Since the 2016 U.S. presidential election, the term “fake news” has integrated itself frmly into our daily vernacular. However, fake news is used very broadly to describe: disinformation, propaganda, hoaxes, satire and parody, inaccuracies in journalism, and partisanship. Disinformation campaigns are not limited to the geopolitical realm – its use is far more pervasive. The sheer availability of tools means that barriers to entry are lower than ever. This extends beyond geopolitical to fnancial interests that affect businesses and consumers. This paper presents an overview of these different motivations and tools actors can turn to. In Digital Shadows’ Disinformation Campaign Taxonomy, we lay out the stages used in disinformation campaigns. In doing so, it is possible to develop ways to potentially disrupt these efforts and create greater friction for actors involved.

This paper offers insight into QR code usage and user interest and suggests that organizations should take time to consider and familiarize themselves with the potential security ramifications.

To lure unsuspecting consumers to fake websites to purchase counterfeit goods, cybercriminals abuse the Domain Name System (DNS) – every day, every hour, every minute. In this report, “Luxury Brands, Cheap Domains: Why Retailers Are Losing The Fight Against Online Counterfeiting,” cybersecurity firms Farsight Security and DomainTools, the leaders in DNS intelligence, took a close look at four international luxury brand domains and learned that the potential abuse of their brand, by counterfeiting and other malicious activities, is significant.

This report offers insight into the Cyber security landscape of The People’s Republic of Korea.

As the November 2018 US midterm elections looms, Anomali Labs set forth to answer the cyber version of the old myth “lightning never strikes the same place twice” — replaced with “can email spoofing attacks really strike the US elections twice”. The Anomali research team sought to answer that question by evaluating the strength of email security programs for election-related infrastructure.

This report offers insight into the German DAX 100 Threat Horizon.

During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first observed use of this technique by APT28. The use of DDE with PowerShell allows an attacker to execute arbitrary code on a victim’s system regardless whether macros are enabled. (McAfee product detection is covered in the Indicators of Compromise section at the end of the document.)

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) team identified a missing link in the operations of a threat actor involved in recent Shamoon malware attacks against Gulf state organizations. These attacks, which occurred in November 2016 and January 2017, reportedly affected thousands of computers across multiple government and civil organizations in Saudi Arabia and elsewhere in Gulf states. Shamoon is designed to destroy computer hard drives by wiping the master boot record (MBR) and data irretrievably, unlike ransomware, which holds the data hostage for a fee.

In this blog we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to have been distributed since September 2016. Both versions still appear to be active.

“In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the victims, the attackers distributed spear-phishing emails containing malicious word document which dropped a malware capable of spying on infected systems. The email purported to have been sent from legitimate email ids. The attackers spoofed the email ids associated with Indian Ministry of Home Affairs to send out email to the victims. Attackers also used the name of the top-ranking official associated with Minister of Home affairs in the signature of the email, this is to make it look like the email was sent by a high-ranking Government official associated with Ministry of Home Affairs (MHA).”

“In my previous blog posts I described attack campaigns targeting Indian government organizations, and Indian Embassies and Ministry of External affairs. In this blog post I describe a new attack campaign where cyber espionage group targeted the users of Mazagon Dock Shipbuilders Limited (also called as ship builder to the nation). Mazagon Dock Shipbuilders Limited (MDL) is a Public Sector Undertaking of Government of India (Ministry of Defence) and it specializes in manufacturing warships and submarines for the Indian Navy.”

The post contains Analysis on a wave of attacks targeting banks as well as the falsified origins of said attacks.

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. While researching elements in the IBM report, ASERT discovered additional malicious domains, IP addresses, and artifacts that matched preciously disclosed elements of Shamoon2.

Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC, an email security standard, by providing a set of easy-to-use tools and campaigns to drive deployment. This paper investigates and measures the economic benefit from that work. Having reviewed the available data, we have chosen to focus on Business Email Compromise (BEC) because it is a rapidly growing issue, with high direct losses, and relevant data is available for analysis from multiple sources. We derive a conservative minimum bar estimate for the loss avoidance tied to GCA’s initiatives and discuss the potential scale of other benefits gained from DMARC.

This article, edited in 2008, compiles a list of cyber crimes that impacted business in 2005.

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

This white paper will examine “Know Your Device” (KYD) as a method to not only protect against fraud, but also enhance your customer’s digital channel experiences and compete in a crowded marketplace.

This paper focusses completely on cybersecurity issues in the aviation industry.

This Distributed Denial of Service (DDoS) attack glossary is intended to provide a high level overview of the various DDoS attack types and typical DDoS attack characteristics.

This report takes a look at the DDoS threats that occurred in the fourth quarter of 2017.

This report takes a look at the DDoS threats that occurred in the fourth quarter of 2016.