This report takes a look at a North Korean CyberEspionage Groub.

This paper presents the testimony, of Martin Libicki, presented before the House Armed Services Committee on March 1, 2017.

This report provides you with unique insights into Europe, Middle East and Africa’s (EMEA’s) threat landscape for the second half of 2015.

This report details some of cyber threat activity that has been observed against Denmark, Finland, Iceland, Norway, and Sweden. It explores motivations of the cyber threat and factors that could trigger future activity in the region.

It would appear that a new variant titled ‘StoneDrill‘ has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Here is a brief analysis of StoneDrill,

This brief takes a look at the espionage as a service industry and how it can help businesses become secure.

This report is a response to the absence of a formal dialogue and explores U.S. policy options for managing relations with China over this critical policy area. It looks at two basic questions: Can the United States and China return to meaningful formal negotiations over norms and rules in cyberspace? And, if so, what areas are most likely to yield agreement, and what might be exchanged for what?

This report seeks to answer the following question, “Is cybercrime, cyber espionage, and other malicious cyber activities what some call “the greatest transfer of wealth in human history,” or is it what others say is a “rounding error in a fourteen trillion dollar economy?””

In December 2016, RAND and the National Security College at The Australian National University partnered to facilitate a cyber security–focused 360o Discovery Exercise in Canberra. The exercise used plausible scenarios to explore the chal- lenges Australia faces in securing cyberspace by placing pres- sure on government authorities, industry capabilities, users’ tolerance for malicious cyber activity, and the ability to develop interdisciplinary solutions to pressing cyber security challenges. The scenarios considered the security of the Internet of Things and intellectual property theft against a backdrop of evolving international norms of behaviour in cyberspace.

This document defines an analytical model of cyber threat intelligence in terms of a threat entity’s goal orientation, the capabilities it uses to pursue its goals and its modus operandi. The model is intended to act as a common guiding template for conducting a cyber threat assessment for use by penetration testers to define a set of realistic and threat-informed cyber attack test scenarios.

This paper seeks to show that data relating to the profiles of organizations and individuals subject to targeted attacks is amenable to study using epidemiological techniques. They design case-control studies to calculate odds ratios reflecting the degree of association between the identified risk factors and the receipt of targeted attack.

From the report, “Although real damages can be very different from our average estimation, in this report we’ve made a unique attempt to connect potential risks and real consequences of a security breach, defined in dollars, not gigabytes of data and hours of downtime.”

This monthly threat report takes a look at the month of February 2018. Specifically, it looks at how Agent Tesla works, cryptocurreny malware, ransomware’s refusal to die, and Turla APT updating their malware after public advisories.

From the paper, “This paper aims, in the first place, to put a concrete proposal on the table. It is not a panacea; it is a plausible way forward. We will start by explaining our proposal in detail and the problems we believe it would solve. We then discuss the proposal’s strategic rationale at a higher level, how it compares to various past and current practices, and why concerns about the dangers are considerably exaggerated. We conclude by considering the specific legal changes the proposal would require.”

In this report, they: a) Discuss the assumptions shaping IT defense spending plans b) Delve into the real and intangible costs of a data breach c) Examine why malware is still the most common form of breach. d) Look at which threats on which security teams need to focus.

What is the balance of economic benefits and costs conferred upon societies by cyber technologies, also designated here as information and communication technologies (ICT)? And how might that balance change in coming years? This report, prepared as a quantitative foundation for work sponsored by the Zurich Insurance Group, addresses these questions by assessing the current pattern of benefits and costs in countries and globally, mapping their apparent trajectory in recent years, and exploring their possible futures through 2030.

This report takes a look at the DDoS threats that occurred in the first quarter of 2016.

This blog post takes a look at a specific Chinese threat that is impacting Engineering and Maritime corporations.

Learn what situations contribute to threat activities towards organizations in the energy industry.

This Threat Report takes a look at some of the events of mid 2017. Specifically, it looks at the use of social platforms to target victims, espionage that targets law firms, weakness in business processes, and phishing.

This research develops a causal model, relating different cyber crime types to their impact on the UK economy. The model provides a simple framework to assess each type of cyber crime for its various impacts on citizens, businesses and the Government.