Latest news with #TrendMicro
Khaleej Times
3 days ago
- Business
- Khaleej Times
Middle East faces half a million cyberthreats a minute
The cybersecurity market in the Middle East is evolving fast, with reports suggesting up to half a million threats every minute. As a result, any organization embarking on a digitial transformation journey must have cybersecurity built into its DNA, an expert said. 'Cybersecurity is no longer a supporting function — it's a foundational pillar of digital transformation. In the Middle East, where innovation is surging across sectors, we see a growing awareness of this reality. Organizations are now prioritizing cyber resilience right from the planning stage,' Salah Suleiman, managing director — South Gulf at Trend Micro, told Khaleej Times on the sidelines of Gisec Global in Dubai last week. Suleiman stressed that AI has rapidly grown from a budding concept to a transformative force across industries. From a cybersecurity standpoint, it's a double-edged sword. 'While AI is being used to create more sophisticated threats, it's also becoming an essential tool in our defence arsenal. At our firm, we've been proactive in integrating AI into our threat detection and response frameworks. We're no longer just reacting to threats — we're predicting them. Our platforms leverage AI to analyze vast amounts of data in real time, detect anomalies, and even anticipate breaches before they occur. The only way forward is to stay ahead, and AI gives us that edge,' Suleiman said. At Gisec, Trend Micro showcased its flagship 'Trend Vision One' platform. What sets it apart is its ability to offer customers a predictive overview of potential threats—essentially allowing them to prepare before an attack even happens. 'This is a huge leap from traditional reactive cybersecurity. The platform is built to align with the evolving needs of today's digital-first enterprises and provides seamless integration, intelligent threat modeling, and automated incident response,' Suleiman said. Gisec is a significant milestone for Trend Micro and the company is aiming expanding its reach and capabilities, particularly in AI-based security and managed services. 'It's also a great platform to connect with industry peers and customers, showcase focused solutions, and strengthen our regional network,' Suleiman said.
Forbes
6 days ago
- General
- Forbes
No, That TikTok Video Won't Help You Get Free Software
Selecting TikTok TikTok users are being warned to look out for videos—likely deepfakes—showing them how to activate Windows and Microsoft Office, or to enable premium features in apps such as Spotify or CapCut. The similarity of the videos suggests that they were likely created through automation, said Trend Micro, which uncovered the campaign, while the voice issuing instructions also appears to be AI-generated. This makes the videos particularly dangerous, as it allows for extremely large-scale operations, as well as the ability to target different categories of users with different tactics. The videos instruct users to pull up the Run program on Windows and then execute a PowerShell command that, they're told, will activate the software or extra features for free. In reality, though, the command downloads a malicious script that distributes the Vidar and StealC information-stealing malware. Vidar can then take screenshots of the victim's desktop and steal credentials, credit cards, and cryptocurrency wallets, while StealC can also harvest a broad range of sensitive information. "In this campaign, attackers are using TikTok videos to verbally instruct users into executing malicious commands on their own systems. The social engineering occurs within the video itself, rather than through detectable code or scripts", Trend Micro warned. "There is no malicious code present on the platform for security solutions to analyze or block. All actionable content is delivered visually and aurally. Threat actors do this to attempt to evade existing detection mechanisms, making it harder for defenders to detect and disrupt these campaigns." The researchers found a number of accounts posting the videos, including @gitallowed, @ @allaivo2, @ @alexfixpc, and @digitaldreams771. One video reached more than half a million views, with over 20,000 likes and more than 100 comments. "The vast user base and algorithmic reach of social media platforms provide an ideal delivery mechanism for threat actors", said Trend Micro threats analyst Junestherry Dela Cruz. "For attackers, this means broad distribution without the logistical burden of maintaining an infrastructure. The use of AI-generated content also elevates these kinds of attacks from isolated incidents to a highly scalable operation, as these videos can be rapidly produced and tailored to target different user segments." The popularity of TikTok means that scams are rife, with fake giveaways, fake celebrity and influencer accounts, romance scams and more. The company regularly takes down scam accounts and warns users, asking them to report any scams that they find. It has taken down the accounts reported by Trend Micro. "Users should be encouraged to scrutinize unsolicited technical instructions, verify the legitimacy of video sources, and report suspicious content, whether on social media, messaging apps, or email", Trend Micro warned. "After all, if an offer seems too good to be true, it probably is."
Time of India
7 days ago
- Time of India
How this TikTok trend promising free Spotify and Microsoft software updates is ‘dangerous' for you
Hackers are reportedly using short promotional videos disguised as offers for free Spotify Premium and Windows 365 on TikTok to spread malware. These ten-second videos, which have garnered millions of views on the platform, claim to provide an easy method to unlock paid subscriptions or features for popular services like Microsoft Windows, Office 365 and Spotify Premium, a report claims. The method involves a simple prompt to be typed into the PowerShell command-line tool in Windows. However, this command does not unlock any premium services. Instead, it downloads and installs malware designed to steal various types of private information from an infected PC. This stolen data can include personal documents, cryptocurrency, and social media login credentials. What cybersecurity researchers said about these TikTok videos According to a report by Forbes, a cybersecurity researcher at Trend Micro who discovered the attack said that traditional security tools are likely to miss this malware. This is because the malicious software is not delivered via typical methods such as email attachments or software exploits. Instead, it is unwittingly installed by users who are seeking free subscriptions. In a report on the attack, the company explained: 'There is no malicious code present on the platform for security solutions to analyse or block. All actionable content is delivered visually and aurally.' by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 5 Books Warren Buffett Wants You to Read In 2025 Blinkist: Warren Buffett's Reading List Undo In a statement to Forbes, Trend Micro researcher Junestherry Dela Cruz said that the company believes AI is enabling the scam as the promotional videos all use similar synthetic voices and feature nearly identical shots and camera angles. Meanwhile, TikTok informed Forbes that it had removed all accounts identified by the researchers as dangerous but declined to elaborate further. However, the report didn't mention how many viewers installed the malware, but it noted that the videos were popular, as one clip promising to 'boost your Spotify experience instantly' received over 500,000 views, and two TikTok accounts posting 11 such videos collectively reached nearly 1 million views. In the comments on a video offering pro Windows features, which had over 550,000 views, one user asked, 'Is this safe?' One of the replies also reportedly warned of serious consequences, saying: 'My hard drive had been wiped after running the code,' and 'All my accounts were hacked because of these videos.' AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Forbes
24-05-2025
- Forbes
Windows Passwords Are Under Attack — Do These 7 Things Now
Beware these Windows CAPTCHA attacks. SOPA Images/LightRocket via Getty Images Microsoft Windows is always a premier target for cybercriminal actors, and more often than not, passwords are front and center of their campaign payloads. Be it the pray and spray hackers employing automatic password hacking machines, state-sponsored advanced persistent threat groups targeting the enterprise, or even warnings from security researchers about the threat presented by Copilot AI for SharePoint, Windows passwords are the most valuable of low-hanging fruits. Now Trend Micro has confirmed how one particular password threat is making a determined effort to get hold of yours. Here are seven things you need to do to stop your organization being the next victim of the Captcha hackers. The Completely Automated Public Turing test to tell Computers and Humans Apart, thankfully shortened to Captcha, is something that we have all encountered and all have much the same hatred for. Being asked to select squares containing images of bicycles or ticking a checkbox to prove we are not a robot (wouldn't a robot be able to do that?) are largely pointless at the best of times, and downright dangerous at the worst. If AI cannot solve a Captcha more often than not, then, frankly, we have nothing to fear from our robot overlords. What we do have to fear, however, are hackers using Captcha methods to initiate an infostealer malware infection chain that ultimately leads to password compromise. he latest Trend Micro research takes a deep dive into the technical details behind what it refers to as 'a notable surge in fake Captcha cases.' As always, I recommend you go and read that report in full if it is the technical teardown that you are after. The TL;DR, however, is that this wave of fake Captcha attacks is tricking users into pasting malicious commands into the Windows Run dialog, with payloads executed in memory and often employing PowerShell. 'These attacks enable data exfiltration, credential theft, remote access, and loader deployment,' the Trend Micro researchers warned, 'via malware such as Lumma Stealer, Rhadamanthys, AsyncRAT, Emmental, and XWorm.' Yes, Microsoft has just led a global operation to dismantle much of the Lumma Stealer network infrastructure. No, that doesn't mean you are now safe. As one player is disrupted, so others rise to fill the void. 'These campaigns abuse multiple legitimate platforms, including file-sharing services, content and search platforms, music repositories, URL redirectors and document hosts,' Trend Micro said, and those using Windows operating systems where minimal script execution restrictions are employed are most at risk. Microsoft has recommended that 'customers always practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers,' as well as 'switching to Passkeys wherever possible and using authentication apps such as Microsoft Authenticator, which warn users about potential phishing attempts.' The Trend Micro report, however, concludes that organizations should apply the following seven mitigations: Of course, if you really care about your Windows passwords, I would also add that opening the Windows Run window by pressing Windows+R, pasting the clipboard's content in the run window using CTRL+V, and then pressing Enter to execute it, isn't the best response to a supposed Captcha text. Think smart and don't do that, OK?
Forbes
21-05-2025
- Business
- Forbes
AI, Sovereignty, And The New Cybersecurity Crossroads
Cybersecurity is at an intersection of cloud infrastructure, AI code, and geopolitical ... More maps—symbolizing the complex crossroads of innovation, sovereignty, and global risk. It's no secret the cybersecurity landscape is shifting fast. Between the surge in AI adoption, rising demand for data sovereignty, and the political turbulence rattling global trust in U.S.-based tech, security leaders are being pulled in a dozen directions at once. We're no longer navigating steady waters—we're in a storm of change. If there's one thing I've learned covering this space, it's that disruption isn't just coming. It's already here. And the question that matters now isn't how to stop it—but how to prepare for what comes next. Not long ago, the knee-jerk response to generative AI in the workplace was to ban it outright. CISOs blocked tools like ChatGPT, fearing data leaks, compliance violations, or worse. But that wall cracked fast. Within months, organizations began walking back the bans and instead started asking a more productive question: How can we use this responsibly? Kevin Simzer, chief operating officer at Trend Micro, shared a firsthand experience with me that emphasizes this shift. At a CISO roundtable just nine months ago, he polled the room—and every single participant was trying to block AI tools. Now? 'We're about to release some new research... and actually, 97% of them are leveraging AI,' Simzer said. The speed of that reversal underscores just how fast attitudes are changing. The conversation today is about sanctioned AI tools, corporate guardrails, and strategies for safe deployment. You'll hear a lot about fine-tuned models, private deployments, and internal copilots. What changed? Companies realized the competitive cost of saying 'no.' If the tools can boost productivity, speed up decision-making, and automate grunt work, then blocking them just holds everyone back. And as I've pointed out before, you can't really ban AI use. You can try—but employees will just find workarounds. Shadow AI becomes the new shadow IT. The smart path forward is enabling responsible use, not pretending the genie can be stuffed back in the bottle. Here's the part we're not talking about enough: while AI promises efficiency, it also threatens to hollow out the early-career ranks. If entry-level developers are replaced by code-generating bots, who becomes tomorrow's senior engineer? If AI filters out basic SOC alerts, where do future Tier 2 analysts come from? Simzer echoed this concern with examples from Google's own transformation. At a recent executive dinner hosted by Google, he heard firsthand that '25% of all code submitted into production in Q4 was AI-generated, and by the end of Q1 it was 30%.' That's not about replacing talent—it's about accelerating innovation. But the question remains: What happens when the foundational learning experiences disappear? It's the classic 'use it or lose it' problem. Much like how GPS made many of us forget how to read a map, AI could gradually erode the foundational skills that used to define the cyber talent ladder. Meanwhile, a parallel shift is gaining momentum across the globe: data sovereignty. In short, countries and companies alike want more control over where their data lives and who can access it. It's not just about compliance anymore—it's about national security and strategic independence. Across Europe, Asia, and the Middle East, organizations are rethinking whether they want sensitive data flowing through U.S. hyperscalers or stored in data centers subject to American jurisdiction. Simzer noted a surge in customers explicitly asking that their 'intellectual property, their crown jewel of data never leaves the country.' The demand for flexible deployment models—including on-prem solutions that can operate completely outside U.S. influence—is climbing sharply. And it's no longer a fringe concern. It's central to buying decisions in sectors where trust is paramount. Add in the growing mistrust in U.S. government policy—DOGE, export bans, trade disputes—and the picture gets even murkier. The MITRE CVE funding scare earlier this year sent shockwaves through the security community. The idea that a foundational piece of vulnerability tracking infrastructure could vanish overnight because of political gamesmanship? That was a wake-up call. It raised bigger questions about who we can trust to maintain the digital infrastructure we all rely on. Simzer referenced a recurring example that, while possibly apocryphal, speaks to real fears There were recent reports that the US government has some sort of 'kill switch' capability for F-35 fighter jets sold to our allies. The implication? If the U.S. can remotely disable advanced hardware, what's stopping them from flipping the off switch on your cloud applications? These kinds of stories, real or not, are prompting countries to reassess their tech dependencies. Some are already investing in local infrastructure and pushing for regional cloud initiatives to reduce exposure to foreign policy swings. So where does that leave cybersecurity leaders? It leaves us in a moment of strategic reckoning. We can't afford to say no to innovation. But we also can't afford to ignore the risks. The answer isn't fear or paralysis—it's balance. Organizations need to build systems that allow for AI adoption with transparency and oversight. They need infrastructure that can flex between cloud and on-prem to meet sovereignty and compliance needs. And they need to think long-term about the human skills that keep those systems safe and functioning. If 2023 was about waking up to disruption, then 2025 is about adapting to it. Resilience is no longer a buzzword—it's a survival trait. That means being agile enough to pivot when policies shift. It means architecting flexibility into your tech stack. And it means keeping a firm grip on who controls your data, your workflows, and your destiny. Cybersecurity has always been about anticipating threats. But now, it also has to be about anticipating change—and being ready for whatever comes next.
