign is notable for targeting East Asian governments, electronics manufacturers, and a German telecommunications company.

Read IXESHE: An APT Campaign

Luckycat Redux: Inside an APT Campaign with Multiple Targets in India and Japan

The number of targeted attacks has dramatically increased. Unlike largely indiscriminate attacks that focus on stealing credit card and banking information associated with cybercrime, targeted attacks noticeably differ and are better characterized as "cyber espionage." Highly targeted attacks are computer intrusions threat actors stage to aggressively pursue and compromise specific targets, often leveraging social engineering, to maintain persistent presence within the victim’s network so they can move laterally and extract sensitive information.

Cyber-espionage campaigns often focus on specific industries or communities of interest in addition to a geographic focus. Different positions of visibility often yield additional sets of targets pursued by the same threat actors. We have been tracking the campaign dubbed "Luckycat" and found that in addition to targeting Indian military research institutions, as previously revealed by Symantec, the same campaign targeted entities in Japan as well as the Tibetan community.

Read Luckycat Redux

The "Police Trojan": An In-Depth Analysis

A ransomware is a kind of malware that withholds some digital assets from victims and asks for payment for the assets’ release. Ransomware attacks were first seen in Russia in 2005–2006 and have since changed tactics and targets. Trend Micro has been tracking the so-called "Police Trojan" campaign since the beginning and is now ready to show some of our conclusions after the investigation. A mix of well-tuned social engineering tactics as well as an advanced and very dynamic networking model shows that the Police Trojan’s creators are well-organized, apart from being persistent and creative.

Read more about the Police Trojan

Trends in Targeted Attacks

Often leveraging social engineering and malware, targeted attacks seek to maintain a persistent presence within the victim’s network so that the attackers can move laterally throughout the target’s network and extract sensitive information. These attacks are most commonly aimed at civil society organizations, business enterprises and government/military networks. Given their targeted, the distribution is low; however, the impact on compromised institutions remains high. As a result, targeted attacks have become a priority threat.

This paper examines the stages of a targeted attack from the reconnaissance phase through to the data ex-filtration phase and explores trends in the tools, tactics and procedures used in such attacks. Mitigation strategies leverage threat intelligence and data security to provide organizations with the information they need to increase their ability to analyze and respond to threats and to customize technical solutions in ways that best fit their own defensive posture.

Read Trends in Targeted Attacks

More in Research Papers

  1. Sinkholing Botnets
  2. The Dark Side of Trusting Web Searches - From Blackhat SEO to System Infection
  3. The Botnet Chronicles – A Journey to Infamy
  4. How Blackhat SEO Became Big
  5. File-patching ZBOT Variants - ZeuS 2.0 Levels Up
  6. Dissecting the XWM Trojan Kit
  7. Understanding WMI Malware
  8. Web 2.0 Botnet Evolution - KOOBFACE Revisited
  9. ZeuS - A Persistent Criminal Enterprise
  10. Unmasking FAKEAV
  11. Show Me the Money!: The Monetization of KOOBFACE
  12. The Heart of KOOBFACE: C&C and Social Network Propagation
  13. The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained
  14. A Cybercrime Hub in Estonia

Malicious Network Communications: What Are You Overlooking?

APT campaigns aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. To make a targeted attack successful, the communication channel between a threat actor and the malware inside a network must always remain open and unknown. Know how leveraging threat intelligence can help detect this malicious network traffic by reading this primer.

Read Malicious Network Communications: What Are You Overlooking

5 Predictions for 2013 and Beyond: What Should SMBs Look Out For?

As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.

Read our 5 predictions for SMBs

Security Threats to Business, the Digital Lifestyle, and the Cloud: Trend Micro Predictions for 2013 and Beyond

In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.

Read our 2013 predictions

Eco and Ego Apps in Japan

Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.

Read Eco and Ego Apps in Japan

The Knight Fork: Defining Defense in 2013

When was the last time you played chess? If you are responsible for cyber security you are unwittingly playing it every day. We must appreciate the ancient sport of chess in order to reorganize our defense in 2013.

Read The Knight Fork: Defining Defense in 2013

Peter the Great vs Sun Tzu

While East Asian hackers dominate cyber security-related headlines around the world, it would be a mistake to conclude that these attackers are the sole or greatest criminal threat to the global Internet today. Hackers from the former Soviet bloc are a more sophisticated and clandestine threat than their more well-known East Asian counterparts.

Read Peter the Great vs Sun Tzu

How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks

Attacks are becoming increasingly sophisticated and targeted and the men and women behind them are better resourced than ever before. How dopes the digital insider lay hidden, undetected within an organization for years on end? And more importantly, how can advanced situational awareness help us to respond and mitigate these threats?

Read How to Thwart the Digital Insider

How Tough Is It to Deal With APTs?

Need help understanding how Advanced Persistent Threats work? Trend Micro Threat Researchers have studied the techniques cybercriminals use in perpetrating Advanced Persistent Threats or Targeted Attacks. This primer will give you insight into these attacks and what steps you need to take to help mitigate them.

Read Detecting the Enemy Inside the Network

12 Security Predictions for 2012

This time every year, Trend Micro CTO Raimund Genes sits down with his research teams to discuss what they think the coming year will hold in terms of threats to Trend Micro customers. It’s an important discussion that helps Trend Micro not only share with you what we think you need to be prepared for, such as emerging mobile threats, but also to help guide our direction as we continue to build products and services to help protect you from these threats. This year, as we look ahead, we’ve come up with 12 predictions for 2012 that fall into four main categories:

  • Big IT trends
  • Mobile landscape
  • Threat landscape
  • Data leaks and breaches

Read 2012 Security Predictions

Malicious Redirection: A Look at DNS Changers

What are Domain Naming System (DNS)-changing malware? These recently garnered a lot of attention due to the recent Esthost takedown that involved a botnet comprising 4 million DNS-changing-malware-infected systems. The unobtrusive nature of DNS-changing malware allowed the cybercriminals behind Esthost to earn US$14 million over several years.

Read more about DNS Changers

More in Spotlight Articles

  1. Threats to Watch Out for During the Tax Season
  2. Celebrity News - Roll out the Red Carpet for Cybercrime (asset 39)
  3. Cybercriminals Spread Love via Online Threats
  4. Top Tips for Safer and More Secure Online Experiences in 2011
  5. 2010 threats: The Good, The Bad, and The Ugly
  6. Trend Micro 2011 Threat Predictions
  7. Tis the Season to Be Wary
  8. Security Dangers of Using Open Wi-Fi Networks
  9. From the Virtual Works to Real-world Threats
  10. Slipping Through the Cracks of Web Services to Serve Malware
  11. Mobile Phones Emerge as Security Threat Targets
  12. Why FAKEAV Persist
  13. XSS Attack Hits Youtube
  14. Avoiding the Whack-a-mole Anti-phishing Strategy
  15. Security Threats Loom Over Online Banking
  16. Emerging Malware Business Platforms
  17. Popularity Ushers In New Security Threats
  18. Issues and Threats that Facebook Users Face
  19. The Evolution of Botnets
  20. Building Businesses and Potential Threats with Online Social Networks
  21. DOWNAD/Conficker: The Case of the Missing Malware

Terhubung dengan kami di