IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. While researching elements in the IBM report, ASERT discovered additional malicious domains, IP addresses, and artifacts that matched preciously disclosed elements of Shamoon2.

The data within this document is based on the collective experiences, observations and concerns of the global operational security community. Arbor Networks has collected this data through a survey conducted in October 2015.

This thought piece draws on the experience of 451 Networks analysts and interviews with defensive security professionals to review major trends in attackers tools, techniques, and processes (TTPs).