X-Force Incident Response and Intelligence Services (IRIS) compiled IBM Security software and security services analyses from the past year, which show that 2019 was a year of reemerging old threats being used in new ways.

A long form narrative on several threat trends seen in recent months.

This report offers insights into the 40 year history of spam. It discusses what this means for business, and how the new spam has surpassed the spam of 40 years ago.

This report examines a wide range of cyberattack detections and trends from a sample of 354 Vectra customers with more than 3 million devices and workloads per month from nine different industries. This report takes a multidisciplinary approach that spans all strategic phases of the attack lifecycle.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.

This report from Bromium offers insights into notable threats and events from 2019.

As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.

This report from F5 offers insights into key data regarding application services in the Americas.

From the report, “To understand current levels of exposure and resiliency, Rapid7 Labs measured 4532 of the 2017 Fortune 500 List3 for: • Overall attack surface (the number of exposed servers/devices); • Presence of dangerous or insecure services; • Phishing defense posture; • Evidence of system compromise; • Weak public service and metadata configurations; and • Joint third-party website dependency risks.” Read on to find out more.

This helpful guide provides insight into the settings you should maintain on all of the major social networks. Read on to learn more.

The Black Hat Edition of the Vectra® Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments of Vectra customers from January through June 2018.

The 2018 RSA Conference Edition of the Vectra Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments of Vectra customers from August 2017 through January 2018.

From the report, “To put the relentlessness of attacks and the attackers perpetrating them into perspective, it has been reported that the global cybercrime economy generates an annual profit of $1.5 trillion or roughly the same as Russia’s GDP. To use an old cybersecurity adage, attackers only need to succeed once to compromise your network, defenders need to succeed every time. These facts and the events of Q1 2018 reinforce the reality that threat actors have no intention of scaling back their attacks. It is important not to be distracted by coverage given to one attack vector or class of attack – distraction has been a powerful tool in the arsenals of attackers for centuries… just think about why malware trojans are so named.”

The Q3 2018 Fraud Index Report, produced by the DataVisor Research Team, analyzes recent fraud attacks impacting consumers and organizations for the period July - September 2018.

IntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical. This report will help you scope the external threats actively underway or being planned. By reading this report, security teams can better resource and fortify their infrastructure against attacks.

From the report, “With data drawn from our ThreatCloud World Cyber Threat Map and our experience within the cyber research community, we will give a comprehensive overview of the trends observed in the categories of Cryptominers, Ransomware, Malware techniques, Data Breaches, Mobile and Nation State cyber attacks. We will then conclude with a review of the predictions made in our 2018 Security Report and assess to what extent these proved accurate. Along the way we will also provide cutting edge analysis from our in-house experts to arrive at a better understanding of today’s threat landscape.”

From the report, “For our fifth annual survey, we asked nearly 2,000 respondents globally across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. This survey provides a uniquely comprehensive analysis of the trends shaping the application landscape—and how IT organizations are transforming to meet the ever-changing demands of the digital economy.”

In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018. Cybercriminals continue to follow the money. Although this statement is familiar, our latest Threats Report clearly shows the migration from certain older attacks to new threat vectors as they become more profitable. Just as in Q1, we see the popularity of cryptocurrency mining continue to rise. In this report we detail recent findings from three McAfee Labs analyses that appeared in Q2. You can read summaries of each on pages 5-7. One area of investigation by our research teams is in digital assistants. In Q2 we analyzed a vulnerability in Microsoft’s Cortana. This flaw allowed an attacker to log into a locked Windows device and execute code. Following our vulnerability disclosure policy, we communicated our findings to Microsoft; the analysis resulted in CVE-2018-8140. We also examined the world of cryptocurrency attacks with an in-depth view of blockchain technology. Our report detailed many of the vulnerabilities being exploited by threat actors looking for a quick return on their investment.

In the DomainTools Reports, we explore various “hotspots” of malicious or abusive activity across the Internet. To date, we have analyzed such varied markers as top level domain (TLD), Whois privacy provider, domain age, patterns of registrant behavior, and more. In each case, we found patterns across our database of over 300 million (315M+ as of this writing) active domains worldwide; these patterns helped us pinpoint nefarious activity, at a large scale, in ways that are similar to methodologies used by security analysts and threat hunters at smaller scales to expose threat actor infrastructure.

To lure unsuspecting consumers to fake websites to purchase counterfeit goods, cybercriminals abuse the Domain Name System (DNS) – every day, every hour, every minute. In this report, “Luxury Brands, Cheap Domains: Why Retailers Are Losing The Fight Against Online Counterfeiting,” cybersecurity firms Farsight Security and DomainTools, the leaders in DNS intelligence, took a close look at four international luxury brand domains and learned that the potential abuse of their brand, by counterfeiting and other malicious activities, is significant.

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware.