It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

From the report, “This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends, Examples of ill-prepared organizations and the devastating effects of the breaches they suffered, Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution. This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.”

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

This research was conducted to understand the challenges and issues facing UK businesses right now in their fight against cybercrime including hacking, malicious attacks, and breaches, and to scope how organisations are using threat hunting to strengthen their defences.

This report is part of a larger developing series, the aim of which is to apply a different approach to threat intelligence to identify a new threat actor and its previously unknown espionage campaigns; it also aims to link together campaigns that were assumed to be unrelated, or which were falsely attributed to other groups. We call this new project — and threat actor — The White Company in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. The White Company consists of three reports. The first report tells the story of the overall campaign and presents forensic findings in a manner suitable for a general audience, including analyses of the technical and geopolitical considerations that enable readers to draw conclusions about the threat actors and understand the campaign in context. Two additional technical reports follow: One is focused on The White Company’s exploits, the other on its malware and infrastructure.

In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018. Cybercriminals continue to follow the money. Although this statement is familiar, our latest Threats Report clearly shows the migration from certain older attacks to new threat vectors as they become more profitable. Just as in Q1, we see the popularity of cryptocurrency mining continue to rise. In this report we detail recent findings from three McAfee Labs analyses that appeared in Q2. You can read summaries of each on pages 5-7. One area of investigation by our research teams is in digital assistants. In Q2 we analyzed a vulnerability in Microsoft’s Cortana. This flaw allowed an attacker to log into a locked Windows device and execute code. Following our vulnerability disclosure policy, we communicated our findings to Microsoft; the analysis resulted in CVE-2018-8140. We also examined the world of cryptocurrency attacks with an in-depth view of blockchain technology. Our report detailed many of the vulnerabilities being exploited by threat actors looking for a quick return on their investment.

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. This report will provide analysis of a recent campaign, seen October 30th , utilizing the Cobalt Group malware frameworks. Cobalt Group was believed to have suffered a hit earlier this year[1] with the reported arrest of one of its members. After the arrest, the campaigns appear to have slowed significantly however despite this, there has been continued development concerning the groups malware framework.

In this issue of the State of The Internet/Security report, they take a look back at some of the events they were a part of and the research the Akamai teams produced in the past 12 months. They also examine a few of the stories that formed the background in security this year.

In the DomainTools Reports, we explore various “hotspots” of malicious or abusive activity across the Internet. To date, we have analyzed such varied markers as top level domain (TLD), Whois privacy provider, domain age, patterns of registrant behavior, and more. In each case, we found patterns across our database of over 300 million (315M+ as of this writing) active domains worldwide; these patterns helped us pinpoint nefarious activity, at a large scale, in ways that are similar to methodologies used by security analysts and threat hunters at smaller scales to expose threat actor infrastructure.

This paper outlines the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs.

From the report, “Unless companies come to realize that their security perimeters must grow beyond the corporate firewall to encompass social media networks and other areas such as the Dark Web, then the global cost of cyber crime will continue to mushroom.

This paper offers insight into QR code usage and user interest and suggests that organizations should take time to consider and familiarize themselves with the potential security ramifications.

In light of the new development of Crypto Currency, this paper can begin to address important questions about the outlook for digital currencies, including: If individuals lose trust in alternative coins and no longer see them as profitable, then what does this mean for the future of cryptocurrencies? How will the cryptocurrency landscape change in 2018? And will cryptocurrency fraud ultimately obstruct the rapid growth of digital currencies worldwide?

To lure unsuspecting consumers to fake websites to purchase counterfeit goods, cybercriminals abuse the Domain Name System (DNS) – every day, every hour, every minute. In this report, “Luxury Brands, Cheap Domains: Why Retailers Are Losing The Fight Against Online Counterfeiting,” cybersecurity firms Farsight Security and DomainTools, the leaders in DNS intelligence, took a close look at four international luxury brand domains and learned that the potential abuse of their brand, by counterfeiting and other malicious activities, is significant.

Guided by Threat Compass, the Blueliv’s Annual Cyberthreat Landscape Report takes a birds-eye view of the major events and trends of last year. The Threat Intelligence analysts at Blueliv then offer their insight into an ever-more sophisticated cybercrime industry for 2018.

From the report, “Our survey examined the most common malware threats that organizations are grappling with, how often those threats result in actual compromises, and the challenges involved in responding to them. Respondents included CIOs, CTOs, CSOs, IT directors, network administrators, and senior executives from organizations in more than 20 industries.”

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

This report begins with the sentence, “There are a number of influences on the 2018 Winter Olympics event that may increase the likeliness of malicious activity.” Read on to find out more.

From the report, “The cyber attacks targeting political elections is in full swing as the 115th United States midterm elections grow closer. The exploitation of vulnerabilities and direct cyber attacks targeting election-related entities are somewhat expected; however, a different form of cyber attack has the potential to have a disruptive impact to the elections: disinformation campaigns. The use of disinformation tactics in today’s social media-obsessed society is the most prominent threat to the democratic process. This form of attack is at a significant and troublesome level that the average voter may not be fully aware of.” Read on to learn more.

As the November 2018 US midterm elections looms, Anomali Labs set forth to answer the cyber version of the old myth “lightning never strikes the same place twice” — replaced with “can email spoofing attacks really strike the US elections twice”. The Anomali research team sought to answer that question by evaluating the strength of email security programs for election-related infrastructure.

This report offers insight into the German DAX 100 Threat Horizon.