Verizon DBIR  2020 | 2019 | 2018 | 2017 | 2016 | 2015

Scale Cybersecurity Perspectives  2020 | 2019 | 2018 | 2017

CyberEdge Group CDR  2020 | 2019 | 2018 | 2017

Proofpoint State of the Phish  2020 | 2019 | 2018

Vade Secure Phishers' Favourites  Q1 2020 | Q2 2020 | Q4 2019 | Q3 2019

SonicWall Cyber Threat Report  2020 | 2019 | 2018 | 2017

Recorded Future Chinese State-Sponsored Group ‘RedDelta’ Targets The Vatican and Catholic Organizations
For many years, Chinese state-sponsored groups have targeted religious minorities within the the PRC, particularly those within the so-called “Five Poisons,” such as Tibetan, Falun Gong, and Uighur muslim communities. Insikt Group has publicly reported on aspects of this activity, such as our findings on RedAlpha, the ext4 backdoor, and Scanbox watering hole campaigns targeting the Central Tibetan Administration, other Tibetan entities, and the Turkistan Islamic Party. Most recently, a July 2020 U.S. indictment identified the targeting of emails belonging to Chinese Christian religious figures — a Xi’an-based pastor, as well as an underground church pastor in Chengdu, the latter of whom was later arrested by the PRC government, by two contractors allegedly operating on behalf of the Chinese Ministry of State Security (MSS). Source

As phishing evolved over the years, process injection was added to the baseline attack. Process injection works just the way it sounds. The phishing attack targets the workflow, or process, used by an individual victim, enabling a higher degree of success, as well as the possibility for the scam to remain undetected longer. You see this method deployed during business email compromise (BEC) attacks, including those centered on wire transfers and tax-related scams. Source

Human-centric Computing and Information Sciences Baiting the hook: factors impacting susceptibility to phishing attacks
For our investigation, we conducted a web-based study with 382 partici-pants which focused specifically on identifying factors that help or hinder Internet users in distinguishing phishing pages from legitimate pages. We considered relation-ships between demographic characteristics of individuals and their ability to correctly detect a phishing attack, as well as time-related factors. Moreover, participants’ cursor movement data was gathered and used to provide additional insight. In summary, our results suggest that: gender and the years of PC usage have a statistically significant impact on the detection rate of phishing; pop-up based attacks have a higher rate of success than the other tested strategies; and, the psychological anchoring effect can be observed in phishing as well. Given that only 25% of our participants attained a detec-tion score of over 75% we conclude that many people are still at a high risk of falling victim to phishing attacks but, that a careful combination of automated tools, training and more effective awareness campaigns, could significantly help towards preventing such attacks. Source

Acunetix Web Application Vulnerability Report 2020
This report represents the state of security of web applications and network perimeters. This year’s report contains the results and analysis of vulnerabilities detected over the 12-month period between March 2019 and February 2020, based on data from 5,000 scan targets. This analysis mainly applies to high and medium severity vulnerabilities found in web applications, as well as perimeter network vulnerability data. We utilize Acunetix to more thoroughly assess internet-facing websites and servers. Acunetix helps us identify vulnerabilities in conjunction with other vulnerability scanning applications. Acunetix has been a more reliable application when discovering/determining different types of malicious code injection vulnerabilities (SQL, HTML, CGI, etc). Source

Malwarebytes Cybercrime Tactics and Techniques Q2 2020
This special, COVID-19 themed CTNT report for January 2020 to March 2020 looks at the most prominently spread malware families taking advantage of this crisis, as well as other cybercriminal efforts we observed. We will give you a look into what the campaigns that spread these threats look like and the capabilities of the malware, along with information about card skimmers and APT attacks, wrapping up with some tips on staying safe. Source

Mimecast The State of Email Security 2020
The fourth annual State of Email Security (SOES) contains the valuable insights, reference points, and key takeaways that you’ve come to rely on for your organization. And with the depth of knowledge acquired over years of monitoring and analyzing the email security landscape, in conjunction with Mimecast’s analysis using detection data during the first 100-day period of coronavirus, SOES 2020 serves as the guide helping to drive continuous improvements to your cyber resilience strategy. The state of the world in the first half of 2020 is unlike anything we have experienced before, and it’s trickled down to have an impact on the IT and security world. As healthcare providers and other essential employees worked as hard and as quickly as possible to contain and mitigate the impact of the COVID-19 pandemic, threat actors undermined and stole from businesses, charities, and governments. Threat actors, who are resourceful and inventive, regularly exploit times of confusion or global events to conduct cyberattacks and email phishing campaigns. They assess how well organizations secure their networks to identify vulnerabilities in infrastructure and defenses, which they use to improve their attack methodologies. Source

VMWare Carbon Black Modern Bank Heists 3.0
25 CISOs from leading financial institutions reveal their thoughts on the 2020 attack landscape. According to MITRE, “adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.” This is of particular importance in the financial sector as cybercriminals have dramatically increased their knowledge of the policies and procedures of financial institutions. They are keenly aware of the incident response (IR) stratagems being employed by IR teams and the blind spotsthat exist within every institution. Given the tactical shifts of the cognitive attack loop, they are maintaining and manipulating their positions within networks because of the noise created by incident response and the lack of security controls integration. Source

McAfee Mobile Threat Report Q1, 2020
Malware Is Playing Hide and Steal. Consider the number of applications on your smartphone today. Which ones are actively used? Which ones are no longer used? While this is a simple check, more important questions often go unanswered. For example, do you know what data each app collects? What they do with the data? Or even who they share it with? Although it may be possible to find answers to some of these questions, chances are some, even most of them, will remain unanswered. Of course, these questions are based on the apps that you can see. There is a growing trend for certain apps to hide themselves, stealing precious resources and data from mobile devices that are the passport to our digital world. The objective of these hidden apps is relatively straightforward: generate money for the developer. And it is a growing threat, with almost half of all malware on the mobile platform consisting of hidden apps. Source

EY Global Information Security Survey 2020
Against the backdrop of mounting threat in an era of disruption, the most forward-thinking cybersecurity functions can be critical agents of change. But this will require organizations to foster new relationships between CISOs, the board and C-suite, and every function of the business. The cyber and privacy threat is increasing and expanding. About 6 in 10 organizations (59%) have faced a material or significant incident in the past 12 months, and as our EY Global Board Risk Survey reveals, 48% of boards believe that cyber attacks and data breaches will more than moderately impact their business in the next 12 months. About one-fifth of these attacks (21%) came from “hacktivists” (that is, tech-enabled, political and social activists) — second only to organized crime groups (23%). Source

F-Secure Attack Landscape H2 2019: An unprecedented year for cyber attacks
In this report, we cover the attack traffic seen by our global network of honeypots over the last six months of 2019, as well as malware seen by our customer endpoints throughout the year. We also take a trip down memory lane, revisiting cyber security highlights of the decade. Source

Verizon Mobile Security Index 2020 Report
This year, we added questions to find out why companies are knowingly exposing themselves to risks. The need to meet targets was the most commonly stated reason, whether it was time (62%) or money related (46%). It seems that many companies still see mobile security as an impediment to their business objectives rather than a business imperative in itself. But attitudes are changing. Eighty-seven percent of respondents said they were concerned that a mobile security breach could have a lasting impact on customer loyalty,1 and 81% said that a company’s data privacy record will be a key brand differentiator in the future. Source

PhishLabs Phishing Activity Trends Report, 4th Quarter 2019
“By the end of 2019, 74% of all phishing sites were using TLS/SSL,” observed John LaCour, Founder and CTO of PhishLabs. This percentage increased from 68% in Q3 and 54% in Q2 of 2019. “Attackers are using free certificates on phishing sites that they create, and are abusing the encryption already installed on hacked web sites.” Source

CrowdStrike Global Threat Report 2020
Going into 2019, CrowdStrike Intelligence anticipated that big game hunting (BGH) — targeted, criminally motivated, enterprise-wide ransomware attacks — was expected to continue at least at the 2018 pace. However, what was observed was not just a continuation but an escalation. Ransom demands grew larger. Tactics became more cutthroat. Established criminal organizations like WIZARD SPIDER expanded operations, and affiliates of the ransomware-as-a-service (RaaS) malware developers adopted BGH attacks. In short, the greedy got greedier and the rich got richer. Source

Malwarebytes 2020 State of Malware Report
Telemetry showed a clear trend toward industrialization. Global Windows malware detections on business endpoints increased by 13 percent, and a bifurcation of attack techniques split threat categories neatly between those targeting consumers and those affecting organizations’ networks. The Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to terrorize organizations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos. In addition, a flood of hack tools and registry key disablers made a splashy debut in our top detections, a reflection of the greater sophistication used by today’s business-focused attackers. Source

BNY Mellon Global Payments 2020: Transformation and Convergence
The world of global payments in 2020 will look very unlike it does today; indeed its “end-state” post-2020 will be largely unrecognisable. Key factors influencing these changes will be the impact of technology, changing customer expectations (in particular those of retail customers), changing global demographics, shifts in global trade flows and currency markets, and the growing impact of regulation. Source

Herjavec Group 2019 report from Cybersecurity Ventures sponsored
Cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today. Source

Cisco Encrypted Traffic Analytics 2019
More than 70% of malware campaigns in 2020 will use some type of encryption to conceal malware delivery, command-and-control activity, or data exfiltration. And 60% of organizations will fail to decrypt HTTPS efficiently, missing critical encrypted threats. Source

Cisco Threat Report Dec 2019
A look back at the tactics and tools of 2019. Some cybercriminals have specific organizations in mind when they’re planning an attack. For whatever reason, they know who they want to breach, and the potential rewards to be gained. Very little deters them from their goal. Take the global targeted ransomware attacks that took place this year; the effects were so destructive, partly because the organizations were deliberately selected from the firing line. Source

Raconteur The real cost of cybercrime 2019
Cybercrime can impact an organisation’s reputation, customer base and ability to function, but the cost of poor cybersecurity is never clearer than when looking at the money companies stand to lose. Source

Check Point Research Brand Phishing report Q4 2019
Facebook tops the list, Technology industry is prime targetAccording to Check Point Research analysis, Facebook leads the top 10 phishing brands in Q4 2019 and Technology is the most common industry for which attackers try to imitate brands. Source

TrapX Security Identifies New Malware Campaign Targeting IoT Devices Embedded With Windows 7 at Manufacturing Sites
In October 2019, several of the world’s largest manufactures encountered instances of infection. Attackers used malware variants to compromise a set of embedded IoT (Internet of Things) devices. The infection targeted a range of devices ranging from smart printers, smart TV’s, and even heavy operational equipment such as Automatic Guided Vehicles (AGV). Infected device are at risk to malfunction creating risks to safety, disruption of the supply chain, and data loss. The malware used in the campaign is a self-spreading downloader that runs malicious scripts as part of the Lemon_Duck PowerShell malware variant family. Source

2019 SonicWall Threat Report
Intelligence for the 2019 SonicWall Cyber Threat Report was sourced from real-world data gathered by the SonicWall Capture Threat Network, which securely monitors and collects information from global devices and resources. Source

Emsisoft Malware Lab The State of Ransomware in the US: Report and Statistics 2019
In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. Source

PhishLabs The Growing Social Engineering Threat
This year's report shows how phishing continues to evolve as threat actors adapt to (and exploit) changes in the digital landscape. Targets have shifted, new tactics have surfaced, and attack volume continues to rise. Source

KnowBe4 releases Q4 2019 top-clicked phishing report
The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 39% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 55%, followed by Facebook at 28%. Source

Phishing Burisma Holdings
Beginning in early November of 2019, the Main Intelligence Directorate of the General Staff of the Russian Army (GRU)1 launched a phishing campaign targeting Burisma Holdings, a holding company of energy exploration and production companies based in Kiev, Ukraine. The phishing campaign identified is designed to steal email credentials (usernames and passwords) of employees at Burisma Holdings and its subsidiaries and partners. Source

GlobalSign 2019 PKI Survey
75% stated they are using public SSL or TLS certificates and about 50% stated they rely on private SSL and TLS. A third of participants (30%) said they use certificates for digital signatures while slightly fewer answered they are relying on PKI for Secure/Multipurpose Internet Mail Extensions (S/MIME). Source

The Year of The Phish
25GB archive of data on the latest 100’000 phishing sites processed. This archive contains a SQLite database with a list of original URLs retrieved from various feeds (such as OpenPhish, PhishTank, PhishStats and others), the final URL it eventually redirected to, as well as the DOM HTML and a screenshot of the page. Source

Positive Technologies Cybersecurity threatscape: Q3 2019
In Q3, data theft was the motivation for 61 percent of attacks on organizations and 64 percent of attacks on individuals (compared to 58% and 55%, respectively, in Q2). Direct financial gain, at 31 percent, was equally popular as motivation for attacks against both organizations and individuals. Source

Akamai [state of the internet] / security Phishing — Baiting the Hook
More than 60% of the phishing kits monitored by Akamai were active for only 20 days or less. Source

Proofpoint Q3 2019 Threat Report — Emotet’s return, RATs reign supreme, and more
15% of malicious payloads were remote access Trojans and 45% were banking Trojans, up from 6% and 23% in Q2 2019, respectively. Source

Remote working Irish businesses at risk
350,000 Irish office workers use unsecure devices for remote working. The survey found that more than one-quarter (27%) of Irish office workers – approximately 350,0001 people – use an unencrypted mobile device to access or store company data. Source

Spam and phishing in Q1 2019 Kaspersky Lab
The topics exploited by cybercriminals ranged from online flower shops to dating sites. Source

Study conducted by a group of doctors and published on JAMA Network Open
Study examins the email security practices of six major medical institutions and found that about 1 in every 7 phishing emails ended up getting opened by hospital employees. Source

Phishing attacks topped the list of concerns for decision makers
Nearly 75% of executives citing phishing emails as the most significant threat, according to The State of Security Awareness Training report from CybeReady. Source

91% of all cyber-attacks can be traced back to a phishing email
The online scam works by tricking people into disclosing sensitive information or downloading malicious malware onto their computer. Source

76% of organizations targeted by phishing in 2017
More than three-quarters of surveyed organizations and businesses were targeted by phishing scams in that year. Source

83% of global information security reported experiencing phishing in 2018
Eighty-three percent of global information security respondents experienced phishing attacks in 2018. Source

URL phishing detections increased 269% in 2018
Attacks that capitalize on the human desire to respond to urgent requests from authority are on the rise, such as Business Email Compromise (BEC) and phishing, with phishing URL detections increasing 269 percent over 2017. Source

Phishing attacks on SaaS and webmail services increases by 48% in Q4 2018
A Q1 2019 Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) shows that software-as-a-service (SaaS) and webmail services were the two most attacked sectors in Q1 2019. Together, they accounted for 36% of all phishing attacks during that quarter and even surpassed the payment services (27%) category for the first time. Source

51% of phishing attacks contain links to malware
More than half of phishing attack emails contain links to malware. Malware attacks, by far, represent the greatest number of attacks. This is followed by credential harvesting, which represents 41% of phishing attacks. Source

48% of malicious email attachments are Microsoft Office Files
Microsoft Office users are the most at risk because hackers often disguise their malware as Office file email attachments to trick them into clicking on them. Source

65% of infosec pros identified credential compromise as the most common impact of phishing
February 2019 Attack Spotlight article: more than two-thirds of surveyed information security professionals reported compromised credentials as the biggest impact of successful phishing attacks. This is an increase of 280% since 2016. Source

A data breach with a lifecycle under 200 days costs $1.2 million less than those over 200 days
IBM’s 2019 Cost of a Data Breach Report shows that the percentage chance of experiencing a data breach within two years is 29.6%. According to the report, “organizations today are nearly one-third more likely to experience a breach within two years than they were in 2014.” Breaches can be caused by hacking, phishing, or a variety of other cybersecurity attack methods. Source

Nearly 86% of all phishing attacks targets U.S. entities
The percentage of U.S. targets that are the focus of phishing attacks continues to increase, reaching 85.7% in 2018. The number increased from 81% the previous year. Source

There were allegedly 26,379 victims of phishing/vishing/smishing/pharming in 2018 The 2018 Internet Crime Report from the Internet Crime Complaint Center (IC3) indicates that $48,241,748 was reportedly lost per victim due tophishing/vishing/smishing attacks in the same year. Source

Cyber Threat Intelligence Reports

© 2020 .