Connect with us

Hi, what are you looking for?

BUSINESS

Trend Micro warns businesses, organizations on targeted attack called ‘Safe’

Trend Micro Incorporated, a global leader in consumer digital information security, has revealed a new targeted attack campaign called “Safe”.

Figure 2. Sample of Safe campaign spear-phishing email

Trend Micro Incorporated, a global leader in consumer digital information security, has revealed a new targeted attack campaign called “Safe” which compromised government ministries, technology firms, media outlets, academic institutions and non-governmental organizations from over 100 countries. 

This campaign was first seen on October 2012.

“Those obvious threat campaigns are becoming increasingly well known within the security community,” Macky Cruz, security focus lead of Trend Labs, Trend Micro Incorporated, said. “However, there are some new and smaller campaigns emerging as well, which could create successful and long-term compromises of high-value organizations and enterprises worldwide, and these campaigns cannot be ignored.”

These campaigns, such as “Safe”, use small clusters of C&C servers, new malware as well as attack fewer targets.

The campaign involved nearly 12,000 unique IP addresses that were connected to two sets of command-and-control (C&C) servers with the countries involved being widely dispersed.

Advertisement. Scroll to continue reading.
Figure 1: Breakdown of the top 15 Unique IP Address Locations

Figure 1: Breakdown of the top 15 Unique IP Address Locations

Trend Micro released a research paper which documented the operations of this “Safe” campaign along with their threat protection recommendations. Safe targeted its victims using spear-phishing emails containing a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158) and leveraging social engineering techniques for initial intrusion. Furthermore, their research discovered in its finding that the average number of actual victims connected to the C&C server remained at 71 per day, with few if any day to day changes. The research also noted that the Safe campaign targeted specific industries and communities in specific regions as early as October 2012.

Figure 2. Sample of Safe campaign spear-phishing email

Figure 2. Sample of Safe campaign spear-phishing email

While determining the intent and identity of the attackers remains difficult, Trend Micro assessed that the Safe campaign is targeted and uses malware developed by a professional software engineer who may be connected to the cybercriminal underground in China. However, the relationship between the malware developers and the campaign operators themselves remains unclear.

Implementation of Trend Micro solutions will help prevent and detect attacks related to the Safe campaign. Trend Micro recommends a comprehensive security risk management strategy that goes further than advanced protection to meet the real-time threat management requirements of dealing with targeted attacks.

Trend Micro Incorporated is a pioneer in server security with over 20 years’ experience.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The NTSC is an industry-wide alliance of corporate security professionals representing the country’s major telecommunications companies, including PLDT Inc., Smart Communications, Inc., Globe Telecom,...

HEADLINES

Globally, almost one in four report losses exceeding $5,000,000, and for some, it surpasses $10,000,000. These findings were revealed in a joint study conducted...

HEADLINES

In a new report covering Q2 2024 – Q1 2025, Kaspersky has found over 250,000 cyberattacks disguised as popular anime among other shows and streaming platforms...

HEADLINES

From January to December 2024, Kaspersky solutions used by businesses here detected and blocked more than 53 million bruteforce attacks. 

HEADLINES

According to Kaspersky experts, 2024 saw over 3 billion malware attacks globally, with a daily average of 467,000 malicious files detected. Windows systems were...

HEADLINES

Cybercriminals target SMBs, schools, and other smaller organizations because they often have less robust security compared to large corporations and other institutions. 

HEADLINES

Sophos Counter Threat Unit revealed the NICKEL TAPESTRY threat group’s scheme involving fraudulent workers operating on behalf of North Korea (formally known as the...

HEADLINES

PRSP is a staunch advocate of communication based on honesty and integrity. While our role is to uphold and strengthen the reputation of our...

Advertisement