Skip to content Skip to sidebar Skip to footer

Read on: 

Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report

Trend Micro looks back at the most significant security issues that emerged in 2021, with insights and recommendations to help organizations bolster their defenses. The digital migrations and transformations that had enabled organizations to continue their operations amid the Covid-19 pandemic continued to usher in significant shifts in the threat landscape in 2021.

US Has ‘Significant’ Cyber Vulnerabilities, But A Sweeping Russian Cyberattack Is Unlikely

Even as the Russian army drops bombs and mortar shells on civilians in hospitals and neighborhoods and its invasion of Ukraine nears its fourth week, no known nightmare cyber scenario – a widespread power outage, a poisoned water system, a crippled supply chain – has come to pass in Ukraine, the US or elsewhere. The general consensus among the nearly 20 experts who spoke with CNN is that while Russia is well positioned to launch catastrophic cyberattacks on the US, it is not likely to do so.

New RURansom Wiper Targets Russia

Trend Micro analyzes RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper due to its irreversible destruction of encrypted files.

Ukraine Secret Service Arrests Hacker Helping Russian Invaders

The Security Service of Ukraine (SBU) said it has detained a “hacker” who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.

New Nokoyawa Ransomware Possibly Related to Hive

In March 2022, Trend Micro came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they execute various steps.

Russian Cyclops Blink Botnet Launches Assault Against Asus Routers

The Cyclops Blink botnet is now targeting Asus routers in a new wave of cyberattacks. Cyclops Blink, a modular botnet, is suspected of being the creation of Sandworm/Voodoo Bear, a Russian advanced persistent threat (APT) group.

Will Russian Oil Ban Spur Increased Cyber-Attacks

President Biden banned the sale of Russian oil to the United States to deprive the Putin regime of the economic resources needed to wage war. But this may put US companies in the firing line of cyber-attacks from the east.

New Ransomware Lokilocker Bundles Destructive Wiping Component

A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims.

Utility Cybersecurity: How Cyber Awareness Can Reduce Future Risk

The electric utility industry is one of the most critical infrastructure industries that highly affects people’s lives and economic activities. The power grids connect the systems of power generation, substation, transmission, and distribution over a wide area. They are going modernized and under threat from nation-state attacks.

Facebook Removes ‘Deepfake’ Of Ukrainian President Zelenskyy

Meta removed a deepfake video of Ukrainian President Volodymyr Zelenskyy issuing a statement that he never made, asking Ukrainians to “lay down arms.” The deepfake appears to have been first broadcasted on a Ukrainian news website for TV24 after an alleged hack. The video shows an edited Zelenskyy speaking behind a podium declaring that Ukraine has “decided to return Donbas” to Russia and that his nation’s war efforts had failed.

Oil & Gas Cybersecurity: Stop Critical Operation Cyber-attacks

Trend Micro has released a technical report on how the oil and gas industry can gain situational awareness across OT, IT and CT. The ransomware attack on the Colonial Pipeline in May 2021 had a huge impact on the industry. In February 2022, it was also reported that European oil facilities hit by cyber-attack and forced to operate at limited capacity. These latest incidents suggest that oil and gas supply process depend on IT systems, and that the critical operations could be disrupted by IT not working due to cyber-attack.

Cyclops Blink Sets Sights on Asus Routers

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.

Keeping a Close Watch: Trend Micro Specialized Cybersecurity Report for Latin America and the Caribbean

In collaboration with the Cybersecurity Program of OAS/CICTE, we examine the cybersecurity challenges affecting member states of the OAS. These issues include ransomware and active attacks, threats related to remote work, and the risks brought about by the adoption of new technologies.

What did you find most surprising from Trend Micro’s 2021 Annual Cybersecurity Report? Tweet me on Twitter to continue the conversation: @JonLClay.

Leave a comment

[mc4wp_form id="491"]

[mc4wp_form id="491"]

ThemeREX © 2022. All rights reserved.

ThemeREX © 2022. All rights reserved.

Read on: 

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

An earlier version of an out-of-bounds (OOB) vulnerability in Samba was disclosed via Trend Micro Zero Day Initiative’s (ZDI) Pwn2Own Austin 2021. While we have not seen any active attacks exploiting this vulnerability, CVE-2021-44142 received a CVSS rating of 9.9 out of the three variants reported. If abused, this security gap can be used by remote attackers to execute arbitrary code as root on all affected installations that use the virtual file system (VFS) module vfs fruit.

White House Cybersecurity Official in Europe Warning of Russian Hacks

Russia could use cyberattacks as part of its efforts to destabilize and further invade Ukraine, a White House cyber official visiting her European counterparts said. Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technology, met with European Union and NATO officials in Brussels to discuss the threat of cyber-attacks against Ukraine by Russia.

Conti and LockBit Make Waves with High-Profile Attacks: Ransomware in Q4 2021

Ransomware actors were intent on punctuating 2021 with a wave of high-profile attacks. Trend Micro zeroes in on LockBit and Conti ransomware operators: two groups that worked overtime in the final quarter of 2021, as evidenced by the modern ransomware campaigns that they launched against different organizations in various countries.

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform devices on a common network, including SMB file-sharing. Gaining the ability to execute remote code as a root user means that an attacker would be able to read, modify or delete any files on the system, enumerate users, install malware (such as cryptominers or ransomware), and pivot to further into a corporate network.

Codex Exposed Helping Hackers in Training

This is the fourth and final installment of Trend Micro’s series analyzing Codex. In this blog, Trend Micro analyzes how useful the Codex code generator is as a potential training tool and what possibilities a coding assistant offers to hackers in training.

Inside Trickbot, Russia’s Notorious Ransomware Gang

Internal messages shed new light on the operators of one of the world’s biggest botnets. The documents include messages between senior members of Trickbot, dated from the summer and autumn of 2020, and expose how the group planned to expand its hacking operations. They lay bare key members’ aliases and show the ruthless attitude of members of the criminal gang.

BlackCat Ransomware Implicated in Attack on German Oil Companies

An internal report from the Federal Office for Information Security (BSI) said the BlackCat ransomware group was behind the recent cyberattack on two German oil companies that is affecting hundreds of gas stations across northern Germany.

$320 Million Stolen from Wormhole, Bridge Linking Solana and Ethereum

Wormhole, one of the most popular bridges linking the Ethereum and Solana blockchains, lost about $320 million in an apparent hack Wednesday afternoon. The two blockchains are popular in the world of DeFi, where programmable contracts can replace lawyers and bankers in some transactions, and NFTs, but few users stick with one blockchain exclusively, so bridges like Wormhole are a necessary go-between.

Cyberattack Hits German Service Station Provider

The company this afternoon confirmed to The Register that Oiltanking GmbH’s terminals – which provide Shell service stations, among others – are “operating with limited capacity” and that Mabanaft GmbH had “declared force majeure for the majority of its inland supply activities in Germany.” Shell has additional providers, however, and said it had “diverted operations to other suppliers to minimise disruption.”

What do you think about the threat of Russian cyberattacks against Ukraine? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.