This report aims to reveal top trends that will shape the cybersecurity industry in 2020.

Mandiant’s 2019 edition of their threat intel report. Focusing on significant trends in attack TTPs over the past calendar year.

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. (more available)

FireEye has been detecting and responding to cyber attacks every day for over 15 years. The release of M-Trends® 2020 marks 11 years of providing the cyber security community with insights gained from the frontlines of those attacks. (more available)

The goal of this initiative was to identify trends impacting cyber security decisions, the top cyber security priorities for 2020 and beyond, the focus of risk mitigation strategies, and to highlight the overall beliefs and perceptions held by senior executives regarding the state of the cyber threat landscape and how the cyber security industry, governments and regulatory agencies are responding to their needs. (more available)

Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. (more available)

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. (more available)

In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. (more available)

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video capture, file transfers, password theft, system administration, traffic relaying, and more. (more available)

In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. (more available)

This blog post offers insight into the New ICS Attack Framework “Triton”

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. (more available)

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. (more available)

This blog post takes a look at APT29 Domain Fronting with Tor.

Read about the threat outlook for aerospace and defense sectors as threat groups seek to gain military and economic advantages.

This blog post takes a look at Metamorfo and how it is impacting Brazilian users, specifically, to install banking trojans.

Gain insights into the nature and rationales of cyber threats international organizations and nonprofits face.

In this report they look at incidents that occurred between October 2016 and September 2017.

In 2013, ISMG and FireEye teamed up to survey security leaders about advanced threats and breach response. Among the findings: Only 20 percent of respondents rated their incident response programs “very effective,” and they were most concerned about their abilities to detect and contain APT/malware quickly and completely. (more available)

This blog post discusses APT32 and it’s targetting of global corporations for destruction.

In this report, they describe FIN10’s activities and tactics, techniques and procedures (TTPs), and provide a glimpse into how they execute their operations. (more available)