With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.

If there’s one thing this year’s Global Threat Report really brings home, it’s that there’s never been a better time to get involved in cybersecurity. The stakes are high, and rising every day. Those that read and share this report are helping to educate themselves and others to better protect themselves and their communities, both at work and at home.

This report covers trends in retail and hospitality in 2019. It covers Cyber espionage that impacts hospitality, how virtual skimming threat data poses risk to payment card data, and an analysis and comparison of point-of-sale malware companies.

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

Upon request by the United States Senate Select Committee on Intelligence (SSCI), New Knowledge reviewed an expansive data set of social media posts and metadata provided to SSCI by Facebook, Twitter, and Alphabet, plus a set of related data from additional platforms. The data sets were provided by the three primary platforms to serve as evidence for an investigation into the Internet Research Agency (IRA) influence operations.

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

From the report, “In the first installment of the 2019 Security Report ‘CyberAttack Trends Analysis’, we reviewed the latest trends and threats facing the IT security industry today. We assessed the major incidents that impacted organizations over the past year along with our commentary and insights regarding them. These trends fell into the categories of Cryptominers, Ransomware, Malware Methodology, Data Breaches, Mobile and Nation State Cyber Attacks. In this installment we zone in on an underlying trend that lies behind all of the above categories, the democratization of cyber crime.” Read on to find out more.

From the report, “Threat actors are increasing their use of fileless malware for one simple reason: most organizations aren’t prepared to detect it. Education is the first step in determining what threat these new attacks pose and what IT and security teams can do to detect and stop fileless malware attacks. READ THIS PAPER to understand how fileless malware is quickly evolving to avoid detection, the techniques currently employed to prevent infection and the strategies security teams need to consider when determining how to stop future fileless breaches.”

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

This report is part of a larger developing series, the aim of which is to apply a different approach to threat intelligence to identify a new threat actor and its previously unknown espionage campaigns; it also aims to link together campaigns that were assumed to be unrelated, or which were falsely attributed to other groups. We call this new project — and threat actor — The White Company in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. The White Company consists of three reports. The first report tells the story of the overall campaign and presents forensic findings in a manner suitable for a general audience, including analyses of the technical and geopolitical considerations that enable readers to draw conclusions about the threat actors and understand the campaign in context. Two additional technical reports follow: One is focused on The White Company’s exploits, the other on its malware and infrastructure.

This e-book provides good insight into understanding cyber crime.

This report takes a look at the “Key Reinstallation Attack” VULN that works against all modern protected Wi-Fi- networks.

This paper provides information on Bad Rabbit a new ransomware roving the internet.

This report offers insight into the Cyber security landscape of The People’s Republic of Korea.

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

This report begins with the sentence, “There are a number of influences on the 2018 Winter Olympics event that may increase the likeliness of malicious activity.” Read on to find out more.

This report offers insight into the cyber security profile of the United States Of America.

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson, have prompted Turkish patriotic hacktivist groups to target American websites. Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

This report takes a deep look at the economics of Cybercrime.

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. This appears to be an attack campaign focused on espionage. We were able to collect over fifty samples of the tools used by the Magic Hound campaign using the AutoFocus threat intelligence tool. The earliest malware sample we were able to collect had a compile timestamp in May 2016. The samples themselves ranged from IRC bots, an open source Python remote access tool, malicious macros, and others. It is believed the use of specific tools may have coincided with specific attack waves by this adversary, with the most recent attacks using weaponized Microsoft Office documents with malicious macros. Due to the large amount of data collected, and limitations on attack telemetry, this blog will focus primarily on the most recent attacks occurring in the latter half of 2016.