In recent months, Beazley Breach Response (BBR) Services has seen the number of reported ransomware incidents climb again. The varieties of ransomware and the differing technical abilities of the criminals make effective response especially challenging. Breach response services, such as forensics and legal counsel, are often necessary in ransomware attacks to determine the attack vector and level of access obtained by the attacker. If the attacker accessed or exfiltrated personally identifiable information or protected health information, notification to affected individuals may be required by law.

This report contains an overview of the threat trends and malware families Cylance’s customers faced in 2017. This information is shared with the goal of assisting security practitioners, researchers, and individuals in our collective battle against emerging and evolving cyberthreats.

In this report, they provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. they analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice - not just in theory.

This blog post discusses how WannaCry is a pet project of the Lazarus group.

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. 2. Details on the ransomware functionality found in Shamoon 2.0. This functionality is currently inactive but could be used in future attacks. 3. Details on the newly found StoneDrill functions, including its destructive capabilities (even with limited user privileges). 4. Details on the similarities between malware styles and malware components’ source code found in Shamoon, StoneDrill and NewsBeef.

In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. Based on multiple identified overlaps in infrastructure and the use of similar tools, tactics, and procedures (TTPs), we have high confidence that this campaign is associated with the financially motivated threat group tracked by FireEye as FIN7.

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously unpublished attacks.

Malware utilizing known Lazarus group tools was used in a heist of a Taiwan bank. This Malware was later uploaded to several repositories. This post analyses and summarizes the uploaded Malware from the repositories.

This report provides a detailed analysis of survey data that was gathered to provide research findings on best practices and impact.

The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.

This document deals with malware on mobile devices.

This report focuses on key metrics from the following verticals: 1) Education 2) Finance & Finance-related Businesses 3) Technology 4) Healthcare Additional data is provided that focuses on company size. In the following pages, we present specific data showing the types of attacks attempted on these networks and other key findings that we believe are of interest.

This Annual report discusses the events and changes in the cybersecurity landscape of 2017.

Verizon’s annual report on data breaches in 2018

This report offers an analysis into current trends in vulnerability risk management. It examines the attributes of security vulnerabilities viewed through a variety of lenses: Attributes of vulnerabilities published since 2002 versus those only recently published, Attributes of all vulnerabilities published in the National Vulnerability Database (NVD) in contrast with only those uploaded into our platform by our clients, Vulnerabilities broken down by industry vertical, CVSS score, product vendor and active exploitation in the wild.

This report discusses ransomware and how organizations can better protect their digital assets.

This report is specifically geared to the Healthcare and Cross-Sector Cybersecurity Issues.

This is a technical guidance document provided by the US Government. It provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

This Infographic provides some very quick results of a survey conducted in 2018.

This report was produced with a goal of raising awareness and educating senior decision makers about the cybersecurity issues facing the healthcare industry.