1. Homepage
  2. Equities
  3. Japan
  4. Japan Exchange
  5. Trend Micro
  6. News
  7. Summary
    4704   JP3637300009


Delayed Japan Exchange  -  02:00 2022-08-12 am EDT
8450.00 JPY   +0.72%
08/09Trend Micro Incorporated Revises Consolidated Earnings Guidance for the Full Fiscal Year Ending December 31, 2022
08/09Nikkei 226 Off 0.9% on Soft Tech-Sector Earnings
08/09TRANSCRIPT : Trend Micro Incorporated, Q2 2022 Earnings Call, Aug 09, 2022
SummaryMost relevantAll NewsOther languagesPress ReleasesOfficial PublicationsSector news

Ankura CTIX FLASH Update - May 31, 2022

06/15/2022 | 12:09pm EDT


Enemybot Botnet Observed Exploiting Critical Vulnerabilities to Expand Its Potential Targets

"Enemybot," an internet of things (IoT) botnet, has been observed expanding its potential target scope by exploiting critical vulnerabilities that allow it to spread to new types of devices. AT&T Alien Labs researchers detailed that the malware is now targeting IoT devices, web servers, Android devices, and content management system (CMS) servers via exploiting recently disclosed critical vulnerabilities in various software and systems. Some of the targeted services include VMware Workspace ONE, WordPress, Adobe ColdFusion, and PHP Scriptcase. Enemybot was first discovered in March 2022 by Securonix researchers and is suspected to be distributed by the Keksec threat group (also known as Kek Security or FreakOut). The original botnet code used by Enemybot is comprised of Mirai, Qbot, and Zbot, as well as custom developments made by the threat actor. The malware exploits twenty-four (24) vulnerabilities, including Log4j (CVE-2021-44228 and CVE-2021-45046), a F5 BIG IP remote code execution (RCE) flaw (CVE-2022-1388), and a VMware Workspace ONE RCE flaw (CVE-2022-22954). Enemybot also exploits vulnerabilities not yet tracked via CVE, such as a Razer Sila command injection flaw (April 2022), a PHP Scriptcase 9.7 RCE flaw (April 2022), and an Adobe ColdFusion 11 RCE flaw (February 2022). It is recommended that administrators enable automatic software updates, utilize a configured firewall, maintain minimal exposure to the Internet, and monitor network traffic for unusual activity. A full list of exploited vulnerabilities, indicators of compromise (IOCs), and a deeper technical analysis of Enemybot can be viewed in Alien Labs report linked below.

  • BleepingComputer: Enemybot Article
  • AT&T Alien Labs: Enemybot Report
  • FBI Alerts of an Increase in Higher Education Credentials Sold on Hacker Forums

    The FBI released a new warning to colleges and universities across the US about an increase in network and virtual private network (VPN) credentials appearing on underground forums and on the dark web. The credentials are "often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics," suggesting that these credentials are not specifically targeted by threat actors, but instead are the side effect of attacks aimed at higher education. These credentials are often sold by initial access brokers to cybercriminals, such as ransomware operators and state-sponsored threat actors who can leverage them to pivot across the network and deploy ransomware, malware, or spy on the organization. The FBI noted a specific campaign from 2017 targeting .edu email accounts by cloning college's login pages and using them in targeted phishing attacks. These types of phishing attacks against higher education have increased with new COVID themed campaigns and could explain a part of the increase in stolen credentials identified on underground forums and marketplaces. The FBI has detailed a list of recommendations in their alert, which can be found below. CTIX analysts recommend universities and colleges recently impacted by a cybersecurity breach consider engaging a dark web monitoring service to discover potential credential leaks on underground forums.

  • The Record: College Credential Leaks Article
  • FBI Alert

    SilverTerrier Organization Leader Arrested

    After a year-long investigation conducted with the assistance of Interpol, Nigerian authorities arrested the suspected leader of the SilverTerrier threat organization in March 2022. SilverTerrier primarily targets entities throughout the technology, education, and manufacturing industries and has been active in the threat landscape since 2014. The operation, dubbed Operation Delilah by authorities, was assisted by intelligence from the private sector, including Trend Micro, Palo Alto, and Group-IB. According to security researchers from Unit 42, the SilverTerrier leader was involved in the creation of over 200 domains, some of which are command-and-control (C2) nodes for the group's malicious payloads, including LokiBot. The arrest of SilverTerrier's leader is the third in a series of law enforcement actions against the group. In November 2020, three (3) SilverTerrier-connected threat actors were arrested by Nigerian authorities and charged with a series of schemes that ultimately impacted over 500,000 entities across 150 countries since 2017. In December 2021, eleven (11) additional threat actors, six (6) of whom were believed to be part of SilverTerrier, were arrested in an operation dubbed Operation Falcon. Specific charges against the group's leader have not yet been disclosed by authorities, however CTIX continues to track the operation and will provide additional insight once more information is released by authorities.

  • Interpol: SilverTerrier Arrest
  • TheHackerNews: SilverTerrier Arrest

    Multiple WSO2 Products Vulnerable to Remote Code Execution

    Trend Micro Research observed and disclosed the active exploitation of a vulnerability affecting WSO2 products that was patched in April 2022. WSO2 is a popular middleware vendor that sells open source, cloud-ready application program interface (API) management software, allowing users to efficiently design, and maintain APIs. The vulnerability, tracked as CVE-2022-29464, is an improper input validation flaw that allows for unrestricted file upload, and its successful exploitation would allow an attacker to upload a maliciously crafted payload via an arbitrary remote code execution (RCE). According to Trend Micro, the exploitation of this flaw is rather simple, and vulnerable WSO2 devices can be easily found via Google or Shodan searches. WSO2 products are considered some of the most valuable infiltration assets for threat actors because they are open-source Identity Access Management (IAM) products and are leveraged in virtually every sector including healthcare, finance, and energy due to their industry popularity. If threat actors successfully exploit the targeted IAM servers, they could access all of the data and services provided by the servers. Although this vulnerability was successfully patched in April, there are still many WSO2 products In-the-Wild that haven't implemented the patch for this flaw. CTIX analysts urge all administrators leveraging and maintaining these WSO2 products to update to the most recent secure version. Since this flaw continues to be a valuable vector regardless of the patch, threat actors have been modifying and working tirelessly to circumvent the latest security measures. Administrators should exercise persistent due diligence with regard to their networks to defend against these types of attacks, to include an ongoing process of manually checking defense around WSO2 products, to delete anything that doesn't belong like unknown files, old user accounts, or deprecated processes.

  • Trend Micro: CVE-2022-29464 Report
  • Microsoft Issues Mitigation Techniques for Actively Exploited Zero-Day Vulnerability Known as "Follina"

    A critical Microsoft zero-day vulnerability was mitigated over the Memorial Day 2022 weekend. The flaw, tracked as CVE-2022-30190 (aka "Follina"), was reported by "crazyman" of Shadow Chaser Group, a sub-group of GcowSec that focuses specifically on APT hunts and analysis. The vulnerability affects the Microsoft Windows Support Diagnostic Tool (MSDT) and occurs when the MSDT is called via the URL protocol from an application such as Microsoft Word. For the successful exploitation of Follina, simply opening the malicious Word document executes PowerShell commands locally, leading to arbitrary code execution (ACE), utilizing the privileges of the calling application. Once exploited, attackers can perform malicious actions such as installing malware, viewing and changing data, creating new privileged user accounts, and creating malicious child processes. The Follina zero-day poses an unprecedented risk to Microsoft Office products due to it functioning without having to secure elevated privileges, as well as not having to have embedded macro code that executes the malicious scripts and files. This allows the exploit to bypass Windows Defender's detection because the malicious code loads remotely and the malicious Word document doesn't get flagged as a threat because there are no embedded macros or scripts, just references to them. Multiple security researchers have analyzed the vulnerability and produced working Proof-of-Concept (PoC) exploits that apply to multiple versions of Microsoft Office. If left unmitigated, attackers can leverage this vulnerability to spread laterally across the victim network, as well as collect hashes of Windows passwords allowing for follow-on malicious activity. This bug was first reported to Microsoft in April 2022; however, Microsoft closed it as "fixed" due to being unable to replicate the exploit. Now that there are working PoCs, CTIX analysts predict that Microsoft will release an emergency patch in the near future. Until then, the company has published a mitigation technique to disable the MSDT URL protocol via Command Prompt as Administrator. Additional details can be found in the guidance provided by the Microsoft Security Response Center (MSRC) advisory linked below.

  • Bleeping Computer: Follina Article
  • Microsoft: Follina Advisory
  • The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

    Ankura Consulting Group LLC
    Ankura Consulting Group LLC
    2000 K Street NW
    12th Floor
    DC 20006

    © Mondaq Ltd, 2022 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source Business Briefing

    All news about TREND MICRO
    08/09Trend Micro Incorporated Revises Consolidated Earnings Guidance for the Full Fiscal Yea..
    08/09Nikkei 226 Off 0.9% on Soft Tech-Sector Earnings
    08/09TRANSCRIPT : Trend Micro Incorporated, Q2 2022 Earnings Call, Aug 09, 2022
    08/09TREND MICRO : 2022 Q2 Financial Report Data
    08/09Japan's Nikkei snaps four-day rally as weak earnings bite
    08/09TREND MICRO : Press Release
    08/09TREND MICRO : Half-year results
    08/08Japan stocks fall on subdued earnings, grim gaming sector outlook
    08/08ValueAct Capital builds 8.7% stake in security software provider Trend Micro
    08/08ValueAct builds 8.7% stake in software provider Trend Micro, shares surge
    More news
    Sales 2022 216 B 1 618 M 1 618 M
    Net income 2022 31 803 M 238 M 238 M
    Net cash 2022 282 B 2 110 M 2 110 M
    P/E ratio 2022 37,1x
    Yield 2022 1,97%
    Capitalization 1 182 B 8 843 M 8 843 M
    EV / Sales 2022 4,16x
    EV / Sales 2023 4,00x
    Nbr of Employees 7 024
    Free-Float 94,6%
    Duration : Period :
    Trend Micro Technical Analysis Chart | MarketScreener
    Full-screen chart
    Technical analysis trends TREND MICRO
    Short TermMid-TermLong Term
    Income Statement Evolution
    Mean consensus HOLD
    Number of Analysts 13
    Last Close Price 8 450,00 JPY
    Average target price 7 171,54 JPY
    Spread / Average Target -15,1%
    EPS Revisions
    Managers and Directors
    Yi Fen Chen Auditor
    Mahendra Negi Group CFO, COO & Representative Director
    Ming Jang Chang Representative Director
    Oscar Chang Executive Vice President-Research & Development
    Max Cheng Chief Information Officer & Executive VP
    Sector and Competitors
    1st jan.Capi. (M$)
    TREND MICRO32.24%8 843
    MICROSOFT CORPORATION-13.20%2 177 033
    SYNOPSYS INC.4.60%58 961
    DASSAULT SYSTÈMES SE-18.28%57 591