This quarter saw a dramatic increase in attacks targeting consumer-grade routers, increasing 539% from Q4, 2017. The majority of hostile detections on the eSentire threat detection surface pertain to perimeter threats: Information Gathering, Intrusion Attempts, and Reputation Blocks. eSentire Threat Intelligence assesses with medium confidence that these detections originate, largely, from automated scanning and exploitation attempts. Threats beyond the perimeter, such as Malicious Code (+35%) and Phishing (+39%) both saw increases in the frst quarter of 2018.

For this report, Menlo Security’s researchers analyzed the top 100,000 domains as ranked by Alexa to understand the risks inherent in using the world’s most popular websites. We found widespread evidence that cybercriminals are successfully exploiting long-held measures of trust, such as a particular site’s reputation or the category in which the site is included, to avoid detection and increase the effectiveness of their attacks.

From the report, “Trojans are still winning. Out of the 12 Threat Reports over Q3, six were trojans. While the results from the Threat Report quarterly from Q2 2018 were pretty even in terms of the volume of threats being spread out between APTs, ransomware and trojans, Q3 2018 showcased the depth and breadth of trojan diversity and malicious innovation.”

From the report, “The large-scale attacks and disastrous outcomes in this paper underscore the fact that targeted phishing is the overwhelming cause of nearly all breaches. Phishing attacks cost companies an incalculable amount of money, prestige, goodwill, confidential data, and competitive advantage, as well as brand identity and integrity. The Verizon Data Breach Investigations report supports the overwhelming impact of phishing, which targets businesses consistently across email, web, and network traffic. Siloed approaches lead only to siloed and ineffective protection. Partial, reactive defenses such as employee education, perimeter protection, and spam filtering simply don’t work against today’s phishing threats.”

On September 7th, 2017 Equifax disclosed the occurrence of data breach that occurred between May 2017 and July 2017. Equifax discovered the breach in July 2017. Initial estimates suggest that up to 143 million people could be affected. Credit card information of approximately 209,000 cardholders and personally identifiable information of 182,000 consumers was also compromised. Given past history with similar such breaches, additional impact is likely to be uncovered over time.

The key findings of this report are; 1) Active Cyber defence has significant potential in helping improve UK national cybersecurity 2) Active Cyber defence can play a powerful role in shaping the cybersecurity marketplace and furthering the interests of UK internet users and consumers 3) Active Cyber defense is a potentially useful model for export to like-minded countries 4) Active Cyber defense may constitute an emergent public good 5)Active cyber defense is not perfect, nor should we expect it to be.

The purpose of this study is to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home. The goal was to understand if these beliefs and behaviors align, and why or why not. The conclusion is that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short.

Recently, cybercriminals have managed to redirect web-based crypto-wallet DNS queries to a malicious mirror website. By doing so, they were able to steal $17m in Ethereum. The hackers pulled off a BGP (Border Gateway Protocol) hijacking attack on the website’s DNS service host, causing it to receive a false IP address and direct users to a phishing website. As a result, the users became victims of the attack, losing their stored wallet’s crypto-currency.

The 2018 edition of Webroot’s annual Threat Report shares a glimpse into their discoveries and analysis of threat activity throughout 2017, to equip you with the knowledge you need to overcome modern cybercrime.

The Webroot Threat Research Team has analyzed the data from our customer base during the first half of 2018. This mid-year threat report not only shows the stats, but also tells the story behind the headlines. The bottom line from our observations: it has never been more important to implement a robust, effective, multi-layered and continuously evolving security approach to keep valuable data and systems secure.

This report offers insight into OilRig an Iranian-linked Advanced Persistent Threat. It discusses who they are and why you should care.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. The fourth quarter of 2017 showed a 37 percent decrease in blocklisted apps over Q3. Key threat trends include brand imitation, phishing, malware, and bankbot attacks on cryptocurrency users.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q3 showed a nearly 220 percent increase in blocklisted apps over Q2. Due to a surge in total apps observed, the percentage of blocklisted apps dropped from 4% in Q2 to 3% in Q3.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q2 showed a nearly 57 percent increase in blocklisted apps over Q1. Key threat trends include brand imitation, phishing, malware, malvertising scams crossing into the mobile realm, targetted attacks against MyEtherWallet, and the misuse of location data by major mobile providers.

In this research report, IntSights and Riskified will show the scope and severity of the current threat and fraud landscape for retailers. We will share key research findings and common examples of retail fraud and show how fraudsters commonly target retailers using their digital assets and the dark web. Additionally, we will explore the latest threats to the retail sector, such as tools, techniques and real-life examples, and we will close with our predictions for 2019.

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

This report posits the opinion that state-sponsored cybercrime is the fastest growing threat in cybersecurity. They discuss how usually state sponsored groups attack other governments and militaries, but in the last few years they are starting to see more activity directed towards the financial sector.

From the report, “From the start of 2017 through the first half of 2018, cybercrime groups have generated billions of dollars worth of profit and have caused gross losses of more than $1 trillion to the markets because of their attacks, according to the World Economic Forum1. Over the past year, we have seen a surge in attempts to attack banks across both existing and new vectors, including targeting major bank transfer platforms (such as SWIFT), phishing emails and phishing websites to steal credentials (targeting both customers and employees), mobile malware and fake mobile applications, ATM scamming methods, ATM and PoS (Point of Sale) attacks, DDoS campaigns and attacks against e-banking interfaces.”

IntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical. This report will help you scope the external threats actively underway or being planned. By reading this report, security teams can better resource and fortify their infrastructure against attacks.

In this new research, Farsight Security selected the primary domain for nearly 4000 organizations, including leading global corporations and higher education institutions. We then tested those domains using key DNS indicators to assess adoption of emerging technologies and risk exposure.

In this new research report, Farsight Security set out to determine the prevalence and distribution of IDN homographs across the Internet. We examined 100M IDN resolutions over a 12-month period with a focus on over 450 top global brands across 11 sectors including finance, retail, and technology.