Trend Micro has introduced new AI-powered threat detection capabilities aimed at enterprises scaling up their AI operations.

The new solution has been developed to protect AI-driven workloads and enterprise business processes, managing risks associated with the transition from generative AI to agentic AI, such as data theft, sabotage, and operational disruption.

Trend Micro’s latest offering brings together its security expertise with NVIDIA’s accelerated computing and AI enterprise software, while deploying on AWS’s secure, cloud-native infrastructure. The integration is intended to enable real-time, scalable threat detection and protection for organisations with expanding AI footprints.

The AI Detection Model at the core of this development leverages the NVIDIA Morpheus AI framework, which is part of NVIDIA AI Enterprise. The detection model operates on the high-performance cloud environment provided by AWS, allowing rapid and precise analysis of vast enterprise data streams.

According to Trend Micro, AWS was selected for its global reach, integrated security, and compliance-oriented architecture, while NVIDIA’s technology contributes the computational capacity necessary for running advanced detection models with high efficiency.

Chris Grusz, Managing Director, Technology Partnerships for AWS, said, “Built on AWS’s cloud-native infrastructure, Trend’s platform takes full advantage of NVIDIA AI software and accelerated computing capabilities to power scalable, low-latency threat detection. With AWS’s global footprint and integrated services, Trend can securely process telemetry at scale, adapt detection models to evolving threats, and support customers worldwide—all while accelerating time to value.”

The wider Trend Vision One platform also integrates AWS AI services, including Amazon Bedrock, which supports Workbench Insights. These components are designed to improve investigation workflows and deliver additional context to security operations centre (SOC) teams during incident response situations.

Mick McCluney, ANZ Field CTO at Trend, commented, “AI is reshaping the enterprise, and security has to evolve just as fast. We’re bringing together best-in-class partners in both cloud and AI to deliver something truly differentiated. AWS’s secure and resilient infrastructure gives us the scale, performance, and global availability needed to meet the always-on demands of today’s enterprises. So our customers can detect and respond to threats faster, with confidence.”

The anomaly detection capability within the solution employs AI models based on NVIDIA Morpheus. This allows the system to identify novel patterns in large streams of telemetry data and logs. The implementation on AWS enables the platform to scale effectively, managing extensive datasets and rapidly building custom detection models for individual customers. This approach seeks to prioritise the most critical events and prompt faster security responses.

Key features of the technology include NVIDIA Morpheus Digital Fingerprinting, which identifies subtle, previously unknown anomalies. There is also the use of NVIDIA RAPIDS to expedite large-scale data classification, enhancing real-time detection and prevention of sensitive information leaks. The platform’s native operation on AWS allows it to leverage the elasticity, global reach, and inherent security of AWS services, supporting ongoing advancements in AI-enabled detection while meeting enterprise compliance and performance benchmarks.

Robert Miller, VP of Corporate Security at Sierra-Cedar, highlighted the practical benefits of the solution: “We’re dealing with an increasingly complex environment with more data. Trend stands out as it doesn’t just provide threat intelligence, it helps make sense of it. Our team can access Trend’s AI-powered platform directly via AWS Marketplace, streamlining procurement and deployment across global cloud environments. This powerful combination allows us to strengthen our security posture and identify threats much faster than we could manually.”

The introduction of these new AI-powered threat detection capabilities is positioned to address the rapidly evolving landscape of enterprise cybersecurity as organisations integrate artificial intelligence deeper into their operations.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source: https://securitybrief.com.au/story/trend-micro-launches-ai-threat-detection-for-enterprise-security

A previously documented threat actor known as Outlaw (or “Dota”) has resurfaced with an enhanced malware toolkit targeting Linux servers globally, according to a recent incident response investigation by Securelist analysts.

The group, active since at least 2018, has shifted focus to cryptographic mining and botnet propagation, exploiting weak SSH credentials to infiltrate systems in Brazil, the U.S., Germany, Italy, and Southeast Asia.

This latest campaign leverages Perl-based backdoors, modified XMRig miners, and IRC botnet clients to maintain persistence and evade detection while monopolizing victim resources.

The malware’s initial access vector remains consistent with historical Outlaw activity: brute-force attacks against SSH services using default or easily guessable credentials.

Once inside, attackers deploy a multi-stage payload beginning with a shell script (tddwrt7s.sh) that fetches and decompresses a malicious archive (dota.tar.gz).

This artifact creates a hidden directory (.configrc5) housing components for process manipulation, cryptocurrency mining, and command-and-control (C2) communication.

Securelist researchers noted the malware’s sophistication lies in its layered obfuscation, resource hijacking, and anti-forensic measures, including the systematic elimination of competing cryptominers on infected hosts.

Infection Mechanism: SSH Compromise and Payload Execution

The breach begins with attackers establishing SSH access using compromised credentials, often targeting accounts like suporte (Portuguese for “support”) with weak passwords.

Upon successful login, the threat actor executes a sequence of commands to download and unpack the primary payload.

This script retrieves a UPX-packed XMRig miner (kswapd0) and an obfuscated Perl IRC botnet client.

The .configrc5 directory structure includes subdirectories for payload execution (a/), persistence scripts (b/), and Tor proxies to mask mining pool communications.

Of particular note is the a /init0 script, which performs reconnaissance to identify and kill rival miners like tsm, rsync, and blitz using grep and kill -9 commands.

Persistence is achieved through SSH key manipulation and cron job injection. Attackers replace the victim’s .ssh /authorized_keys file with their own public key, ensuring repeated access even if credentials change.

The b/run script embeds a Base64-encoded Perl backdoor that deobfuscates to an IRC client masquerading as rsync. This client connects to C2 servers over port 443, enabling remote command execution, DDoS attacks, and lateral movement via SSH.

Securelist’s analysis revealed the malware’s adaptability, with recent samples incorporating Tor-based mining pools and process whitelisting to avoid disrupting its own operations.

While XMRig configurations default to CPU mining, the modular nature of the toolkit suggests potential expansion to GPU-based attacks.

The combination of credential brute-forcing, multi-layered payloads, and anti-detection routines positions Outlaw as a persistent threat to inadequately secured Linux environments.

Mitigation strategies emphasize SSH hardening, including disabling password authentication, enforcing firewall rate limits, and monitoring for unauthorized .ssh directory modifications.

Securelist advocates for tools like Fail2Ban paired with stringent sshd_config policies to disrupt Outlaw’s primary infiltration vector.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source: https://cybersecuritynews.com/outlaw-cybergang-attacking-linux-environments/