This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.

From the report, “The report also looks at the trends in the usage by fraudsters of specific methods or directions of attack (e.g. location manipulation, account takeover, etc.). This is to provide insight into the various techniques commonly employed by today’s savvy fraudster. The increased sophistication of the online criminal underworld, where a huge and connected marketplace exists to provide numerous services that make theft easier (and where stolen data can be found easily and cheaply following the massive data breaches of the last few years), means that fraudsters have direct access to the tools and information they need to commit online fraud. This has lowered the barrier to entry for new fraudsters to enter, and enabled experienced fraudsters to increase the scale, sophistication and speed of their attacks. This report is designed to reflect the current patterns in that scene and help merchants to understand further and prepare for the attacks they are seeing or are likely to face.” Read on to find out more.

From the report, “Forter and PYMNTS.com have partnered to track, analyze and report on important fraud trends in the world of payments and online commerce. Every quarter, we monitor fraud attempts on U.S. merchant websites to give you the latest insights on what’s going on. (Note: For each of the Indexes in 2016, we’re using 2015’s fraud rates as a benchmark.) Our take-home this quarter: Fraud rates are climbing. They climbed last quarter and are still climbing this quarter. In fact, overall fraud rates have increased by 14 percent from last quarter to this quarter. To find out how fraudsters are doing it and what methods they favor, keep reading.” Read on to find out more.

From the report, “Forter and PYMNTS.com have partnered to track, analyze and report on the important trends happening in the world of fraud as it relates to payments and commerce online. Every quarter, we are monitoring fraud attempts, reflected as a percent of U.S. sales transactions , on U.S. merchant websites. How big is the storm? Where is it? How is it changing? Read on to find out. For each of the Index editions in 2016, we are using the fraud rates observed in 2015 as a benchmark for comparing the state of fraud each quarter.” Read on to find out more.

Forter and PYMNTS.com partnered together to track, analyze and report on the important trends happening in the world of fraud as it relates to payments and commerce online. Every quarter we will monitor how fraud attempts, reflected as a percent of U.S. sales transactions, on U.S. merchant websites are trending. Up? Down? Stable? Time to panic? Hopefully not.

From the report, “Overall, 2016 saw a steady rise in online fraud attack rate, which increased 8.9% over the course of the year. The frightening “tsunami” of fraud attempts that many merchants experienced at the end of 2015 was not repeated, but the moderate rate of increase was sustained. For several industries, primarily apparel, digital goods and travel, 2016 was a year of dramatic fluctuations, affected by numerous fraudsters who were looking for new vulnerabilities they can exploit.” Read on to find out more.

Scalar’s study of the cyber resilience of Canadian organizations finds there is a new normal across the threat landscape. Cyber security incidents – whether they be exfiltration, infiltration, or denial of service – are now occurring on a regular basis. To address this, the focus of cyber security efforts is shifting from an emphasis on protection against attacks, to improving the detection of malicious actors on the network, and responding to and recovering from incidents as quickly as possible. The findings of the 2019 Scalar Security Study reflect on these new trends and introduce cyber resilience as a security theme that emphasizes the importance of business continuity and the need for organizations to return to normal operations and a trusted state after an incident has occurred

From the report, “Analyzing this flurry of legislative activity in 2018, we have identified a number of continuing trends. In general, the overarching trend is increasing stringency and growing complexity in breach notification obligations. In the following pages, we’ll break down this overarching trend into separate and distinct trends. We’ll also look at what these trends mean for how privacy and security professionals work today.”

From the report, “Demisto recently sponsored an independent, third-party survey conducted with security professionals around the world working for companies ranging from less than 500 employees to greater than 20,000 employees. More than 200 responses were analyzed. The purpose of the survey was to discover challenges faced by incident response teams and how they are addressing them (or not) currently. This is the first industry study to span and cover all aspects of incident response, including SOC location, training issues, tools utilization, and what metrics are being tracked.” Read on to find out more.

This infographic provides a brief overview of data presented in the ThreatMetrix Q2 2018 Cybercrime Report.

The ThreatMetrix Cybercrime Report: Q2 2018 is based on actual cybercrime attacks from April – June 2018 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

The ThreatMetrix Cybercrime Report: Q1 2018 is based on actual cybercrime attacks from January – March 2018 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

The ThreatMetrix European Cybercrime Report: Q1 2018 is based on actual cybercrime attacks from January – March 2018 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

This report offers insight into the cybercrime events of 2017.

The ThreatMetrix Cybercrime Report: Q4 2017 is based on actual cybercrime attacks from October – December 2017 that were detected by the ThreatMetrix Digital Identity Network (The Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

This report offers insight into global threats that occur during the Holiday shopping season.

Osterman Research conducted an in-depth survey of decision makers and influencers. To qualify for the survey, individuals had to be knowledgeable about the security operations in their organizations and their organizations had to have at least 1,000 employees. A total of 404 surveys were conducted during June and July 2018. This white paper discusses the results of that research and our analysis of the survey data.

From the report, “In this paper, we discuss that while ML has proven to be a powerful tool in detecting malware for many years, the reality is that true AI does not yet exist. The marketing tricks of next-gen vendors are simply making matters all the more confusing for IT decision makers who need to build robust cyber security defences at a time when the threat landscape is becoming all the more precarious.”

This report provides new mindsets and methods for measuring and minimizing business risk.

F5 Labs, in conjunction with our data partner Loryka, has been tracking “The Hunt for IoT” for two years. We have focused our hunt primarily around port 23 telnet brute force attacks—the “low-hanging fruit” method—as they are the simplest, most common way to compromise an IoT device. (Telnet was also the most prominent attack type when we started this research series.)

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. In recent months, Unit 42 has observed a number of attacks that we attribute to this group. Multiple new variants of the previously discussed sysget malware family have been observed in use by DragonOK. Sysget malware was delivered both directly via phishing emails, as well as in Rich Text Format (RTF) documents exploiting the CVE-2015-1641 vulnerability (patched in MS15-033) that in turn leveraged a very unique shellcode. Additionally, we have observed instances of the IsSpace and TidePool malware families being delivered via the same techniques. While Japan is still the most heavily targeted geographic region by this particular actor, we also observed instances where individuals or organizations in Taiwan, Tibet, and Russia also may have been targeted.