From the report, “With so much of our personal information now flowing through mobile applications, has our security awareness kept pace? Have consumers adopted best practice behaviors or are they leaving themselves vulnerable to cyber attacks? To better understand consumer behavior, RiskIQ commissioned Ginger Comms² to survey 1,000 US and 1,000 UK consumers aged 16 to 60+, specifically focusing on smartphone apps. The survey was conducted between February and March 2017.”

In this report, IntSights looks to identify which mobile platforms are gaining traction and may be the future backbone of the illegal cyber-economy. The data in this report will help you understand how dark web communication is changing with mobile adoption and how this impacts the way security teams monitor dark web activity. By reading this report, security teams can better prepare for this shift and be better resourced to evolve with it

In this research report, IntSights and Riskified will show the scope and severity of the current threat and fraud landscape for retailers. We will share key research findings and common examples of retail fraud and show how fraudsters commonly target retailers using their digital assets and the dark web. Additionally, we will explore the latest threats to the retail sector, such as tools, techniques and real-life examples, and we will close with our predictions for 2019.

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

This report posits the opinion that state-sponsored cybercrime is the fastest growing threat in cybersecurity. They discuss how usually state sponsored groups attack other governments and militaries, but in the last few years they are starting to see more activity directed towards the financial sector.

From the report, “From the start of 2017 through the first half of 2018, cybercrime groups have generated billions of dollars worth of profit and have caused gross losses of more than $1 trillion to the markets because of their attacks, according to the World Economic Forum1. Over the past year, we have seen a surge in attempts to attack banks across both existing and new vectors, including targeting major bank transfer platforms (such as SWIFT), phishing emails and phishing websites to steal credentials (targeting both customers and employees), mobile malware and fake mobile applications, ATM scamming methods, ATM and PoS (Point of Sale) attacks, DDoS campaigns and attacks against e-banking interfaces.”

In this research report, they uncover the Dark Side of Asia to provide you with an inside look into key trends, laws, motivations and threat actors of the increasingly threatening Asian Internet community.

Mention the dark web and many people summon imagery of a massive, mysterious online criminal underground, where all manner of products and information are bought, sold, and traded, hidden away from the prying eyes of the public and law enforcement. But is that really what it’s like, or is that just cybersecurity marketing hype?

From the report, “With data drawn from our ThreatCloud World Cyber Threat Map and our experience within the cyber research community, we will give a comprehensive overview of the trends observed in the categories of Cryptominers, Ransomware, Malware techniques, Data Breaches, Mobile and Nation State cyber attacks. We will then conclude with a review of the predictions made in our 2018 Security Report and assess to what extent these proved accurate. Along the way we will also provide cutting edge analysis from our in-house experts to arrive at a better understanding of today’s threat landscape.”

To provide insights into the complex challenges faced by organizations as they fight to protect their brands, Radware produces an annual Global Application & Network Security Report. This eighth annual version of the report combines Radware’s organic research, real attack data and analyses of developing trends and technologies with the findings from a global industry survey.

Osterman Research conducted an in-depth survey of decision makers and influencers. To qualify for the survey, individuals had to be knowledgeable about the security operations in their organizations and their organizations had to have at least 1,000 employees. A total of 404 surveys were conducted during June and July 2018. This white paper discusses the results of that research and our analysis of the survey data.

From the report, “As the report that follows describes, SophosLabs has been observing a small but growing number of criminals forced to resort to a variety of manual hacking techniques – previously the purview of esoteric, targeted attackers – just to maintain their dishonorable income streams. The downside is that it’s much more challenging to halt these hybridized threats using conventional methods, but it also means there are fewer criminals competent enough to conduct them, and we keep driving up the cost of their operations. It’s a Darwinian process, and the sort of shift in attacker/defender economics we’ve been striving to achieve for a long time. We consider that a victory, and the start of a trend of attacker disruption that we intend to continue driving.”

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

From the report, “In 2019 and beyond, the biggest trends expected to have an impact on technology and security are the advances in artificial intelligence and machine learning brought about by the ever-growing volume of data that can be processed and analyzed; the continued adoption of cloud computing by enterprises the world over; and the developments in smart devices, homes, and factories — to say nothing of the looming 2020 rollout of 5G, the latest phase of mobile communications geared toward further increasing internet speeds. Furthermore, 2019 will be an important year for political developments including the finalization of Brexit and the holding of landmark elections in several countries. These technological and sociopolitical changes will have a direct impact on security issues in 2019.”

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

Ponemon Institute is pleased to present the findings of Assessing the DNS Security Risk, sponsored by Infoblox. The purpose of this study is to understand the ability of organizations to assess and mitigate DNS risks. As part of the research, an online index has been created to provide a global measure of organizations’ exposure to DNS security risks and assist them in their response to DNS security risks.

A survey of financial services executives responsible for digital security measures at their firms (see Methodology) sheds light on the industry’s objectives for digital channels, perceptions about the scale of the threat posed by fraud and a range of vectors for attack, and confidence in existing defenses.

To gain insight into what’s happening in the healthcare industry when it comes to cybersecurity, Kaspersky Lab issued a survey. The research provides insight into the perceptions of healthcare employees in North America regarding cybersecurity in their workplace, including awareness of cybersecurity breaches, protection of sensitive information, cybersecurity awareness and training, and more. Kaspersky Lab commissioned the research firm Opinion Matters to conduct a survey of 1,758 employees based in healthcare organizations in the United States and Canada. Through this research, the company aims to create a dialogue among businesses and IT staff in healthcare about the current state of awareness of cybersecurity among their employees, along with providing suggested proactive steps that can be taken to prioritize cybersecurity awareness through trainings and consistent education, aiming to prevent or minimize the next cybersecurity issue.

From the report, “In this paper, we discuss that while ML has proven to be a powerful tool in detecting malware for many years, the reality is that true AI does not yet exist. The marketing tricks of next-gen vendors are simply making matters all the more confusing for IT decision makers who need to build robust cyber security defences at a time when the threat landscape is becoming all the more precarious.”

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. It includes observations about trends in the wider security landscape together with analyses of the tactics and techniques used by malicious actors.

From the report, “This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends, Examples of ill-prepared organizations and the devastating effects of the breaches they suffered, Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution. This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.”