This report represents Deep Instinct’s current view of the threat landscape and trends seen between the period January – June 2021 and provides concrete data to verify the credibility of these developments. The information was sourced from our repositories which are routinely analyzed as we continuously protect our customers from unending and varied attacks.

This report represents Deep Instinct’s current view of the threat landscape, showcasing trends seen throughout the course of the past year and providing concrete, actionable data to verify the credibility of these developments. The information was sourced from our data repositories, which are routinely analysed as part of protecting our customers from ceaseless attacks.

In T2 2022, we saw the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks, which likely continued to lose their steam due to the Russia-Ukraine war, along with the post- COVOD return to offices and overall improved security of corporate environments. Even with declining numbers, Russia IP addresses continued to be responsible for the large portion of RDP attacks.

The final months of 2022 were bustling with interesting ESET research findings. Our researchers discovered a MirrorFace spearphishing campaign against high-profile Japanese political entities, and new ransomware named RansomBoggs that targets multiple organizations in Ukraine and has Sandworm’s fingerprints all over it. ESET researchers also discovered a campaign conducted by the infamous Lazarus group that targets its victims with spear-phishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee.

In this report, we examine 10 prolific banking trojans targeting Android mobile apps of users worldwide, detailing their features and capabilities. We also detail what makes each malware family different highlighting the unique and advanced malicious features that make each banking trojan family unique. A complete list of all 639 financial applications covering banking, investment, payment, and cryptocurrency services and the different banking trojan families targeting each is provided in Appendix A.

The data used in this report comes from Cisco Umbrella, Cisco’s cloud delivered security service that includes DNS-layer security, secure web gateway, firewall, cloud access security broker (CASB) functionality, and threat intelligence.

This report reflects on the key threats that emerged or expanded in the 4th quarter of 2020.

This report shares key insights on how attackers are accelerating their use of SSL/TLS encryption to bypass traditional defenses.

From the report, “To put the relentlessness of attacks and the attackers perpetrating them into perspective, it has been reported that the global cybercrime economy generates an annual profit of $1.5 trillion or roughly the same as Russia’s GDP. To use an old cybersecurity adage, attackers only need to succeed once to compromise your network, defenders need to succeed every time. These facts and the events of Q1 2018 reinforce the reality that threat actors have no intention of scaling back their attacks. It is important not to be distracted by coverage given to one attack vector or class of attack – distraction has been a powerful tool in the arsenals of attackers for centuries… just think about why malware trojans are so named.”

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. We first reported on CMSTAR in spear phishing attacks in spring of 2015 and later in 2016. In this latest campaign, we observed a total of 20 unique emails between June and August of this year that included two new variants of the CMSTAR Downloader. We also discovered two previously unknown payloads. These payloads contained backdoors that we have named BYEBY and PYLOT respectively.

This report reveals a campaign of reconnaissance, phishing, and malware operations that use content and domains made to mimic Chinese language news websites

The Qadars Banking Trojan has been observed globally targeting well-known banks since 2013. The research in this white paper provides a detailed analysis of the banking trojan, discussing the obfuscation techniques, domain generation algorithm (DGA), communication protocols and data formatting, and social engineering techniques employed by the trojan.

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

This report will take you through the most common malware infection vectors, the different types of mobile malware currently plaguing organizations, and how to take the appropriate steps to protect your mobile estate.

Get a threat outlook for high tech and IT sectors as their relevance to economic, intelligence and security concerns make them more valuable targets.

This report looks at a remote access Trojan named KONNI that was targeting North Korea.

This report from October 2016 takes a look at the Mirai botnet, VULNS, breach responses, and some new security initiatives.

This report provides analysis and information related to Joao Malware which has attacked video gamers.

This report provides a technical investigation of the malicious components involved in the attack that infected over 500,000 routers and network storage devices.

The report introduces the Chain of Compromise as an analytical concept to help readers, particularly those working in cyber security and information technology roles, understand how attackers compromise security using different combinations of tactics and resources. Some of 2015’s most prominent threats, such as exploit kits, ransomware, and DNS hijacks, are discussed in relation to this model, demonstrating how users become compromised by modern cyber attacks.

The 64-bit Windows operating system is increasing its market share and becoming the prevalent system in most business environments. Its growing popularity is also attracting more attackers and slowly reshaping the Windows threat landscape. Cybersecurity teams must gain a deep understanding of 64-bit systems, and the different malware variants that can infiltrate and attack them, especially as the threat expands into additional operating systems, such as Linux and macOS.