Skip to content

Research and Analysis

Shellshock, Other Vulnerabilities Attacked in the Third Quarter

Will cybercriminals continue to target open source?


< >

Open all

TrendLabs 3Q 2014 Security Roundup

Vulnerabilities Under Attack

Vulnerabilities in oft-overlooked but widely used software and devices surfaced in the third quarter of 2014, reiterating the importance of having security in mind. Shellshock and a Netis router vulnerability proved that attackers don't discriminate when it comes to targets. These are just two of the biggest threats that hit users in the past three months though. Find out what other threats reared their ugly heads.

The invisible becomes visible:

Trend Micro Security predictions for 2015 and beyond

As security vendors and law enforcement agencies close in on attackers, the more darknets, unreported but big vulnerabilities across platforms and devices, and the Deep Web will figure in the threat landscape.

TrendLabs 2Q 2014 Security Roundup

Turning the tables on cyber attacks

Recent events such as data breaches in the first half of 2014 strongly indicate that organizations need to start adopting a more strategic approach to protect digital information. This strategy includes protecting sensitive data such as intellectual property and trade secrets—often the crown jewels of any organization.

TrendLabs 1Q 2014 Security Roundup

Cybercrime hits the unexpected

At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb. While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are aiming at previously nontargeted entities to carry out malicious deeds. Proof of these include the US$480-million digital heist Bitcoin exchange, MtGox, suffered from and recent attacks against large retailers via point-of-sale (PoS) terminals. These high-profile crimes targeted unexpected information sources even if attackers went after the same thing—money, used the same techniques despite more strategic planning, and were motivated by greed.

››› More threat reports

  1. TrendLabs 2013 Annual Security Roundup
  2. Trend Micro predictions for 2014 and beyond
  3. TrendLabs 3Q 2013 Security Roundup
  4. TrendLabs 2Q 2013 Security Roundup
  5. TrendLabs 1Q 2013 Security Roundup (PDF)
  6. 2012 Annual Security Roundup (PDF)
  7. 2012 Mobile Threat and Security Roundup: Repeating history (PDF)
  8. 3Q 2012 Security Roundup: Android under seige: Popularity comes at a price (PDF)
  9. 2Q 2012 Security Roundup: It's big business and it's getting personal (PDF)
  10. 1Q 2012 Security Roundup: Security in the Age of Mobility (PDF)
  11. A Look Back at 2011: Information is Currency (PDF)
  12. 3Q 2011 Threat Roundup (PDF)
  13. Virtualization and Cloud computing - A security best practice guide (PDF)
  14. Virtualization and Cloud Security - Security Threats to Evolving Data Centers (PDF)
  15. Security Focus Report – Spam Trends in Today’s Business World (PDF)
  16. 2Q 2011 Crimeware Report (PDF)
  17. 2Q 2011 Threat Roundup (PDF)
  18. 1Q 2011 Crimeware Report (PDF)
  19. TrendLabs Threat Trends 2010: The Year of the Toolkit (PDF)
  20. FAKEAV - The Growing Problem (PDF)
  21. Trend Micro TrendLabs Global Threat Trends 1H 2010 (PDF)
  22. The Business of Cybercrime: A Complex Business Model (PDF)


Open all

Backdoor use in targeted attacks

Backdoors—applications that open computers to remote access—play a crucial role in targeted attacks. Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network.

Read more on backdoor (PDF)

Finding Holes: Operation Emmental

Like Swiss Emmental cheese, online banking protections may be full of holes. Banks have been trying to prevent cybercrooks from accessing their customers’ online accounts for ages. They have, in fact, invented all sorts of methods to allow their customers to safely bank online.

This research paper describes an ongoing attack we have dubbed “Emmental” that targets a number of countries worldwide. The attack is designed to bypass a certain two-factor authentication scheme used by banks. In particular, it bypasses session tokens, which are frequently sent to users’ mobile devices via Short Message Service (SMS). Users are expected to enter a session token to activate banking sessions so they can authenticate their identities. Since this token is sent through a separate channel, this method is generally considered secure.

Request Research Report

The Apollo Campaign

A gateway to Eastern European banks

Banking Trojans have long been used to steal users' online banking credentials in North America and Western Europe. A crimeware tool primarily used to steal money, ZeuS, signaled in a new wave of cybercrime where different groups cooperated with one another for online theft. On the other hand, CARBERP is a popular malware family that specifically targets banks in Eastern Europe and Central Asia. Though recent reports reveal that the masterminds behind CARBERP were arrested in April 2013, the days of online banking theft in Eastern Europe are far from over.

Read The Apollo Campaign (PDF)

Suggestions to help companies with the fight against targeted attacks

This research paper provides some thoughts on how to configure a network in order to make lateral movement harder to accomplish and easier to detect, as well as how to prepare to deal with an infection. Given the advances attackers have been making, it is very unlikely that organizations will be able to keep motivated and patient adversaries out of their networks. In most cases, the best one can hope for is to detect targeted attacks early and limit the amount of information the attackers can obtain access to.

Read Suggestions to Help Companies with the Fight Against Targeted Attacks (PDF)

››› More research papers

  1. Email correlation and phishing (PDF)
  2. Stealrat: An in-depth look at an emerging spambot (PDF)
  3. Targeted Attacks Detection with SPuNge (PDF)
  4. Windows 8 and Windows RT: New Beginnings (PDF)
  5. Safe: A Targeted Threat (PDF)
  6. Latin American and Caribbean Cybersecurity Trends and Government Responses (PDF)
  7. SCADA in the cloud: A security conundrum? (PDF)
  8. Africa: A new safe harbor for cybercriminals (PDF)
  9. Who's really attacking your ICS equipment (PDF)
  10. Asprox reborn (PDF)
  11. FAKEM RAT: Malware (PDF)
  12. The HeartBeat APT Campaign (PDF)
  13. The Crimeware Evolution (PDF)
  14. Spear-Phishing Email: Most Favored APT Attack Bait (PDF)
  15. Police Ransomware Update (PDF)
  16. Russian Underground 101 (PDF)
  17. Detecting APT Activity with Network Traffic Analysis (PDF)
  18. W32.Tinba (Tinybanker): "The Turkish Incident" (PDF)
  19. The Taidoor Campaign: An In-Depth Analysis (PDF)
  20. Adding Android and Mac OS X Malware to the APT Toolbox (PDF)
  21. Continuous Monitoring in a Virtual Environment (PDF)
  22. Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs—An In-Depth Analysis (PDF)
  23. Automating online banking fraud—automatic transfer system: The latest cybercrime toolkit feature (PDF)
  24. IXESHE: An APT campaign (PDF)
  25. Consumerization of IT - a Trend Micro Technical Brief (PDF)
  26. Luckycat Redux: Inside an APT Campaign with Multiple Targets in India and Japan (PDF)
  27. The "Police Trojan": An In-Depth Analysis (PDF)
  28. The Olympics Change Freeze: Don’t Leave Your Critical Systems Out in the Cold (PDF)
  29. Traffic Direction Systems as Malware Distribution Tools (PDF)
  30. Toward a More Secure Posture for Industrial Control System Networks (PDF)
  31. More traffic, more money: KOOBFACE draws more blood (PDF)
  32. A Look at HTML5 Attack Scenarios (PDF)
  33. Trends in Targeted Attacks (PDF)
  34. Discerning Relationships: The Mexican Botnet Connection (PDF)
  35. Lessons Learned While Sinkholing Botnets - Not as Easy as It Looks! (PDF)
  36. From Russia to Hollywood: Turning the Tables on a SpyEye Cybercrime Ring (PDF)
  37. Dissecting the LURID APT - Campaign, Attacks, Tactics and Victims (PDF)
  38. Targeting the Source: FAKEAV Affiliate Networks (PDF)
  39. Sinkholing Botnets (PDF)
  40. The Dark Side of Trusting Web Searches - From Blackhat SEO to System Infection (PDF)
  41. The Botnet Chronicles – A Journey to Infamy (PDF)
  42. How Blackhat SEO Became Big (PDF)
  43. File-Patching ZBOT Variants - ZeuS 2.0 Levels Up (PDF)
  44. Dissecting the XWM Trojan Kit (PDF)
  45. Understanding WMI Malware (PDF)
  46. Web 2.0 Botnet Evolution - KOOBFACE Revisited (PDF)
  47. ZeuS - A Persistent Criminal Enterprise (PDF)
  48. Unmasking FAKEAV (PDF)
  49. Show Me the Money!: The Monetization of KOOBFACE (PDF)
  50. The Heart of KOOBFACE: C&C and Social Network Propagation (PDF)
  51. The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained (PDF)
  52. A Cybercrime Hub in Estonia (PDF)


Open all

Malicious network communications

What are you overlooking?

APT campaigns aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. To make a targeted attack successful, the communication channel between a threat actor and the malware inside a network must always remain open and unknown. Know how leveraging threat intelligence can help detect this malicious network traffic by reading this primer.

Read Malicious Network Communications: What Are You Overlooking (PDF)

5 predictions for 2013 and beyond

What should SMBs look out for?

As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.

Read our 5 predictions for SMBs (PDF)

Security threats to business, the digital lifestyle, and the cloud

Trend Micro predictions for 2013 and beyond

In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.

Read our 2013 predictions (PDF)

Eco and ego apps in Japan

Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.

Read Eco and Ego Apps in Japan (PDF)

››› More spotlight articles

  1. The knight fork: defining defense in 2013 (PDF)
  2. Peter the Great vs Sun Tzu (PDF)
  3. How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks (PDF)
  4. How tough is it to deal with APTs? (PDF)
  5. 12 Security Predictions for 2012 (PDF)
  6. Malicious Redirection: A Look at DNS Changers (PDF)
  7. The Perils that Malvertisements Pose (PDF)
  8. Cashing in on Cybercrime: New Malware Target Bitcoin (PDF)
  9. Online Surveys and Their Irresistible Lures: Why Social Media Users Fall for Scams (PDF)
  10. Android Malware Acts as an SMS Relay: Just the Tip of the Iceberg for AnAndroid Malware Acts as an SMS Relay: Just the Tip of the Iceberg for Android Malwaredroid Malware (PDF)
  11. From Application Guises to FAKEAV: The Evolution of Mac Malware (PDF)
  12. Mobile Landscape: Security Risks and Opportunities (PDF)
  13. Threats to Watch out for During the Tax Season (PDF)
  14. Celebrity News - Roll out the Red Carpet for Cybercrime (PDF)
  15. Cybercriminals Spread Love via Online Threats (PDF)
  16. Top Tips for Safer and More Secure Online Experiences in 2011 (PDF)
  17. 2010 Threats: The Good, the Bad, and the Ugly (PDF)
  18. Trend Micro 2011 Threat Predictions (PDF)
  19. Tis the Season to be Wary (PDF)
  20. Security Dangers of Using Open Wi-Fi Networks (PDF)
  21. From the Virtual Works to Real-World Threats (PDF)
  22. Slipping through the Cracks of Web Services to Serve Malware (PDF)
  23. Mobile Phones Emerge as Security Threat Targets (PDF)
  24. Why FAKEAV Persist (PDF)
  25. XSS Attack Hits Youtube (PDF)
  26. Avoiding the Whack-a-Mole Anti-Phishing Strategy (PDF)
  27. Security Threats Loom over Online Banking (PDF)
  28. Emerging Malware Business Platforms (PDF)
  29. Popularity Ushers in New Security Threats (PDF)
  30. Issues and Threats that Facebook Users Face (PDF)
  31. The Evolution of Botnets (PDF)
  32. Building Businesses and Potential Threats with Online Social Networks (PDF)
  33. DOWNAD/Conficker: The Case of the Missing Malware (PDF)

Social Media

Connect with us on