As more people become connected on social platforms, cyber criminals find themselves with more numerous and accessible potential targets than ever before. Over a 4 month period in 2015, the ZeroFOX Research Team built a machine learning classifier and identified thousands scams targeting major financial institutions and their customers across Instagram. The results of the study shine a light on a growing problem with serious impacts on financial institutions’ bottom lines.

This report offers the following highlights - Case study of a Fortune 50 organization breached via social media, Deep dive into each layer of the new attack chain, A detailed look at impersonation accounts and hijacked accounts, a new staple in the attack lifecycle, Tactics, techniques, and procedures (TTPs) used by the modern attacker on social media, Recommendations and best practices for updating your security posture.

Fraudulent accounts run rampant on social media. But what are they up to, what cyber attacks are they launching? ZeroFOX Research investigates 40,000 fake accounts to find out.

This report offers insights into brand protection in the modern age of social media threats. It offers insights into brand protection, why you need to protect your brand, risks to a brand, the benefits of brand protection, the current state of brand protection and how to build a brand protection program.

Social media has become a major platform for financial institutions to engage customers, grow their business, and promote offers and services. However, scammers and cybercriminals have adopted the platform as well, exploiting the low technical barriers, ease of target acquisition, ease of payload delivery, and broad access to potential victims.

To stop phishing attacks, it helps to see them coming. So we asked an array of CofenseTM experts for 2019 predictions. What trends in phishing and malware threats should you anticipate? To be better prepared to defend your organization, read on.

From the report, “In this SPIE, we shine a spotlight on the phishing prevention approaches of one start-up company, Area 1 Security; and one long-tenured cybersecurity vendor, IBM. Although complete elimination cannot be promised, each is taking steps that reduce the potential of their business clients (Area 1’s Horizon) and their clients’ clients (IBM Trusteer Rapport) from becoming victims. Secondarily, by removing the burden of phishing defense from employees and consumers, employees’ productivity is positively affected, and consumers’ trust in online activities is strengthened.”

This quarter saw a dramatic increase in attacks targeting consumer-grade routers, increasing 539% from Q4, 2017. The majority of hostile detections on the eSentire threat detection surface pertain to perimeter threats: Information Gathering, Intrusion Attempts, and Reputation Blocks. eSentire Threat Intelligence assesses with medium confidence that these detections originate, largely, from automated scanning and exploitation attempts. Threats beyond the perimeter, such as Malicious Code (+35%) and Phishing (+39%) both saw increases in the frst quarter of 2018.

For this report, Menlo Security’s researchers analyzed the top 100,000 domains as ranked by Alexa to understand the risks inherent in using the world’s most popular websites. We found widespread evidence that cybercriminals are successfully exploiting long-held measures of trust, such as a particular site’s reputation or the category in which the site is included, to avoid detection and increase the effectiveness of their attacks.

From the report, “The large-scale attacks and disastrous outcomes in this paper underscore the fact that targeted phishing is the overwhelming cause of nearly all breaches. Phishing attacks cost companies an incalculable amount of money, prestige, goodwill, confidential data, and competitive advantage, as well as brand identity and integrity. The Verizon Data Breach Investigations report supports the overwhelming impact of phishing, which targets businesses consistently across email, web, and network traffic. Siloed approaches lead only to siloed and ineffective protection. Partial, reactive defenses such as employee education, perimeter protection, and spam filtering simply don’t work against today’s phishing threats.”

On September 7th, 2017 Equifax disclosed the occurrence of data breach that occurred between May 2017 and July 2017. Equifax discovered the breach in July 2017. Initial estimates suggest that up to 143 million people could be affected. Credit card information of approximately 209,000 cardholders and personally identifiable information of 182,000 consumers was also compromised. Given past history with similar such breaches, additional impact is likely to be uncovered over time.

The key findings of this report are; 1) Active Cyber defence has significant potential in helping improve UK national cybersecurity 2) Active Cyber defence can play a powerful role in shaping the cybersecurity marketplace and furthering the interests of UK internet users and consumers 3) Active Cyber defense is a potentially useful model for export to like-minded countries 4) Active Cyber defense may constitute an emergent public good 5)Active cyber defense is not perfect, nor should we expect it to be.

The purpose of this study is to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home. The goal was to understand if these beliefs and behaviors align, and why or why not. The conclusion is that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short.

Recently, cybercriminals have managed to redirect web-based crypto-wallet DNS queries to a malicious mirror website. By doing so, they were able to steal $17m in Ethereum. The hackers pulled off a BGP (Border Gateway Protocol) hijacking attack on the website’s DNS service host, causing it to receive a false IP address and direct users to a phishing website. As a result, the users became victims of the attack, losing their stored wallet’s crypto-currency.

The 2018 edition of Webroot’s annual Threat Report shares a glimpse into their discoveries and analysis of threat activity throughout 2017, to equip you with the knowledge you need to overcome modern cybercrime.

The Webroot Threat Research Team has analyzed the data from our customer base during the first half of 2018. This mid-year threat report not only shows the stats, but also tells the story behind the headlines. The bottom line from our observations: it has never been more important to implement a robust, effective, multi-layered and continuously evolving security approach to keep valuable data and systems secure.

This report offers insight into OilRig an Iranian-linked Advanced Persistent Threat. It discusses who they are and why you should care.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. The fourth quarter of 2017 showed a 37 percent decrease in blocklisted apps over Q3. Key threat trends include brand imitation, phishing, malware, and bankbot attacks on cryptocurrency users.

In this research report, IntSights and Riskified will show the scope and severity of the current threat and fraud landscape for retailers. We will share key research findings and common examples of retail fraud and show how fraudsters commonly target retailers using their digital assets and the dark web. Additionally, we will explore the latest threats to the retail sector, such as tools, techniques and real-life examples, and we will close with our predictions for 2019.

This report posits the opinion that state-sponsored cybercrime is the fastest growing threat in cybersecurity. They discuss how usually state sponsored groups attack other governments and militaries, but in the last few years they are starting to see more activity directed towards the financial sector.

From the report, “From the start of 2017 through the first half of 2018, cybercrime groups have generated billions of dollars worth of profit and have caused gross losses of more than $1 trillion to the markets because of their attacks, according to the World Economic Forum1. Over the past year, we have seen a surge in attempts to attack banks across both existing and new vectors, including targeting major bank transfer platforms (such as SWIFT), phishing emails and phishing websites to steal credentials (targeting both customers and employees), mobile malware and fake mobile applications, ATM scamming methods, ATM and PoS (Point of Sale) attacks, DDoS campaigns and attacks against e-banking interfaces.”