Latest news with #Trellix
Arabian Post
25-06-2025
- Arabian Post
OneClik Campaign Exploits ClickOnce to Breach Energy Sector
Trellix's Advanced Research Center has uncovered a highly targeted Advanced Persistent Threat malware campaign, named OneClik, focused on entities within the energy, oil, and gas sectors. The attackers employ sophisticated phishing lures and exploit Microsoft ClickOnce, deployment tool, to execute malware under the guise of trusted applications. This campaign exhibits hallmarks consistent with Chinese-affiliated threat actors, according to the researchers. Phishing emails played a central role in initial access, directing recipients to a camouflaged 'hardware analysis' site. Visitors are prompted to install a ClickOnce application, which transparently downloads a loader. This loader utilises AppDomainManager hijacking, settings to inject a rogue DLL at runtime. By operating under it achieves stealthy code execution without triggering user account controls. The operation's modularity is evident in its three known variants—v1a, BPI-MDM, and v1d—all of which deploy loader, 'OneClikNet,' to deliver a Go‑based backdoor named 'RunnerBeacon.' Communication with command‑and‑control servers occurs via legitimate AWS services such as CloudFront, API Gateway, and Lambda, complicating attribution and detection. ADVERTISEMENT Researchers traced an earlier variant of the RunnerBeacon loader to a Middle Eastern oil and gas target in September 2023, suggesting the campaign has persisted for at least nine months. The clustering of infrastructure and code suggests a long‑term espionage focus on critical energy sector infrastructure. OneClik typifies the 'living off the land' tactic trend among APT actors, embedding malicious activity within legitimate system processes. By co‑opting ClickOnce workflows, the actors evade conventional security checks and minimise forensic footprints. The use of AppDomainManager hijacking—aligned with MITRE's T1574.014 technique—illustrates both creativity and sophistication. Operational resilience is tailored into each variant. Anti‑analysis safeguards such as anti‑debugging loops and sandbox escape routines indicate a degree of maturation across successive iterations. Furthermore, by leveraging AWS-hosted C2 infrastructure, each variant masks communications behind widely trusted cloud domains. Trellix has not publicly named specific organisations but indicates that the campaign spans multiple countries and facilities in the energy domain. The attack chain—from phishing to ClickOnce deployment, loader injection, and backdoor communication—illustrates a fully developed espionage suite with lateral movement and data exfiltration capabilities. While the activity has been linked to Chinese-affiliated actors, attribution remains cautious. Analysts point to overlapping techniques with earlier campaigns, including AppDomainManager abuse and cloud‑based C2 obfuscation, which demonstrate a persistent, strategic push into energy sector espionage. The growing popularity of living‑off‑the‑land techniques highlights a broader shift in APT methodology: adversaries are increasingly embedding within legitimate enterprise ecosystems, evading sandbox detection and legacy cybersecurity measures. OneClik's use of ClickOnce is a prime example of tool abuse—repurposing software deployment mechanisms as vectors for stealth attacks. Effective detection of emerging variants will require advanced behavioural analysis and cloud traffic monitoring. Security teams are advised to scrutinise unusual ClickOnce manifest downloads, monitor processes for anomalous activity, and adopt isolation techniques for installations. Deep packet inspection combined with endpoint detection of loading behaviours may also help identify lateral movement attempts using RunnerBeacon. The disclosure of OneClik, aligned with rising living‑off‑the‑land APT operations, marks a pivotal moment for industrial cybersecurity. By weaponising trusted deployment frameworks, threat actors are escalating their ability to remain undetected within critical infrastructure for extended periods. As such, collaborative threat intelligence, updated detection strategies, and heightened phishing resilience are imperative to combat these stealth campaigns.
Business Wire
17-06-2025
- Business
- Business Wire
Trellix Accelerates Organizational Cyber Resilience with Deepened AWS Integrations
PHILADELPHIA--(BUSINESS WIRE)-- AWS re:Inforce 2025 – Trellix, the company delivering the future of AI-powered cybersecurity, today announced new milestones in its collaboration with AWS to further simplify customer adoption of leading cybersecurity technologies powered by AI. The deepened collaboration aims to enhance security controls and secure AI for customers. Together with AWS, we are focused on not only ensuring AI is embedded in security to allow optimum resilience, but also in securing AI itself. This is essential to ensuring organizations can use AI without compromising data integrity, trust, or compliance. Share 'In the era of rapid AI expansion, the symbiotic relationship between AI and security must be addressed,' said Sean Morton, Senior Vice President, Strategic Partnerships, Trellix. 'Together with AWS, we are focused on not only ensuring AI is embedded in security to allow optimum resilience, but also in securing AI itself. This is essential to ensuring organizations can use AI without compromising data integrity, trust, or compliance, particularly for those in regulated sectors.' Co-development of GenAI-powered security Trellix and AWS have signed an expanded strategic collaboration agreement (SCA) focused on the enrichment and creation of new GenAI-powered security technologies. Together, Trellix and AWS will address the most pressing security-use cases through the co-development of GenAI solutions that combine Amazon Bedrock and other AWS AI services with the Trellix Security Platform. Further collaboration to harden security defenses Trellix will offer new database, identity, analytics, and deployment capabilities for AWS customers, including: Strengthened database protection: With databases increasingly moving to the cloud and organizations widely adopting hybrid, on-premises, and cloud environments, critical assets require robust monitoring and protection. The need to prevent potential extraction or tampering increases as organizations train AI models with proprietary datasets and users share more information with AI apps. Trellix Database Security now offers security for Amazon Relational Database Service (Amazon RDS) cloud databases. New features available for AWS-supported MariaDB, MySQL, and PostgreSQL databases include real-time activity monitoring, pre-built compliance policies, and detailed event logs and incident management tools. Future releases will expand this vital support to include additional AWS Cloud databases. Fortified identity and access management (IAM): The AWS IAM Access Analyzer now integrates with the Trellix Security Platform, making it easier to remediate identity compromise. With AWS IAM Access Analyzer, Trellix customers can evaluate permissions across multiple IAM policy types, visualize access patterns, inspect access from internal and external sources, and leverage Amazon EventBridge for custom alerts and remediation. Simplified deployment: Trellix has achieved AWS Marketplace Architecture Excellence, certifying architectural alignment with AWS best practices. Customers now have greater transparency around each Trellix integration with AWS for easier procurement and deployment, and can further maximize their investment with AWS as purchases count toward AWS Private Pricing Agreements (PPA), helping meet committed spend thresholds faster. 'Let's face it; security is hard. Complexity makes the job even harder,' said Frank Dickson, Vice President of Security and Trust, IDC. 'When infrastructure and security collaborate to make security easier to implement and integrate, organizations can reduce risk, speed up response times, and better protect their most critical assets and data. We all win." Learn more about Trellix and AWS collaboration to improve customer security outcomes here. Visit Trellix at AWS re:Inforce at booth #1123. Additional Resources: About Trellix Trellix is a global company redefining the future of cybersecurity. The company's comprehensive, open and native cybersecurity platform helps organizations confronted by today's most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at Follow Trellix on LinkedIn and X.
Business Wire
10-06-2025
- Business
- Business Wire
Trellix Finds Threat Intelligence Gap Calls for Proactive Cybersecurity Strategy Implementation
SAN JOSE, Calif.--(BUSINESS WIRE)-- Trellix, the company delivering the future of AI-powered cybersecurity, today announced a new report, Mind of the CISO: Closing the gap between reaction and readiness, which found nearly all CISOs (98%) face barriers when acting on threat intelligence, with the top challenges reported as keeping pace with evolving threats (45%), integration issues (39%), and regulatory constraints (38%). As a result, threat intelligence defaults to a reactive function within a workstream, rather than an embedded, proactive strategy to build resilience, accelerate response, and stay ahead of evolving threats. With over half (60%) of organizations yet to fully integrate threat intelligence into their wider cybersecurity strategy, the time for action is now if organizations are to keep pace with nefarious actors and limit risk. Share 'Global threat detection volume from APT actors rose 45% at the beginning of this year, and CISOs are now tasked with staying ahead of these adversaries who are becoming more organized, well-resourced, and faster, partially due to the growing use of AI,' said John Fokker, Head of Threat Intelligence, Trellix. 'Moving beyond a traditional tactical approach to utilizing operational threat intelligence allows CISOs to better understand the behaviors and objectives of threat actors, anticipate potential threats, and proactively prepare defense strategies.' The research reveals insights from over 500 CISOs worldwide on the evolving threat landscape and perceived risks to their organizations, and how the most forward-thinking leaders are embedding operational threat intelligence into their cybersecurity strategies. Key findings include: The impact of nation-state threats: CISOs are increasingly focused on addressing nation-state threats, with a majority (89%) frequently asked about these threats by their CEO and/or the board, further impacting their cybersecurity strategy and budget. The majority report their organization's cybersecurity budget (85%) and cybersecurity strategy (87%) are influenced by the volume of nation-state threats. Moving beyond reactive, tactical threat intelligence to proactive, operational threat intelligence: Nearly all CISOs agree threat intelligence is essential for identifying and mitigating emerging cybersecurity threats (94%). Still, the majority report their organizations' approaches to collecting (82%), analyzing (78%), incorporating (79%), and monitoring (80%) threat intelligence require significant improvements or a complete overhaul. Organizations with a proactive approach to threat intelligence (44%) are considerably more likely to use advanced threat detection technologies over the next 12 months, highlighting how a forward-leaning approach impacts technology decisions and, in turn, resilience. This further underscores the need to move beyond a reactive approach (56%) with siloed applications of threat intelligence. The role of AI and automation in combating threats: One-third of CISOs agree AI-driven analytics (33%) and increased levels of automation (37%) would help them perform their responsibilities more effectively, with 28% reporting limited automation makes it difficult to integrate tools into their threat intelligence programs. This highlights the importance of AI and automation investments in optimizing cyber response strategies. The value of peer communities: The majority of CISOs (95%) agree being part of a threat intelligence sharing community or network improves their ability to prepare for threats, and agree a CISO community (89%) would enable security leaders to navigate high-stakes decisions through trusted insights and shared experiences. The complexity of the CISO role and increasing responsibilities make information sharing and collaboration among peers critical for success. Operational threat intelligence in practice Organizations leverage operational intelligence to understand the broader context of cyber attacks, like threat actor motivations and methods being used. This enables security teams to anticipate and prepare for specific types of attacks, which is why adopting threat intelligence as a strategic capability is paramount. With over half (60%) of organizations yet to fully integrate threat intelligence into their wider cybersecurity strategy, the time for action is now if organizations are to keep pace with nefarious actors and limit risk. Commitment is needed across the industry to close the threat intelligence gap. CISOs must move beyond reactive threat intelligence to strategically position it within their cybersecurity playbooks, and to do so, they've asked for more integrated systems, innovative tooling, and stronger community collaboration. Organizations must support their CISOs and prioritize these investments to maintain resilience and reduce risk. Policymakers should look to modernize intelligence sharing frameworks, deepen public-private sector collaboration, and accelerate AI adoption in national cyber infrastructures. Learn more about Mind of the CISO: Closing the gap between reaction and readiness here. Trellix's Mind of the CISO initiative brings global attention to the needs of the CISO community, driving cybersecurity and AI best practices. Trellix continuously looks to support the global CISO community by engaging, listening, and advocating. Additional Resources: Methodology Trellix commissioned independent market research agency Vanson Bourne to conduct a research survey of over 500 CISOs across the Americas, Europe, the Middle East, and Asia Pacific regions to understand their views on the evolving threat landscape, including ransomware, nation-state attacks, and the rise of AI-powered attacks, the necessity and challenges of adopting operational threat intelligence, the role of AI and automation in combatting threats, and the value of peer communities in navigating complexities and driving clarity. Respondents work across various industries, including finance, public sector, healthcare (public and private), manufacturing, energy, oil, gas, and utilities. About Trellix Trellix is a global company redefining the future of cybersecurity and soulful work. The company's comprehensive, open and native cybersecurity platform helps organizations confronted by today's most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at Follow Trellix on LinkedIn and X.
Yahoo
20-05-2025
- Business
- Yahoo
Check Call: Cybersecurity threats come from everywhere
Cybersecurity company Trellix has released 'The Cyberthreat Report – April 2025.' The report identifies insights into cybersecurity threats as well as how to make actionable plans on fighting cyber criminals. The report has thrown a spotlight on an alarming 136% surge in advanced persistent threat (APT) detections against U.S. organizations in Q1 2025. The report paints a grim picture of an increasingly volatile digital battlefield, where critical sectors like telecommunications and transportation are under relentless assault. 'The landscape is acute,' said John Fokker, head of threat intelligence at Trellix in a preface of the report. 'The escalation of actor activity and increasing complexity of attack chains shouldn't be overlooked. It's clear we need a comprehensive, proactive cybersecurity strategy — one that's dynamic enough to defend against multi-vector threats.' Among the most targeted sectors, telecommunications experienced a staggering 92% increase in APT detections, with attackers favoring industries vital to infrastructure and national security. Transportation and shipping were next in line, reflecting the strategic interest of state-sponsored groups in disrupting supply chains and communication systems. The report reveals how bad actors are evolving by exploiting known vulnerabilities, deploying sophisticated post-exploitation frameworks and even targeting cybersecurity tools themselves to erode organizational defenses from within. 'Threat actors are not just outpacing outdated defense models — they're subverting the very tools meant to detect and stop them,' Fokker added. A particularly disturbing trend is the increasing integration of artificial intelligence into cybercrime. Trellix researchers found tools capable of real-time voice cloning in multiple languages, potentially revolutionizing phishing and social engineering tactics. Meanwhile, low-cost AI services to process stolen credentials and automate fraud, available for as little as 30 cents, are proliferating in underground forums. Trellix's report also emphasized the growing threat from 'living off the land' techniques, in which attackers exploit legitimate tools already present in IT environments — making detection harder and post-breach investigation more complex. In several cases, APT groups were seen leveraging open-source offensive tools such as Cobalt Strike and Sliver, along with zero-day vulnerabilities, to maintain stealth and persistence. Amid this terrifying fraud landscape, Trellix also published mitigation strategies. The company recommends organizations adopt an extended detection and response framework that integrates AI and machine learning. Proactive threat hunting, zero trust architecture and continuous user behavior analytics are also critical in building resilience. 'As AI reshapes both cyber offense and defense, organizations must modernize their security stacks. Sticking with reactive or fragmented systems is no longer sufficient,' the report concludes. Enterprises, especially in high-risk sectors, must move beyond compliance-based strategies and embrace threat-informed, adaptive security postures. The full report is available here. To catch the rest of the stories in Check Call subscribe to the newsletter and get it delivered to your inbox every Tuesday at 2pm. Or watch the latest episode on YouTube The post Check Call: Cybersecurity threats come from everywhere appeared first on FreightWaves.
Yahoo
12-05-2025
- Business
- Yahoo
CRN Recognizes Trellix Partner Program with 2025 Women of the Channel List
Sixteen Trellix leaders selected for positive and strategic impact in the channel SAN JOSE, Calif., May 12, 2025--(BUSINESS WIRE)--Trellix, the company delivering the future of AI-powered cybersecurity, today announced CRN®, a brand of The Channel Company, has recognized sixteen Trellix leaders on the 2025 Women of the Channel list for their expertise and dedication in advancing channel excellence and supporting the success of Trellix partners and customers. The annual CRN list celebrates women from vendors, distributors, and solution providers whose strategic vision and execution make a positive difference in the technology industry. The CRN 2025 Women of the Channel honorees are innovative, strategic leaders committed to advancing successful outcomes for their partners and customers. The complete list of Trellix honorees includes: Sylvie Arendt, Software Channel Sales Account Representative Ayeesha Basha, Channel Program Manager Melissa Burk, National Partner Manager Elizabeth Carlin, Channel Partner Executive Nicole Chovan, Senior Manager, Channel Sales Kristin Eckels, Channel Global Alliance Manager Jackie Grifka, Channel Account Manager, Federal Sara Harold, Director, Global Partner Marketing Kelly Heffernan, Director, Global Channel Enablement Kelley Lansing, Associate Field Marketing Manager Elizabeth Laurin, Channel Manager GHE Sheri Leach, Global Senior Distribution Account Manager Gaye Lockwood, Senior Director, Global Business Development and Emerging Markets Jennifer Michel, Senior Partner Marketing Manager Martha Vazquez, Technology Partnerships Manager Carmen Villalobos, OEM Strategic Accounts "CRN's recognition highlights Trellix's breadth of accomplished channel leaders who are driving successful initiatives aligned with our partners' strategic goals," said Kurt Mills, Global Channel Chief, Trellix. "Their expertise, strategic thinking, exceptional execution, and commitment to excellence enable us to continue to deliver exceptional results and grow our Xtend Global Channel Partner Program." "It's an honor to recognize the outstanding accomplishments of these women, who are leaders and change-makers in the IT channel," said Jennifer Follett, VP, U.S. Content and Executive Editor, CRN at The Channel Company. "Each woman spotlighted on this list has shown exceptional dedication to building creative strategies that propel transformation, growth, and success for their organizations and the entire IT channel. We are pleased to spotlight their important contributions and look forward to their future success." The 2025 Women of the Channel will be featured in the June issue of CRN Magazine, with online coverage beginning May 12 at About The Channel CompanyThe Channel Company (TCC) is the global leader in channel growth for the world's top technology brands. We accelerate success across strategic channels for tech vendors, solution providers, and end users with premier media brands, integrated marketing and event services, strategic consulting, and exclusive market and audience insights. TCC is a portfolio company of investment funds managed by EagleTree Capital, a New York City-based private equity firm. For more information, visit Follow The Channel Company: X and LinkedIn © 2025. CRN is a registered trademark of The Channel Company, Inc. All rights reserved. About TrellixTrellix is a global company redefining the future of cybersecurity and soulful work. The company's comprehensive, open and native cybersecurity platform helps organizations confronted by today's most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at Follow Trellix on LinkedIn and X. View source version on Contacts The Channel Company Contact: Kristin DaSilvaThe Channel Companykdasilva@ Trellix Contact Sarah Ermanmedia@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
