IntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical. This report will help you scope the external threats actively underway or being planned. By reading this report, security teams can better resource and fortify their infrastructure against attacks.

In this new research, Farsight Security selected the primary domain for nearly 4000 organizations, including leading global corporations and higher education institutions. We then tested those domains using key DNS indicators to assess adoption of emerging technologies and risk exposure.

In this new research report, Farsight Security set out to determine the prevalence and distribution of IDN homographs across the Internet. We examined 100M IDN resolutions over a 12-month period with a focus on over 450 top global brands across 11 sectors including finance, retail, and technology.

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

This research was conducted to understand the challenges and issues facing UK businesses right now in their fight against cybercrime including hacking, malicious attacks, and breaches, and to scope how organisations are using threat hunting to strengthen their defences.

This report is part of a larger developing series, the aim of which is to apply a different approach to threat intelligence to identify a new threat actor and its previously unknown espionage campaigns; it also aims to link together campaigns that were assumed to be unrelated, or which were falsely attributed to other groups. We call this new project — and threat actor — The White Company in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. The White Company consists of three reports. The first report tells the story of the overall campaign and presents forensic findings in a manner suitable for a general audience, including analyses of the technical and geopolitical considerations that enable readers to draw conclusions about the threat actors and understand the campaign in context. Two additional technical reports follow: One is focused on The White Company’s exploits, the other on its malware and infrastructure.

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. This report will provide analysis of a recent campaign, seen October 30th , utilizing the Cobalt Group malware frameworks. Cobalt Group was believed to have suffered a hit earlier this year[1] with the reported arrest of one of its members. After the arrest, the campaigns appear to have slowed significantly however despite this, there has been continued development concerning the groups malware framework.

In the DomainTools Reports, we explore various “hotspots” of malicious or abusive activity across the Internet. To date, we have analyzed such varied markers as top level domain (TLD), Whois privacy provider, domain age, patterns of registrant behavior, and more. In each case, we found patterns across our database of over 300 million (315M+ as of this writing) active domains worldwide; these patterns helped us pinpoint nefarious activity, at a large scale, in ways that are similar to methodologies used by security analysts and threat hunters at smaller scales to expose threat actor infrastructure.

This paper outlines the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs.

From the report, “Unless companies come to realize that their security perimeters must grow beyond the corporate firewall to encompass social media networks and other areas such as the Dark Web, then the global cost of cyber crime will continue to mushroom.

To lure unsuspecting consumers to fake websites to purchase counterfeit goods, cybercriminals abuse the Domain Name System (DNS) – every day, every hour, every minute. In this report, “Luxury Brands, Cheap Domains: Why Retailers Are Losing The Fight Against Online Counterfeiting,” cybersecurity firms Farsight Security and DomainTools, the leaders in DNS intelligence, took a close look at four international luxury brand domains and learned that the potential abuse of their brand, by counterfeiting and other malicious activities, is significant.

From the report, “Our survey examined the most common malware threats that organizations are grappling with, how often those threats result in actual compromises, and the challenges involved in responding to them. Respondents included CIOs, CTOs, CSOs, IT directors, network administrators, and senior executives from organizations in more than 20 industries.”

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

This report begins with the sentence, “There are a number of influences on the 2018 Winter Olympics event that may increase the likeliness of malicious activity.” Read on to find out more.

From the report, “The cyber attacks targeting political elections is in full swing as the 115th United States midterm elections grow closer. The exploitation of vulnerabilities and direct cyber attacks targeting election-related entities are somewhat expected; however, a different form of cyber attack has the potential to have a disruptive impact to the elections: disinformation campaigns. The use of disinformation tactics in today’s social media-obsessed society is the most prominent threat to the democratic process. This form of attack is at a significant and troublesome level that the average voter may not be fully aware of.” Read on to learn more.

As the November 2018 US midterm elections looms, Anomali Labs set forth to answer the cyber version of the old myth “lightning never strikes the same place twice” — replaced with “can email spoofing attacks really strike the US elections twice”. The Anomali research team sought to answer that question by evaluating the strength of email security programs for election-related infrastructure.

This report offers this key insight, “The heart of the tension between security and efficiency is the key vulnerability within your organization’s cyber security policy: employee passwords.” Read on to discover more.

In recent months, Beazley Breach Response (BBR) Services has seen the number of reported ransomware incidents climb again. The varieties of ransomware and the differing technical abilities of the criminals make effective response especially challenging. Breach response services, such as forensics and legal counsel, are often necessary in ransomware attacks to determine the attack vector and level of access obtained by the attacker. If the attacker accessed or exfiltrated personally identifiable information or protected health information, notification to affected individuals may be required by law.

On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. These analysts were linked by their coverage of the telecommunications industry, making this targeting very similar to, and likely a continuation of, activity described in our “In Pursuit of Optical Fibers and Troop Intel ” blog. This time, however, attackers opportunistically used spearphishing emails with a Microsoft Word attachment exploiting the recently patched CVE-2017-0199 to deploy the ZeroT Trojan, which in turn downloaded the PlugX Remote Access Trojan (RAT). Proofpoint is tracking this attacker, believed to operate out of China, as TA459. The actor typically targets Central Asian countries, Russia, Belarus, Mongolia, and others. TA549 possesses a diverse malware arsenal including PlugX, NetTraveler, and ZeroT. [1][2][3] In this blog, we also document other 2017 activity so far by this attack group, including their distribution of ZeroT malware and secondary payloads PCrat/Gh0st.

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. We’ll discuss how we discovered it, as well as possible attribution towards the individual behind these attacks.