The third quarter of 2017 saw an increase in the number of malicious apps flooding the mobile marketplace, the continued issues of imitation and trojan apps in official app stores, and the emergence of the WireX mobile botnet. In this report, they’ll give an overview of these mobile threats, as well as emerging trends they anticipate will be prevalent in Q4 and beyond to help you protect yourself and your customers.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q2 showed a nearly 57 percent increase in blocklisted apps over Q1. Key threat trends include brand imitation, phishing, malware, malvertising scams crossing into the mobile realm, targetted attacks against MyEtherWallet, and the misuse of location data by major mobile providers.

In this report, we’ll give an overview of the recent mobile threats RiskIQ detected in Q2 of 2017, as well as emerging trends we anticipate will be prevalent in Q3 and beyond to help you protect yourself and your customers.

From the report, “With data drawn from our ThreatCloud World Cyber Threat Map and our experience within the cyber research community, we will give a comprehensive overview of the trends observed in the categories of Cryptominers, Ransomware, Malware techniques, Data Breaches, Mobile and Nation State cyber attacks. We will then conclude with a review of the predictions made in our 2018 Security Report and assess to what extent these proved accurate. Along the way we will also provide cutting edge analysis from our in-house experts to arrive at a better understanding of today’s threat landscape.”

From the report, “For our fifth annual survey, we asked nearly 2,000 respondents globally across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. This survey provides a uniquely comprehensive analysis of the trends shaping the application landscape—and how IT organizations are transforming to meet the ever-changing demands of the digital economy.”

To provide insights into the complex challenges faced by organizations as they fight to protect their brands, Radware produces an annual Global Application & Network Security Report. This eighth annual version of the report combines Radware’s organic research, real attack data and analyses of developing trends and technologies with the findings from a global industry survey.

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

A survey of financial services executives responsible for digital security measures at their firms (see Methodology) sheds light on the industry’s objectives for digital channels, perceptions about the scale of the threat posed by fraud and a range of vectors for attack, and confidence in existing defenses.

This report provides insight into the top stories from the third quarter of 2018.

This infographic provides a summarized list of the points made in McAfee’s 2019 threat predictions blog post.

In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018. Cybercriminals continue to follow the money. Although this statement is familiar, our latest Threats Report clearly shows the migration from certain older attacks to new threat vectors as they become more profitable. Just as in Q1, we see the popularity of cryptocurrency mining continue to rise. In this report we detail recent findings from three McAfee Labs analyses that appeared in Q2. You can read summaries of each on pages 5-7. One area of investigation by our research teams is in digital assistants. In Q2 we analyzed a vulnerability in Microsoft’s Cortana. This flaw allowed an attacker to log into a locked Windows device and execute code. Following our vulnerability disclosure policy, we communicated our findings to Microsoft; the analysis resulted in CVE-2018-8140. We also examined the world of cryptocurrency attacks with an in-depth view of blockchain technology. Our report detailed many of the vulnerabilities being exploited by threat actors looking for a quick return on their investment.

In this issue of the State of The Internet/Security report, they take a look back at some of the events they were a part of and the research the Akamai teams produced in the past 12 months. They also examine a few of the stories that formed the background in security this year.

When law enforcement announced the seizure of AlphaBay in July 2017, the United States Attorney General Jeff Sessions described the operation as: “one of the most important criminal investigations of the year…because of this operation, the American people are safer – safer from the threat of identity fraud and malware, and safer from deadly drugs.” 1 The timing and coordination of the law enforcement operation, known as Operation Bayonet, was a clear success and has contributed to multiple subsequent arrests.2 Almost one year later, the marketplace model appears to be in decline, but the risks to businesses and consumers have not subsided. Instead, this paper demonstrates that cybercriminals have taken to incorporating new processes, technologies, and communication methods to continue their activities.

In the DomainTools Reports, we explore various “hotspots” of malicious or abusive activity across the Internet. To date, we have analyzed such varied markers as top level domain (TLD), Whois privacy provider, domain age, patterns of registrant behavior, and more. In each case, we found patterns across our database of over 300 million (315M+ as of this writing) active domains worldwide; these patterns helped us pinpoint nefarious activity, at a large scale, in ways that are similar to methodologies used by security analysts and threat hunters at smaller scales to expose threat actor infrastructure.

Since the 2016 U.S. presidential election, the term “fake news” has integrated itself frmly into our daily vernacular. However, fake news is used very broadly to describe: disinformation, propaganda, hoaxes, satire and parody, inaccuracies in journalism, and partisanship. Disinformation campaigns are not limited to the geopolitical realm – its use is far more pervasive. The sheer availability of tools means that barriers to entry are lower than ever. This extends beyond geopolitical to fnancial interests that affect businesses and consumers. This paper presents an overview of these different motivations and tools actors can turn to. In Digital Shadows’ Disinformation Campaign Taxonomy, we lay out the stages used in disinformation campaigns. In doing so, it is possible to develop ways to potentially disrupt these efforts and create greater friction for actors involved.

In light of the new development of Crypto Currency, this paper can begin to address important questions about the outlook for digital currencies, including: If individuals lose trust in alternative coins and no longer see them as profitable, then what does this mean for the future of cryptocurrencies? How will the cryptocurrency landscape change in 2018? And will cryptocurrency fraud ultimately obstruct the rapid growth of digital currencies worldwide?

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware.

From the report, “While the developers of this Guide strongly support the important role that governments play in convening a diverse ecosystem, the imposition of prescriptive, compliance-focused regulatory requirements will inhibit the security innovation that is key to staying ahead of today’s sophisticated threats. Moreover, earlier policy efforts were based on utopian solutions to these threats, premised on the notions that internet service providers (ISPs) can simply shut down all botnets, or that manufacturers can make all devices universally secure. Instead, dynamic, flexible solutions that are informed by voluntary consensus standards, driven by market demands, and implemented by stakeholders throughout the global digital economy, are the better answer to these evolving systemic challenges.”

This report begins with the sentence, “There are a number of influences on the 2018 Winter Olympics event that may increase the likeliness of malicious activity.” Read on to find out more.

SailPoint’s 2018 Market Pulse Survey found amidst all the change the corporate world is experiencing – digital transformation is top of mind for many organizations – the way people approach security has not changed dramatically. People still have bad habits when it comes to both corporate and personal security, and some are even actively fighting against their organization’s IT department in the search for efficiency. Complicating the situation even more is the development of new threat avenues such as software bots. Read on to learn more.

This e-book offers insight into online fraud and cyber-crime.