This report reflects on the key threats that emerged or expanded in the 4th quarter of 2020.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. It also compares the code to popular malware like Kazuar, suggesting it is being used by the same groups.

This report provides a look into FIN11, a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns to date.

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more.

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery.

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities.

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri.

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

In the following report, Naikon describes the tactics, techniques, procedures and infrastructure that have been used by the Naikon APT group over the 5 years since the last report, and offer some insight into how they were able to remain under the radar.

The recent Chinese New Year ushered in the Year of the Rat, but from the perspective of the many corporations, government agencies and other organizations around the world who continue to be the targets of Advanced Persistent Threat (APT) groups acting in the interest of the Chinese government, recent years could aptly be described as the Decade of the RATs - Remote Access Trojans, that is.

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity. This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward.

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy.

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. A significant number of these vulnerabilities are exploitable and have remote code execution capabilities, changing their status from a potential threat to an active and live cyber risk exposure point. While our findings naturally focus on the most recent data, the report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. Our work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

This report takes a look at the risk involved with third party cybersecurity issues.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. Specifically, they identified the following as some of the bigger security trends in the new year: 01. Supply Chain Attacks Increase & Remain Underreported 02. Destructive Attacks Do Not Let Up 03. The Line Blurs Between APT Actors & Cybercriminals 04. Fileless Malware Attacks Become Ubiquitous” Read on to find out more.

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach.

This report takes an inside look at the Cyber Security challenge for healthcare today and more specifically looks at the medical device security challenge.

This report offers a variety of case studies that highlight the challenges in the Healthcare Network.

This report takes a look at the dangers of weaponized malware and provides a case study of Zombie Zero behavior.