The IT Nerd

Trend Micro researchers have discovered a new variant of AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. This is the first sample observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file. The ransomware is also capable of scanning multiple endpoints for Log4Shell.

Chris Olson, CEO of The Media Trust had this to say:

“Like many other ransomware attacks from recent memory, the new AvosLocker variant targeted a vulnerable third-party service (in this case, a web-based password locker). As organizations come to rely more and more on digital tools and services to run their business, they should learn about the dangers of digital supply chain attacks and continually monitor their partners to enforce trust and safety standards. Just as AvosLocker evades detection in the course of a breach, Web and mobile apps are increasingly targeted by cyber actors using sophisticated techniques such as obfuscated and polymorphic code to dodge blockers or URL filters.”

The fact that this new variant leverages Log4Shell, and takes such evasive action shows how dangerous this variant is. Thus it means that you should make sure you are completely updated in terms of any security patches and antivirus definitions so that you don’t become the next victim of this variant.

Trend Micro has been recognized as a leader in cyber security solutions by two prestigious industry reports:

• According to the Forrester Wave Report Trend Micro is one of only three vendors to be named a Leader and have received a five out of five score in investigation capabilities, ATT&CK alignment, extended capabilities, innovation roadmap, and five other criteria. 
• This recognition is reinforced by the MITRE Engenuity ATT&CK Evaluations, in which Trend Micro Vision One™ ranked #1 in the protection category after being tested against simulated breaches inspired by real-world attacks to ensure customers can appropriately visualize and address today’s threats.  

Once more, Trend Micro has demonstrated it is dedicated to serving on customers’ current and evolving security needs, by providing comprehensive threat detection and response across the industry.

To read a full copy of The Forrester Wave™: Detection and Response (EDR), Q2 2022 the report, please visit: https://www.trendmicro.com/explore/forrester-wave-edr

Trend Micro Incorporated has announced the launch of Trend Micro One, a unified cybersecurity platform with a growing list of ecosystem technology partners that enables customers to better understand, communicate, and lower their cyber risk.

Organizations are battling on all fronts to face mounting cyber risks from their complex and growing attack surface with stretched teams and siloed security products. The unified security platform approach delivers a continuous lifecycle of risk and threat assessment with attack surface discovery, cyber risk analysis, and threat mitigation and response.  

Inaugural partners of the Trend Micro One technology ecosystem include: Bit Discovery, Google Cloud, Microsoft, Okta, Palo Alto Networks, ServiceNow, Slack, Qualys, Rapid7, Splunk, and Tenable.

According to Gartner®, “vendors are increasingly acquiring or developing these adjacent technologies and integrating them into a single platform. The benefits are best realized when this integration minimizes consoles and configuration planes and reuses components (e.g., endpoint agents) and information.”

As a unified platform, Trend Micro One delivers powerful risk assessment capabilities, but the ecosystem partners extend that to make it the most complete in the industry. Joint customers benefit from truly connected visibility, better detection and response capabilities, and comprehensive protection across security layers and systems.

Trend Micro One supports this approach by enabling customers to:

• Discover the attack surface: Identify, monitor, and profile cyber assets in customers’ environments.
• Understand and continuously assess risk: Analyze risk exposure, the status of vulnerabilities, the configuration of security controls, and types of threat activity.
• Effectively mitigate risk: Ensure the right preventative controls and take swift action to mitigate risk and remediate attacks across the enterprise by leveraging Trend Micro’s threat and risk intelligence. 

Trend Micro One unified cybersecurity platform is available now. To see how it works and find out more, please visit: https://www.trendmicro.com/en_us/business/products/one-platform.html

Trend Micro Incorporated today announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, standing globally at -0.04, which is an elevated risk level with North America being at -0.01. Canada received a score of 0.16, which shows that the country has a moderate cyber risk level in comparison to global and North American (NA) organizations. The research also found that Canada is more prepared than all of North America to handle cyber risk (at a score of 5.41 vs. 5.35 in NA). However, respondents revealed that nearly three-quarters (74%) of Canadian organizations think they’ll be breached in the next 12 months, with 30% claiming this is “very likely” to happen.

The biannual CRI report asks pointed questions to measure the gap between respondents’ preparedness for attacks and their likelihood of being attacked*. In Canada, 83% of organizations claimed to have suffered one or more successful cyber-attacks in the past 12 months, with 32% saying they’d experienced seven or more.

Ransomware, phishing/social engineering, denial of service (DoS) and botnets top the list of key concerns, with negative consequences of a breach including stolen or damaged equipment, lost revenues and costs of outside consultants/experts.

When it comes to IT infrastructure, Canadian organizations are most worried about security risks in relation to mobile/remote employees (score of 7.55/10), third-party applications (score of 7.25/10), and mobile/ smart phone devices (6.55/10). 

While digital investments were necessary to support remote working and drive business efficiencies during the pandemic, this report brings to light the increasing corporate attach surface and ongoing challenges business face securing such investments.

In Canada, the highest levels of risk were around the following statements:

• My organization’s IT security function strictly enforces acts of non-compliance to security policies, standard operating procedures, and external requirements 
• My organization’s IT security function supports security in the DevOps environment
• My organization makes appropriate investments in leading-edged security technologies such as machine learning, automation, orchestration, analytics and/or artificial intelligence tools. 
• My organization’s IT security function complies with data protection and privacy requirements.
• My organization’s IT security leader (CISO) has sufficient authority and resources to achieve a strong security posture.

This clearly indicates that more resources must be diverted to people, processes, and technology to enhance preparedness and reduce overall risk levels.

As organizations and security teams struggle to manage the increasing complexity introduced by digital transformation, data privacy, compliance, and more, the need for a platform-based approach will be critical.

* An index value is calculated from this information based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. In this report, the Canada CRI stood at 0.16 versus -0.01 for North America and -0.04 for global, indicating a moderate level of risk.  

As ransomware continues to be a security concern, a new variant named AvosLocker was discovered as an emerging threat. A recent report from Trend Micro titled “Ransomware Spotlight: AvosLocker” details this:

AvosLocker is one of the newer ransomware families that came to fill the void left by REvil. While not as prominent or active as LockBit or Conti, it is slowly making a name for itself, with the US Federal Bureau of Investigation (FBI) releasing an advisory on this threat. According to the report, AvosLocker has been targeting critical infrastructure in different sectors of the US, with attacks also observed in other countries like Canada, UK, and Spain. Although detections are low, its clever use of familiar tactics makes it a ransomware variant worth monitoring today.

Of interest, the report found that Canada was among the top two countries for AvosLocker detections between July 2021 to February 2022.Moreover, the top three industries affected in Canada were energy, healthcare and the financial sectors.

While AvosLocker is a comparatively newer ransomware family with a low detection rate compared to LockBit or Conti, it is slowly making a name for itself, with the US Federal Bureau of Investigation (FBI) releasing an advisory on this threat. 

Although detections are low, its clever use of familiar tactics makes it a ransomware variant worth monitoring today.

• It uses the remote administration tool AnyDesk. One of the notable characteristics of AvosLocker campaigns is its use of AnyDesk, a remote administration tool (RAT) to connect to victim machines. Using this tool, the operator can manually operate and infect the machine.
• It runs on safe mode. Another key element of AvosLocker is running itself on safe mode as part of its evasion tactics. The attacker restarts the machine, disables certain drivers, and runs on safe mode, thus avoiding certain security measures that are unable to run in this mode. Operators also set up certain drivers to make sure that AnyDesk would run even in safe mode. It is important to note that this was a tactic previously employed by the now defunct REvil.
• Operators auction stolen data. AvosLocker again takes a leaf from REvil’s page by auctioning stolen data on its site, on top of its double extortion scheme. This could be the group’s way of further monetizing a single successful attack or salvaging a failed one.

Operating as a RaaS, the actors behind AvosLocker coordinate their attacks and choose their targets based on their ability to pay the demanded ransom, pursuing critical infrastructure in different industries.

I would read this Trend Micro report and see if your defences against this ransomware measure up.

Trend Micro today announced a new report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups.

To read a full copy of the report, A Floating Battleground Navigating the Landscape of Cloud-Based Cryptocurrency Mining, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/probing-the-activities-of-cloud-based-cryptocurrency-mining-groups

Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell (SSH) credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals. Targets are often characterized by having outdated cloud software in the cloud environment, poor cloud security hygiene, or inadequate knowledge on how to secure cloud services and thus easily exploited by threat actors to gain access to the systems. 

Cloud computing investments have surged during the pandemic. But the ease with which new assets can be deployed has also left many cloud instances online for longer than needed—unpatched and misconfigured.

On one hand, this extra computing workload threatens to slow key user-facing services for victim organizations, as well as increasing operating costs by up to 600% for every infected system.

Crypto mining can also be a precursor to more serious compromise. Many mature threat actors deploy mining software to generate additional revenue before online buyers purchase access for ransomware, data theft, and more.

The Trend Micro report details the activity of multiple threat actor groups in this space, including:

• Outlaw, which compromises IoT devices and Linux cloud servers by exploiting known vulnerabilities or performing brute-force SSH attacks.
• TeamTNT, which exploits vulnerable software to compromise hosts before stealing credentials for other services to help it move around to new hosts and abuse any misconfigured services.
• Kinsing, which sets up an XMRig kit for mining Monero and kicks any other miners off a victim system.
• 8220, which has been observed fighting Kinsing over the same resources. They frequently eject each other from a host and then install their own cryptocurrency miners.
• Kek Security, which has been associated with IoT malware and running botnet services.

To mitigate the threat from cryptocurrency mining attacks in the cloud, Trend Micro recommends organizations to:

• Ensure systems are up-to-date and running only the required services
• Deploy firewall, IDS/IPS, and cloud endpoint security to limit and filter network traffic to and from known bad hosts
• Eliminate configuration errors via Cloud Security Posture Management tools
• Monitor traffic to and from cloud instances and filter out domains associated with known mining pools
• Deploy rules that monitor open ports, changes to DNS routing, and utilization of CPU resources from a cost perspective

New research from Trend Micro Incorporated warns of spiraling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organizations and individuals.

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialization, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro Cloud App Security (CAS) detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

In the cloud, incorrectly configured systems continue to plague organizations. Services such as Amazon Elastic Block Store and Microsoft Azure’s Virtual Machine were among the services that had relatively high misconfiguration rates. Trend Micro also found that Docker REST APIs are frequently misconfigured, exposing them to attacks from groups like TeamTNT that deploy crypto-mining malware on affected systems.

Business email compromise (BEC) saw detections drop 11%. However, CAS blocked a higher percentage of advanced BEC emails, which could be detected only by comparing the writing style of the attacker with that of the intended sender. These attacks comprised 47% of all BEC attempts in 2021 versus 23% in 2020.

While 2021 was a record year for new vulnerabilities, Trend Micro research shows that 22% of the exploits sold in the cybercrime underground last year were over three years old. Patching old vulnerabilities remains an essential task alongside monitoring for new threats to prevent cyber-attacks and ensure strong security posture.

To learn more about Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/navigating-new-frontiers-trend-micro-2021-annual-cybersecurity-report

Trend Micro Incorporated has published new research* revealing that persistently low IT/C-suite engagement may imperil investments and expose organizations to increased cyber risk. In Canada 93% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

To read a full copy of the global report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study

Despite widespread concern over spiralling threats, the study found that only 2-in-5 (42%) of responding IT teams discuss cyber risks with the C-suite at least weekly.

Fortunately, current investment in cyber initiatives is not critically low. Just under half (46%) of respondents claimed their organization is spending most on “cyber-attacks” to mitigate business risk. This was the most popular answer, above more typical projects like digital transformation (40%) and workforce transformation (32%). In addition, nearly half (44%) said they have recently increased investments to mitigate the risks of ransomware attacks and security breaches.

However, low C-suite engagement combined with increased investment suggests a tendency to ‘throw money’ at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately. This approach may undermine more effective strategies and risk greater financial loss. 1-out-of-2 respondents (50%) said that cyber threats were an IT problem, while just 34% found it to be an overall business risk. Less than half (40%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organization. Even more troubling, 8% of respondents said that their company does not assess cyber risk at all. 

Three quarters of Canadian respondents (75%) want to hold more people in the organization responsible for managing and mitigating these risks, which would help to drive an enterprise-wide culture of “security by design.” The largest group of respondents (32%) favoured holding CEOs responsible. Other non-IT roles cited by respondents included CFOs (26%) and CMOs (14%). 

The study follows previous Trend Micro Research revealing a worrying cybersecurity disconnect between business and IT leaders – perpetuated by self-censorship from cyber experts and disagreements over who is ultimately responsible.

*Trend Micro commissioned Sapio Research to interview 5321 IT and business decision makers from enterprises larger than 250 employees across 26 countries​.

Data has become increasingly valuable in our digitally connected lives, with both organizations and threat actors looking to harness it for their own benefit.

Smartphones and apps have ushered us into a new age where it has become common for apps to ask for access to your personal data – such as geolocation, access to your contact list and even in some cases your photos. Consumers are reminded to be careful with who has access to this. 

Data Privacy Day on January 28 is aimed at raising awareness and promoting best practices for data privacy and protection in the digital age.

Trend Micro has posted an blog entry titled “12 Tips to Keep Your Data Private.” I highly encourage you to have a look at this as these are tips that can help to keep you safe.