Fraudulent accounts run rampant on social media. But what are they up to, what cyber attacks are they launching? ZeroFOX Research investigates 40,000 fake accounts to find out.

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach.

This report offers deep insight into the threat actor known as Oilrig.

From the report, “To put the relentlessness of attacks and the attackers perpetrating them into perspective, it has been reported that the global cybercrime economy generates an annual profit of $1.5 trillion or roughly the same as Russia’s GDP. To use an old cybersecurity adage, attackers only need to succeed once to compromise your network, defenders need to succeed every time. These facts and the events of Q1 2018 reinforce the reality that threat actors have no intention of scaling back their attacks. It is important not to be distracted by coverage given to one attack vector or class of attack – distraction has been a powerful tool in the arsenals of attackers for centuries… just think about why malware trojans are so named.”

This quarter saw a dramatic increase in attacks targeting consumer-grade routers, increasing 539% from Q4, 2017. The majority of hostile detections on the eSentire threat detection surface pertain to perimeter threats: Information Gathering, Intrusion Attempts, and Reputation Blocks. eSentire Threat Intelligence assesses with medium confidence that these detections originate, largely, from automated scanning and exploitation attempts. Threats beyond the perimeter, such as Malicious Code (+35%) and Phishing (+39%) both saw increases in the frst quarter of 2018.

From the report, “Trojans are still winning. Out of the 12 Threat Reports over Q3, six were trojans. While the results from the Threat Report quarterly from Q2 2018 were pretty even in terms of the volume of threats being spread out between APTs, ransomware and trojans, Q3 2018 showcased the depth and breadth of trojan diversity and malicious innovation.”

From the report, “The large-scale attacks and disastrous outcomes in this paper underscore the fact that targeted phishing is the overwhelming cause of nearly all breaches. Phishing attacks cost companies an incalculable amount of money, prestige, goodwill, confidential data, and competitive advantage, as well as brand identity and integrity. The Verizon Data Breach Investigations report supports the overwhelming impact of phishing, which targets businesses consistently across email, web, and network traffic. Siloed approaches lead only to siloed and ineffective protection. Partial, reactive defenses such as employee education, perimeter protection, and spam filtering simply don’t work against today’s phishing threats.”

On September 7th, 2017 Equifax disclosed the occurrence of data breach that occurred between May 2017 and July 2017. Equifax discovered the breach in July 2017. Initial estimates suggest that up to 143 million people could be affected. Credit card information of approximately 209,000 cardholders and personally identifiable information of 182,000 consumers was also compromised. Given past history with similar such breaches, additional impact is likely to be uncovered over time.

The purpose of this study is to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home. The goal was to understand if these beliefs and behaviors align, and why or why not. The conclusion is that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short.

This Impact Report provides insights into consumers’ views on authentication. Consumers often don’t understand the mechanics of technologies very well, or even why they’re being used, but they have definite preferences about how and when they want to engage in authentication activities.

This report offers the following taglines - IoT device breaches undetectable by nearly half of companies, and use of blockchain technology to help secure IoT data, devices and services doubles in a year.

This report offers insight into controlling friction while tackling Cybercrime in Financial Services.

The ThreatMetrix European Cybercrime Report: Q1 2018 is based on actual cybercrime attacks from January – March 2018 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

The ThreatMetrix Cybercrime Report: Q4 2016 is based on actual cybercrime attacks from October – December 2016 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

Using intelligence from the ThreatMetrix Digital Identity Network, gaming and gambling companies can accurately differentiate between responsible users and problem gamblers / fraudsters in real time.

The ThreatMetrix Cybercrime Report: Q1 2016 is based on actual cybercrime attacks from January 2016 – March 2016 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

Creating)Value)and)Managing)Risk)in)the)World)of)PSD2,“a"white"paper"developed"by"Aite"Group” in close cooperation with ThreatMetrix, provides insight into the key provisions of the revised & Payment(Service(Directive (PSD2) legislation and its impact on market practices.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q2 showed a nearly 57 percent increase in blocklisted apps over Q1. Key threat trends include brand imitation, phishing, malware, malvertising scams crossing into the mobile realm, targetted attacks against MyEtherWallet, and the misuse of location data by major mobile providers.

From the report, “With so much of our personal information now flowing through mobile applications, has our security awareness kept pace? Have consumers adopted best practice behaviors or are they leaving themselves vulnerable to cyber attacks? To better understand consumer behavior, RiskIQ commissioned Ginger Comms² to survey 1,000 US and 1,000 UK consumers aged 16 to 60+, specifically focusing on smartphone apps. The survey was conducted between February and March 2017.”

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

In this report, you’ll learn how many DevOps servers may be exposed based on a study done by the IntSights research team, how cyber criminals typically access open DevOps servers, and what you can do to protect yourself and your data from a DevOps cyber attack.