This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sectorrelative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.

In this Kingslayer post-mortem report, RSA Research describes a sophisticated software application supply chain attack that may have otherwise gone unnoticed by its targets.

This blog post offers insight into the New ICS Attack Framework “Triton”

In mid-November 2017, the Dragos, Inc. team discovered ICS-tailored malware deployed against at least one victim in the Middle East. The team identifies this malware as TRISIS because it targets Schneider Electric’s Triconex safety instrumented system (SIS) enabling the replacement of logic in final control elements. TRISIS is highly targeted and likely does not pose an immediate threat to other Schneider Electric customers, let alone other SIS products. Importantly, the malware leverages no inherent vulnerability in Schneider Electric products. However, this capability, methodology, and tradecraft in this very specific event may now be replicated by other adversaries and thus represents an addition to industrial asset owner and operators’ threat models.

Dragos, Inc. was notified by the Slovak anti-virus firm ESET of an ICS tailored malware on June 8th, 2017. The Dragos team was able to use this notification to find samples of the malware, identify new functionality and impact scenarios, and confirm that this was the malware employed in the December 17th, 2016 cyber-attack on the Kiev, Ukraine transmission substation which resulted in electric grid operations impact. This report serves as an industry report to inform the electric sector and security community of the potential implications of this malware and the appropriate details to have a nuanced discussion.

“In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution. The key factor we should focus on, as an industry, is determining HOW an attacker can take down an organization, rather than focusing only on the WHO. Once we can identify how the attack happened, we can focus on what’s really important – prevention.”

Malware utilizing known Lazarus group tools was used in a heist of a Taiwan bank. This Malware was later uploaded to several repositories. This post analyses and summarizes the uploaded Malware from the repositories.

The Russian invasion of Georgia was preceded by an intensive build up of cyberattacks attempting to disrupt, deface and bring down critical Georgian governmental and civilian online infrastructure. The campaign has been reported in the media, with wide coverage suggesting the campaign was a spontaneous outburst of popular feeling in Russia lead by independent hackers. However, as this report suggests, the offensive was too large, coordinated, and sophisticated to be the work of independent hackers; the evidence leads by-and large to the Russian Business Network (RBN) in St. Petersburg, Russia. Whilst only a criminal investigation can directly prove the involvement of the Kremlin, both experts and commentators have accused Moscow of sponsoring the attacks as their magnitude requires the involvement of the kind of resources only a state-sponsor can provide.

This report seeks to answer the question, “What will shape the next 12 months in cybersecurity?”

Recommendations for securing and managing privileged credentials used by enterprise applications

The Identity Ecosystem Functional Model deliverable was developed by the IDESG Security Committee to provide context to discussions of identity ecosystems and a consistent model upon which to center descriptions of identity solutions. This is not a model of the IDESG as an organization but a representation of online identity interactions and the various components needed to execute those interactions.

This report is specifically geared to the Healthcare and Cross-Sector Cybersecurity Issues.

The purpose of this research, sponsored by Lookout, is to understand the value of the data we access and store on our mobile devices and if we are doing enough to protect that data.

This is a technical guidance document provided by the US Government. It provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

This report looks at China’s evolving approach to integrated strategic deterrence. Drawing on a variety of Chinese military writings, this report explores the origins of this concept, how it relates to Chinese development of counter-intervention capabilities, and how Beijing’s assessment of its external security environment influences its requirements.

From the Report, “This year’s GTIR utilizes the Center for Internet Security’s Critical Security Controls to identify controls that can be effective at each stage of the Lockheed Martin Cyber Kill Chain® (CKC) . By ensuring that controls exists for each stage of the CKC, organizations can increase their ability to disrupt attacks . We’ve dedicated an entire section and case study to a Practical Application of Security Controls to the Cyber Kill Chain.”

This report, out of Great Britain, focuses on the WannaCry Cyber Attack and what they learned in their investigation.

This white paper prepares you for GDPR by providing a basic understanding of what is involved with the different sections of the regulations, and how technology can be used to drive the initial discovery which can be used to drive the plan as well as the ongoing process of maintaining compliance.

This paper looks at utilitiy providers and the cybersecurity threats that attack them.

This report is based on the key findings from The Global State of Information Security Survey.

The purpose of the research, in this report, is to understand how organizations qualify and quantify the financial risk to their tangible and intangible assets in the event of a network privacy or security incident.