Research and Analysis

While exploits and vulnerabilities are a common problem for users, zero-day exploits in high-profile applications are relatively rare. That was not the case in the first quarter of 2013. Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat, and Reader.

In addition, as predicted, we saw improvements in already-known threats like spam botnets, banking Trojans, and readily available exploit kits.

Other high-profile incidents include the South Korean cyber attacks in March, which reiterated the dangers targeted attacks pose. On the mobile front, fake versions of popular apps remained a problem though phishers found a new target in the form of mobile browsers.

Stay up-to-date to stay protected.

Learn more (PDF)

Experts have been predicting the coming “post-PC” era for a few years. So the question has been, “when will we know that it’s really here?” A simple answer is, we’ll know it’s really here when cybercriminals move beyond the PC. By that measure, 2012 is truly the year we entered the post-PC era as cybercriminals moved to embrace Android, social media platforms, and even Macs with their attacks.

Learn more (PDF)

Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space. And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace.

Learn more (PDF)

Smartphones are to the early 21st century what the PC was to the late 20th century–a universal tool valued for its productivity and fun factor but hated for the problems it can bring. Since smartphones are handheld computers that communicate, the threats they face are both similar and different from the PC challenges many of us are familiar with. Like the PC, many of today’s mobile malware prey upon the unwary. However, the nature of the mobile malware threat is, in some ways, very different.

Malware targeting Google’s Android platform increased nearly sixfold in the third quarter of 2012. What had been around 30,000 malicious and potentially dangerous or high-risk Android apps in June increased to almost 175,000 between July and September.

This report will examine what led to the increase and what it means for users and developers alike.

Learn more (PDF)

1. 2Q 2012 Security Roundup: It's big business and it's getting personal (PDF)
2. 1Q 2012 Security Roundup: Security in the Age of Mobility (PDF)
3. A Look Back at 2011: Information is Currency (PDF)
4. 3Q 2011 Threat Roundup (PDF)
5. Virtualization and Cloud computing - A security best practice guide (PDF)
6. Virtualization and Cloud Security - Security Threats to Evolving Data Centers (PDF)
7. Security Focus Report – Spam Trends in Today’s Business World (PDF)
8. 2Q 2011 Crimeware Report (PDF)
9. 2Q 2011 Threat Roundup (PDF)
10. 1Q 2011 Crimeware Report (PDF)
11. TrendLabs Threat Trends 2010: The Year of the Toolkit (PDF)
12. FAKEAV - The Growing Problem (PDF)
13. Trend Micro TrendLabs Global Threat Trends 1H 2010 (PDF)
14. The Business of Cybercrime: A Complex Business Model (PDF)

Two of the hottest buzzwords circulating in the IT world today are “SCADA” and “cloud computing.” Combining the two technologies has been discussed and is starting to gather more attention in connection with cost savings, system redundancy, and uptime benefits. The question then is: “Are the savings substantial enough to offset the security concerns that users may have if they migrate integral SCADA devices to the cloud?”

Learn more (PDF)

At the end of 2012, Trend Micro cited three reasons why we think Africa is poised to become a new cybercrime harbor. We cited the availability of fast Internet access, the expanding Internet user base, and the lack of cybercrime laws in some African countries as the main reasons why Trend Micro believes so.

This research paper discusses the reasons cited above in more detail. By taking a look at the recent developments in the continent’s Internet infrastructure, we will map Africa’s journey to becoming a safe harbor for cybercriminals in the next three years or so.

Learn more (PDF)

Industrial control systems (ICS) are devices, systems, networks, and controls used to operate and/or automate industrial processes. These devices are often found in nearly any industry—from the vehicle manufacturing and transportation segment to the energy and water treatment segment.

Supervisory control and data acquisition (SCADA) networks are systems and/or networks that communicate with ICS to provide data to operators for supervisory purposes as well as control capabilities for process management. As automation continues to evolve and becomes more important worldwide, the use of ICS/SCADA systems is going to become even more prevalent.

ICS/SCADA systems have been the talk of the security community for the past two years due to Stuxnet, Flame, and several other threats and attacks. While the importance and lack of security surrounding ICS/SCADA systems is well-documented and widely known, this research paper illustrates who’s really attacking Internet-facing ICS/SCADA systems and why. It also covers techniques to secure ICS/SCADA systems and some best practices to do so.

Learn more (PDF)

This research paper documents the Asprox botnet’s current operations. The botnet comprises several components that work together to sustainably send out spam related to “rogue pharma” or that contains malware used to increase its size. In addition, Asprox issues commands that instruct compromised computers to download additional payloads provided by a pay-per-install (PPI) affiliate, from which botnet operators earn revenue.

Learn more (PDF)

1. FAKEM RAT: Malware (PDF)
2. The HeartBeat APT Campaign (PDF)
3. The Crimeware Evolution (PDF)
4. Spear-Phishing Email: Most Favored APT Attack Bait (PDF)
5. Police Ransomware Update (PDF)
6. Russian Underground 101 (PDF)
7. Detecting APT Activity with Network Traffic Analysis (PDF)
8. W32.Tinba (Tinybanker): "The Turkish Incident" (PDF)
9. The Taidoor Campaign: An In-Depth Analysis (PDF)
10. Adding Android and Mac OS X Malware to the APT Toolbox (PDF)
11. Continuous Monitoring in a Virtual Environment (PDF)
12. Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs—An In-Depth Analysis (PDF)
13. Automating online banking fraud—automatic transfer system: The latest cybercrime toolkit feature (PDF)
14. IXESHE: An APT campaign (PDF)
15. Consumerization of IT - a Trend Micro Technical Brief (PDF)
16. Luckycat Redux: Inside an APT Campaign with Multiple Targets in India and Japan (PDF)
17. The "Police Trojan": An In-Depth Analysis (PDF)
18. The Olympics Change Freeze: Don’t Leave Your Critical Systems Out in the Cold (PDF)
19. Traffic Direction Systems as Malware Distribution Tools (PDF)
20. Toward a More Secure Posture for Industrial Control System Networks (PDF)
21. More traffic, more money: KOOBFACE draws more blood (PDF)
22. A Look at HTML5 Attack Scenarios (PDF)
23. Trends in Targeted Attacks (PDF)
24. Discerning Relationships: The Mexican Botnet Connection (PDF)
25. Lessons Learned While Sinkholing Botnets - Not as Easy as It Looks! (PDF)
26. From Russia to Hollywood: Turning the Tables on a SpyEye Cybercrime Ring (PDF)
27. Dissecting the LURID APT - Campaign, Attacks, Tactics and Victims (PDF)
28. Targeting the Source: FAKEAV Affiliate Networks (PDF)
29. Sinkholing Botnets (PDF)
30. The Dark Side of Trusting Web Searches - From Blackhat SEO to System Infection (PDF)
31. The Botnet Chronicles – A Journey to Infamy (PDF)
32. How Blackhat SEO Became Big (PDF)
33. File-Patching ZBOT Variants - ZeuS 2.0 Levels Up (PDF)
34. Dissecting the XWM Trojan Kit (PDF)
35. Understanding WMI Malware (PDF)
36. Web 2.0 Botnet Evolution - KOOBFACE Revisited (PDF)
37. ZeuS - A Persistent Criminal Enterprise (PDF)
38. Unmasking FAKEAV (PDF)
39. Show Me the Money!: The Monetization of KOOBFACE (PDF)
40. The Heart of KOOBFACE: C&C and Social Network Propagation (PDF)
41. The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained (PDF)
42. A Cybercrime Hub in Estonia (PDF)

As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.

Read our 5 predictions for SMBs (PDF)

In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.

Read our 2013 predictions (PDF)

Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.

Read Eco and Ego Apps in Japan (PDF)

When was the last time you played chess? If you are responsible for cyber security you are unwittingly playing it every day. We must appreciate the ancient sport of chess in order to reorganize our defense in 2013.

Read The Knight Fork: Defining Defense in 2013 (PDF)

1. Peter the Great vs Sun Tzu (PDF)
2. How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks (PDF)
3. How tough is it to deal with APTs? (PDF)
4. 12 Security Predictions for 2012 (PDF)
5. Malicious Redirection: A Look at DNS Changers (PDF)
6. The Perils that Malvertisements Pose (PDF)
7. Cashing in on Cybercrime: New Malware Target Bitcoin (PDF)
8. Online Surveys and Their Irresistible Lures: Why Social Media Users Fall for Scams (PDF)
9. Android Malware Acts as an SMS Relay: Just the Tip of the Iceberg for AnAndroid Malware Acts as an SMS Relay: Just the Tip of the Iceberg for Android Malwaredroid Malware (PDF)
10. From Application Guises to FAKEAV: The Evolution of Mac Malware (PDF)
11. Mobile Landscape: Security Risks and Opportunities (PDF)
12. Threats to Watch out for During the Tax Season (PDF)
13. Celebrity News - Roll out the Red Carpet for Cybercrime (PDF)
14. Cybercriminals Spread Love via Online Threats (PDF)
15. Top Tips for Safer and More Secure Online Experiences in 2011 (PDF)
16. 2010 Threats: The Good, the Bad, and the Ugly (PDF)
17. Trend Micro 2011 Threat Predictions (PDF)
18. Tis the Season to be Wary (PDF)
19. Security Dangers of Using Open Wi-Fi Networks (PDF)
20. From the Virtual Works to Real-World Threats (PDF)
21. Slipping through the Cracks of Web Services to Serve Malware (PDF)
22. Mobile Phones Emerge as Security Threat Targets (PDF)
23. Why FAKEAV Persist (PDF)
24. XSS Attack Hits Youtube (PDF)
25. Avoiding the Whack-a-Mole Anti-Phishing Strategy (PDF)
26. Security Threats Loom over Online Banking (PDF)
27. Emerging Malware Business Platforms (PDF)
28. Popularity Ushers in New Security Threats (PDF)
29. Issues and Threats that Facebook Users Face (PDF)
30. The Evolution of Botnets (PDF)
31. Building Businesses and Potential Threats with Online Social Networks (PDF)
32. DOWNAD/Conficker: The Case of the Missing Malware (PDF)