Skip to content

Research and Analysis

Cybercrime hits the
unexpected in 1Q 2014

PoS systems, NTP servers, ephemeral apps: All unusual targets though the threats of 1Q 2014 would beg to disagree.

See what their motivations were »

< >

Open all

TrendLabs 1Q 2014 Security Roundup

Cybercrime hits the unexpected

At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb. While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are aiming at previously nontargeted entities to carry out malicious deeds. Proof of these include the US$480-million digital heist Bitcoin exchange, MtGox, suffered from and recent attacks against large retailers via point-of-sale (PoS) terminals. These high-profile crimes targeted unexpected information sources even if attackers went after the same thing—money, used the same techniques despite more strategic planning, and were motivated by greed.

TrendLabs 2013 Annual Security Roundup

Cashing in on digital information

Good old-fashioned stick-ʼem-up bank heists have seemingly been pushed to the curb by digital heists in 2013. Cybercriminals who used sophisticated techniques to get hold of credit card numbers, bank accounts, and even personally identifiable information (PII) in a matter of minutes have taken the place of traditional thieves. Information is, after all, the new currency. And with it on hand, cybercriminals can hold victims at their mercy, which should make us all realize that we stand to lose more than we think.

Blurring Boundaries

Trend Micro predictions for 2014 and beyond

Cybercriminals and attackers will use mobile devices as well as reliable exploits to gain entry to systems. While “wearable” technologies start to gain traction, attacks to these technologies/devices will be minimal and will only be for research. Businesses and end-users alike will have to battle threats to mobile banking, as well as ensuring that their online privacy is intact.

TrendLabs 3Q 2013 Security Roundup

The invisible web unmasked

News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats. The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses.

TrendLabs 2Q 2013 Security Roundup

Mobile threats go full throttle

The TrendLabs 2012 Annual Security Roundup showed that the past year ushered in the post-PC era as cybercriminals embraced mobile malware use.1 Mobile malware remained a big problem for users this quarter though the main concern went beyond their sheer number. The discovery of OBAD malware and the “master key” vulnerability highlighted cybercriminals’ ability to find ways to exploit flaws in the Android™ ecosystem. We noted that these incidents were designed to bypass security measures and serve as other means for cybercriminals to gain control over devices.

More online banking threats were seen in different countries this quarter, specifically in Brazil, South Korea, and Japan. These highlighted the need for increased awareness of online banking security. Cybercriminals also came up with more diverse attacks that used various social engineering lures, single sign-on (SSO) and multiprotocol services, and blogging platforms for their malicious schemes. Vulnerability disclosure also became a hot topic this quarter in response to the flurry of zero-day incidents at the beginning of the year.

Enterprises continued to battle targeted attacks. The Naikon campaign was primarily seen in Asia/Pacific while our research on the Safe campaign revealed victim IP addresses spread throughout 100 countries worldwide. These stress the importance of strengthening enterprise defense against targeted attacks while coming up with proactive solutions to protect corporate networks.

TrendLabs 1Q 2013 Security Roundup

Zero-days hit users hard at the start of the year

While exploits and vulnerabilities are a common problem for users, zero-day exploits in high-profile applications are relatively rare. That was not the case in the first quarter of 2013. Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat, and Reader.

In addition, as predicted, we saw improvements in already-known threats like spam botnets, banking Trojans, and readily available exploit kits.

Other high-profile incidents include the South Korean cyber attacks in March, which reiterated the dangers targeted attacks pose. On the mobile front, fake versions of popular apps remained a problem though phishers found a new target in the form of mobile browsers.

Stay up-to-date to stay protected.

Learn more (PDF)

››› More threat reports

  1. 2012 Annual Security Roundup (PDF)
  2. 2012 Mobile Threat and Security Roundup: Repeating history (PDF)
  3. 3Q 2012 Security Roundup: Android under seige: Popularity comes at a price (PDF)
  4. 2Q 2012 Security Roundup: It's big business and it's getting personal (PDF)
  5. 1Q 2012 Security Roundup: Security in the Age of Mobility (PDF)
  6. A Look Back at 2011: Information is Currency (PDF)
  7. 3Q 2011 Threat Roundup (PDF)
  8. Virtualization and Cloud computing - A security best practice guide (PDF)
  9. Virtualization and Cloud Security - Security Threats to Evolving Data Centers (PDF)
  10. Security Focus Report – Spam Trends in Today’s Business World (PDF)
  11. 2Q 2011 Crimeware Report (PDF)
  12. 2Q 2011 Threat Roundup (PDF)
  13. 1Q 2011 Crimeware Report (PDF)
  14. TrendLabs Threat Trends 2010: The Year of the Toolkit (PDF)
  15. FAKEAV - The Growing Problem (PDF)
  16. Trend Micro TrendLabs Global Threat Trends 1H 2010 (PDF)
  17. The Business of Cybercrime: A Complex Business Model (PDF)

Open all

The Apollo Campaign

A gateway to Eastern European banks

Banking Trojans have long been used to steal users' online banking credentials in North America and Western Europe. A crimeware tool primarily used to steal money, ZeuS, signaled in a new wave of cybercrime where different groups cooperated with one another for online theft. On the other hand, CARBERP is a popular malware family that specifically targets banks in Eastern Europe and Central Asia. Though recent reports reveal that the masterminds behind CARBERP were arrested in April 2013, the days of online banking theft in Eastern Europe are far from over.

Read The Apollo Campaign (PDF)

Suggestions to help companies with the fight against targeted attacks

This research paper provides some thoughts on how to configure a network in order to make lateral movement harder to accomplish and easier to detect, as well as how to prepare to deal with an infection. Given the advances attackers have been making, it is very unlikely that organizations will be able to keep motivated and patient adversaries out of their networks. In most cases, the best one can hope for is to detect targeted attacks early and limit the amount of information the attackers can obtain access to.

Read Suggestions to Help Companies with the Fight Against Targeted Attacks (PDF)

Email correlation and phishing

How big data analytics identifies malicious messages

Phishing is a long-running problem that has taken a turn for the worse. Phishing emails now so closely resemble legitimate ones, making it very difficult both for users and automated systems alike to tell them apart. As such, users end up clicking links embedded in phishing messages that take them to malicious sites, which directly or indirectly steal their personal information.

Read Email Correlation and Phishing (PDF)


An in-depth look at an emerging spambot

In recent years, we have seen a steady increase in the volume of spam originating from compromised websites. While these could be attributed to many parallel and isolated attacks primarily due to the vulnerable nature of the sites that are exploited, one particular operation we have dubbed "Stealrat" caught our attention. In as little as over two months, we have seen more than 170,000 compromised domains or IP addresses running WordPress, Joomla!, and Drupal send out spam.

Read Stealrat: An In-Depth Look at an Emerging Spambot (PDF)

››› More research papers

  1. Targeted Attacks Detection with SPuNge (PDF)
  2. Windows 8 and Windows RT: New Beginnings (PDF)
  3. Safe: A Targeted Threat (PDF)
  4. Latin American and Caribbean Cybersecurity Trends and Government Responses (PDF)
  5. SCADA in the cloud: A security conundrum? (PDF)
  6. Africa: A new safe harbor for cybercriminals (PDF)
  7. Who's really attacking your ICS equipment (PDF)
  8. Asprox reborn (PDF)
  9. FAKEM RAT: Malware (PDF)
  10. The HeartBeat APT Campaign (PDF)
  11. The Crimeware Evolution (PDF)
  12. Spear-Phishing Email: Most Favored APT Attack Bait (PDF)
  13. Police Ransomware Update (PDF)
  14. Russian Underground 101 (PDF)
  15. Detecting APT Activity with Network Traffic Analysis (PDF)
  16. W32.Tinba (Tinybanker): "The Turkish Incident" (PDF)
  17. The Taidoor Campaign: An In-Depth Analysis (PDF)
  18. Adding Android and Mac OS X Malware to the APT Toolbox (PDF)
  19. Continuous Monitoring in a Virtual Environment (PDF)
  20. Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs—An In-Depth Analysis (PDF)
  21. Automating online banking fraud—automatic transfer system: The latest cybercrime toolkit feature (PDF)
  22. IXESHE: An APT campaign (PDF)
  23. Consumerization of IT - a Trend Micro Technical Brief (PDF)
  24. Luckycat Redux: Inside an APT Campaign with Multiple Targets in India and Japan (PDF)
  25. The "Police Trojan": An In-Depth Analysis (PDF)
  26. The Olympics Change Freeze: Don’t Leave Your Critical Systems Out in the Cold (PDF)
  27. Traffic Direction Systems as Malware Distribution Tools (PDF)
  28. Toward a More Secure Posture for Industrial Control System Networks (PDF)
  29. More traffic, more money: KOOBFACE draws more blood (PDF)
  30. A Look at HTML5 Attack Scenarios (PDF)
  31. Trends in Targeted Attacks (PDF)
  32. Discerning Relationships: The Mexican Botnet Connection (PDF)
  33. Lessons Learned While Sinkholing Botnets - Not as Easy as It Looks! (PDF)
  34. From Russia to Hollywood: Turning the Tables on a SpyEye Cybercrime Ring (PDF)
  35. Dissecting the LURID APT - Campaign, Attacks, Tactics and Victims (PDF)
  36. Targeting the Source: FAKEAV Affiliate Networks (PDF)
  37. Sinkholing Botnets (PDF)
  38. The Dark Side of Trusting Web Searches - From Blackhat SEO to System Infection (PDF)
  39. The Botnet Chronicles – A Journey to Infamy (PDF)
  40. How Blackhat SEO Became Big (PDF)
  41. File-Patching ZBOT Variants - ZeuS 2.0 Levels Up (PDF)
  42. Dissecting the XWM Trojan Kit (PDF)
  43. Understanding WMI Malware (PDF)
  44. Web 2.0 Botnet Evolution - KOOBFACE Revisited (PDF)
  45. ZeuS - A Persistent Criminal Enterprise (PDF)
  46. Unmasking FAKEAV (PDF)
  47. Show Me the Money!: The Monetization of KOOBFACE (PDF)
  48. The Heart of KOOBFACE: C&C and Social Network Propagation (PDF)
  49. The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained (PDF)
  50. A Cybercrime Hub in Estonia (PDF)


Open all

Malicious network communications

What are you overlooking?

APT campaigns aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. To make a targeted attack successful, the communication channel between a threat actor and the malware inside a network must always remain open and unknown. Know how leveraging threat intelligence can help detect this malicious network traffic by reading this primer.

Read Malicious Network Communications: What Are You Overlooking (PDF)

5 predictions for 2013 and beyond

What should SMBs look out for?

As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.

Read our 5 predictions for SMBs (PDF)

Security threats to business, the digital lifestyle, and the cloud

Trend Micro predictions for 2013 and beyond

In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.

Read our 2013 predictions (PDF)

Eco and ego apps in Japan

Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.

Read Eco and Ego Apps in Japan (PDF)

››› More spotlight articles

  1. The knight fork: defining defense in 2013 (PDF)
  2. Peter the Great vs Sun Tzu (PDF)
  3. How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks (PDF)
  4. How tough is it to deal with APTs? (PDF)
  5. 12 Security Predictions for 2012 (PDF)
  6. Malicious Redirection: A Look at DNS Changers (PDF)
  7. The Perils that Malvertisements Pose (PDF)
  8. Cashing in on Cybercrime: New Malware Target Bitcoin (PDF)
  9. Online Surveys and Their Irresistible Lures: Why Social Media Users Fall for Scams (PDF)
  10. Android Malware Acts as an SMS Relay: Just the Tip of the Iceberg for AnAndroid Malware Acts as an SMS Relay: Just the Tip of the Iceberg for Android Malwaredroid Malware (PDF)
  11. From Application Guises to FAKEAV: The Evolution of Mac Malware (PDF)
  12. Mobile Landscape: Security Risks and Opportunities (PDF)
  13. Threats to Watch out for During the Tax Season (PDF)
  14. Celebrity News - Roll out the Red Carpet for Cybercrime (PDF)
  15. Cybercriminals Spread Love via Online Threats (PDF)
  16. Top Tips for Safer and More Secure Online Experiences in 2011 (PDF)
  17. 2010 Threats: The Good, the Bad, and the Ugly (PDF)
  18. Trend Micro 2011 Threat Predictions (PDF)
  19. Tis the Season to be Wary (PDF)
  20. Security Dangers of Using Open Wi-Fi Networks (PDF)
  21. From the Virtual Works to Real-World Threats (PDF)
  22. Slipping through the Cracks of Web Services to Serve Malware (PDF)
  23. Mobile Phones Emerge as Security Threat Targets (PDF)
  24. Why FAKEAV Persist (PDF)
  25. XSS Attack Hits Youtube (PDF)
  26. Avoiding the Whack-a-Mole Anti-Phishing Strategy (PDF)
  27. Security Threats Loom over Online Banking (PDF)
  28. Emerging Malware Business Platforms (PDF)
  29. Popularity Ushers in New Security Threats (PDF)
  30. Issues and Threats that Facebook Users Face (PDF)
  31. The Evolution of Botnets (PDF)
  32. Building Businesses and Potential Threats with Online Social Networks (PDF)
  33. DOWNAD/Conficker: The Case of the Missing Malware (PDF)

Social Media

Connect with us on