In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from the first half of the year. Most of the statistical indicators dropped accordingly. Yet, there are subtleties we would like to draw attention to, as they highlight dangerous spots on the cyberthreat landscape.

The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network (KSN) distributed antivirus network. The data was received from those KSN users who gave their voluntary consent to have data anonymously transferred from their computers and processed for the purpose described in the KSN Agreement for the Kaspersky product installed on their computer.

In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.” The ransomware economy is supported by a number of illicit groups that each provide one small piece of the puzzle that is cybercrime. From initial access brokers (IABs) to crypto money launderers, the criminal ecosystem that has sprung up around ransomware is vast.

The Zimperium 2023 Global Mobile Threat Report examines the trends that shaped the mobile security landscape over the last year and analyzes research from Zimperium’s zLabs team, as well as third-party industry data, partner insights, and observations from leading industry experts. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.

In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.

This report represents Deep Instinct’s current view of the threat landscape. The report discusses trends seen during 2020 and provides concrete data to verify the credibility of these developments. The information was sourced from our data repositories which are routinely analyzed as part of protecting our customers from ceaseless attacks.

This report represents Deep Instinct’s current view of the threat landscape, showcasing trends seen throughout the course of the past year and providing concrete, actionable data to verify the credibility of these developments. The information was sourced from our data repositories, which are routinely analysed as part of protecting our customers from ceaseless attacks.

In T2 2022, we saw the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks, which likely continued to lose their steam due to the Russia-Ukraine war, along with the post- COVOD return to offices and overall improved security of corporate environments. Even with declining numbers, Russia IP addresses continued to be responsible for the large portion of RDP attacks.

The final months of 2022 were bustling with interesting ESET research findings. Our researchers discovered a MirrorFace spearphishing campaign against high-profile Japanese political entities, and new ransomware named RansomBoggs that targets multiple organizations in Ukraine and has Sandworm’s fingerprints all over it. ESET researchers also discovered a campaign conducted by the infamous Lazarus group that targets its victims with spear-phishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee.

However, 2021 is most likely to be remembered as the year that ransomeware epidemic isn’t over, and it may not even have peaked, but the threat it poses to businesses, supply-chains and critical infrastructure is no longer in doubt, and the forces arrayed against it have never been so formidable.

In this report, we examine 10 prolific banking trojans targeting Android mobile apps of users worldwide, detailing their features and capabilities. We also detail what makes each malware family different highlighting the unique and advanced malicious features that make each banking trojan family unique. A complete list of all 639 financial applications covering banking, investment, payment, and cryptocurrency services and the different banking trojan families targeting each is provided in Appendix A.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q2 showed a nearly 57 percent increase in blocklisted apps over Q1. Key threat trends include brand imitation, phishing, malware, malvertising scams crossing into the mobile realm, targetted attacks against MyEtherWallet, and the misuse of location data by major mobile providers.

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

In this whitepaper they cover the different defense technologies used over time, how different attacks vectors influenced this evolution, how the industry adopted different approaches over time, and why the prevention approach has returned and why it matters.

Long gone are the simple days of malware threats only being associated with the computers on our desks or at our business offices. Today, we’ve all become accustomed to malware infiltrating our homes and pockets across a variety of platforms, be that our telephones, tablets, smart TV or even ‘connected’ devices such as our fridges. Whilst malware can be tailored for different platforms and differ in their abilities or functionality, the overall taxonomy remains very much the same. Back in the ‘halcyon’ days many malware authors released their wares for fun, ‘lulz’ in modern parlance, today most are criminally motivated and driven by financial gain, ideology, revenge and nation state doctrine. The objective of these attacks, and the compromised devices or networks, are typically similar and result in the threat actor gaining access, leading to the theft of confidential and personal information, or disrupting the operations and functionality.

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video capture, file transfers, password theft, system administration, traffic relaying, and more.

CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published1 the first public report exposing its activity. In March 2017, ClearSky published a second report2 exposing further incidents, some of which impacted the German Bundestag. In this report, Trend Micro and ClearSky expose a vast espionage apparatus spanning the entire time the group has been active. It includes recent incidents as well as older ones that have not been publicly reported; new malware; exploitation, delivery and command and control infrastructure; and the group’s modus operandi. We dubbed this activity Operation Wilted Tulip

This document deals with malware on mobile devices.

Read about the threat outlook for aerospace and defense sectors as threat groups seek to gain military and economic advantages.

This blog post takes a look at Metamorfo and how it is impacting Brazilian users, specifically, to install banking trojans.

Gain insights into the nature and rationales of cyber threats international organizations and nonprofits face.