RiskIQ uses its repository of scanned mobile application stores to perform analaysis on threat trends in the mobile application space. The first quarter of 2018 showed a 43 percent decrease in blocklisted apps over Q4. Key threat trends include brand imitation, phishing, malware. A spike in apps targeting cryptocurrency and high-profile threats from nation-state actors.

From the report, “With so much of our personal information now flowing through mobile applications, has our security awareness kept pace? Have consumers adopted best practice behaviors or are they leaving themselves vulnerable to cyber attacks? To better understand consumer behavior, RiskIQ commissioned Ginger Comms² to survey 1,000 US and 1,000 UK consumers aged 16 to 60+, specifically focusing on smartphone apps. The survey was conducted between February and March 2017.”

In this research report, IntSights and Riskified will show the scope and severity of the current threat and fraud landscape for retailers. We will share key research findings and common examples of retail fraud and show how fraudsters commonly target retailers using their digital assets and the dark web. Additionally, we will explore the latest threats to the retail sector, such as tools, techniques and real-life examples, and we will close with our predictions for 2019.

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

This report posits the opinion that state-sponsored cybercrime is the fastest growing threat in cybersecurity. They discuss how usually state sponsored groups attack other governments and militaries, but in the last few years they are starting to see more activity directed towards the financial sector.

From the report, “From the start of 2017 through the first half of 2018, cybercrime groups have generated billions of dollars worth of profit and have caused gross losses of more than $1 trillion to the markets because of their attacks, according to the World Economic Forum1. Over the past year, we have seen a surge in attempts to attack banks across both existing and new vectors, including targeting major bank transfer platforms (such as SWIFT), phishing emails and phishing websites to steal credentials (targeting both customers and employees), mobile malware and fake mobile applications, ATM scamming methods, ATM and PoS (Point of Sale) attacks, DDoS campaigns and attacks against e-banking interfaces.”

In this research report, they uncover the Dark Side of Asia to provide you with an inside look into key trends, laws, motivations and threat actors of the increasingly threatening Asian Internet community.

A first hand account of using open source intelligence techniques to discover publicly exposed data stores of healthcare information.

IntSights provides the industry’s most comprehensive view into internal and external threats facing the Gaming and Leisure industry. This report will demonstrate and classify threats that are actively underway, or being planned. This will enable security teams to better resource and fortify their infrastructure against attacks.

Mention the dark web and many people summon imagery of a massive, mysterious online criminal underground, where all manner of products and information are bought, sold, and traded, hidden away from the prying eyes of the public and law enforcement. But is that really what it’s like, or is that just cybersecurity marketing hype?

IntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical. This report will help you scope the external threats actively underway or being planned. By reading this report, security teams can better resource and fortify their infrastructure against attacks.

From the report, “With data drawn from our ThreatCloud World Cyber Threat Map and our experience within the cyber research community, we will give a comprehensive overview of the trends observed in the categories of Cryptominers, Ransomware, Malware techniques, Data Breaches, Mobile and Nation State cyber attacks. We will then conclude with a review of the predictions made in our 2018 Security Report and assess to what extent these proved accurate. Along the way we will also provide cutting edge analysis from our in-house experts to arrive at a better understanding of today’s threat landscape.”

In this new research, Farsight Security selected the primary domain for nearly 4000 organizations, including leading global corporations and higher education institutions. We then tested those domains using key DNS indicators to assess adoption of emerging technologies and risk exposure.

In this new research report, Farsight Security set out to determine the prevalence and distribution of IDN homographs across the Internet. We examined 100M IDN resolutions over a 12-month period with a focus on over 450 top global brands across 11 sectors including finance, retail, and technology.

To provide insights into the complex challenges faced by organizations as they fight to protect their brands, Radware produces an annual Global Application & Network Security Report. This eighth annual version of the report combines Radware’s organic research, real attack data and analyses of developing trends and technologies with the findings from a global industry survey.

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

From the report, “In 2019 and beyond, the biggest trends expected to have an impact on technology and security are the advances in artificial intelligence and machine learning brought about by the ever-growing volume of data that can be processed and analyzed; the continued adoption of cloud computing by enterprises the world over; and the developments in smart devices, homes, and factories — to say nothing of the looming 2020 rollout of 5G, the latest phase of mobile communications geared toward further increasing internet speeds. Furthermore, 2019 will be an important year for political developments including the finalization of Brexit and the holding of landmark elections in several countries. These technological and sociopolitical changes will have a direct impact on security issues in 2019.”

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

A survey of financial services executives responsible for digital security measures at their firms (see Methodology) sheds light on the industry’s objectives for digital channels, perceptions about the scale of the threat posed by fraud and a range of vectors for attack, and confidence in existing defenses.

This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work.

From the report, “This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends, Examples of ill-prepared organizations and the devastating effects of the breaches they suffered, Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution. This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.”