The recent Chinese New Year ushered in the Year of the Rat, but from the perspective of the many corporations, government agencies and other organizations around the world who continue to be the targets of Advanced Persistent Threat (APT) groups acting in the interest of the Chinese government, recent years could aptly be described as the Decade of the RATs - Remote Access Trojans, that is.

In this report, BlackBerry researchers reveal what the focus on those groups has overshadowed: several governments with well-established cyber capabilities have long ago adapted to and exploited the mobile threat landscape for a decade or more. In this context, mobile malware is not a new or niche effort, but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere.

In this report, we will address the aforementioned questions using data that Forescout Technologies has carefully gathered, tested and validated from all forms of device networks and the applications they support. This report presents data from a cross-sectional analysis of the Forescout Device Cloud, which is a repository of host and network information for more than 11 million devices (provided anonymously by Forescout customers). With Forescout Device Cloud, we analyze device fingerprints to identify device function, vendor/model, operating system and version to provide granular auto-classification for a wide range of devices. For this study, researchers limited Device Cloud analysis to 100 large financial services deployments with over 8,500 virtual local area networks (VLANs) and nearly 900,000 devices.

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

A Guy Carpenter and CyberCube Analytics collaboration explores the size and shape of cyber catastrophes and the resulting financial impact on the U.S. cyber insurance industry.

The Bromium Threat Insights Report is updated on a regular basis to track notable threats and the information gleaned from them.

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018.

This report details the Industry Average detection efficacy of the leading MTD solutions used against malicious applications, network attacks and device vulnerabilities. During testing, the Quality of Experience (QoE) and Total Cost of Ownership (TCO) of each MTD solution was also assessed to determine the overall value of each product.

This paper, published in partnership with the UC Berkeley Center for Long-Term Cybersecurity, highlights research indicating that “underserved” residents in San Francisco, California— including low-income residents, seniors, and foreign language speakers—face higher-than average risks of being victims of cyber attacks. They are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are less likely to access online services. This cybersecurity gap is a new “digital divide” that needs to be addressed—with urgency—by the public and private sectors alike.

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

This report reveals that globally, in any given month, home users are twice as much at risk of encountering any type of malware, with a 20.09% chance of infection; business users, on the other hand, have a 10.87% chance of getting attacked, generally because they often have more layers of protection in place. The more people and businesses depend on computers, along with the type of activities carried out on them and the data these PCs hold, the greater consequences and damage malware attacks can cause.

From the report, “To generate this report, Coronet analyzed an enormous set of data comprised of both access and service threats. The data originated from Wi-Fi and cellular networks, devices spanning all operating systems and public network connectivity infrastructure. The data was aggregated and evaluated based on potential damage that could be caused by attackers and existing vulnerabilities in the 55 most populated DMAs, which together account for almost 70 percent of the entire U.S. population. The ranked results have been aggregated into regions which closely resemble Nielsen DMAs. Coronet ranked each city that was analyzed from most insecure to least vulnerable, with the most insecure cities scoring a 6.5 and above.” Read on to find out more.

This report takes a specific look back at connected medical device events that occurred in 2017.

From the report, “Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].” Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.”

From the Report, “This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. While we assist the vendors in addressing the cybersecurity vulnerabilities identified, we want to describe the currently available technology, some of the threats posed by a compromised robot, and the types of cybersecurity issues we discovered. The goal is to make robots more secure and prevent vulnerabilities from being used maliciously by attackers to cause serious harm to businesses, consumers, and their surroundings.”

From the report, “It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.”

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie? Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk. To answer these questions, BitSight researchers looked at the security performance of more than 5,200 Legal, Technology, and Business Services global organizations whose security ratings are tracked and monitored by hundreds of Finance firms using the BitSight Security Rating platform. The organizations across these industries represent a set of critical vendors and business partners in Finance’s supply chain, consisting of: legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.”

From the report, “The 2018 Mobile Payments and Fraud Survey marks the sixth consecutive year of this study. This year’s report, with nearly 600 merchant respondents, is focused on understanding the growth, challenges and developments in the mobile channel. The report also set out to provide a better understanding of how the mobile market has evolved since the inaugural survey report in 2013.”