Using Unit 42’s threat intelligence and incident response teams, this report reviews the state of ransomware, focusing on the prevalence, size of payments, techniques, and firmographics of recent events. (more available)

2020 edition of the Unit 42 Cloud Threat Report, ourteam of elite cloud threat researchers focused theirattention on the practices of DevOps. (more available)

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. (more available)

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. (more available)

Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. (more available)

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. (more available)

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. (more available)

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. (more available)

This post discusses the reports of open-source developers receiving malicious emails.

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. (more available)

With unique and specialized analysis, this paper discusses Nigerian cyber crime actors, their growth, collaboration, and the direction they are headed. (more available)

With unique and specialized analysis, this paper discusses Nigerian cyber crime actors, their growth, collaboration, and the direction they are headed. (more available)

This is a well written exclusive look at Ransomware.

Offering insight into a variety of issues related to cloud security, this report discusses several key issues, including, the biggest threats to cloud security, legacy security tools that do not work in the cloud, and the growth of cloud security budgets. (more available)

This report examines key trends across the threat landscape and application usage, including topics on how organizations can educate users and utilize controls to effectively reduce the attack surface available to an adversary, the potential effects of non-standard network activity, the reuse of legacy attack tactics, and the benefits of open threat intelligence sharing. (more available)

Mobile network operators (MNOs) are evolving rapidly to deploy transformative networks—4G, 5G, SDN/NFV. Meanwhile they are battling a new and different cyber attack landscape that could compromise BOTH their networks AND their subscribers. (more available)

How much does it cost technically proficient adversaries to conduct successful attacks, and how much do they earn? In this report, they look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. (more available)