Threat Intelligence Reports
SYNful Knock: A Cisco Implant
Routers, which connect companies to the internet, are a recognized vulnerability that would allow attackers to easily establish a foothold in organizational networks and compromise other hosts and critical data. The recently discovered SYNful Knock implant is a real-life example of an attack that uses Cisco routers as a threat vector. Download this report to:
- Understand the details of the compromise
- See what the impact is and how to detect it
- Find out how to remediate the threat
Threat Intelligence on Advanced Attack Groups and Technology Vulnerabilities
FireEye regularly publishes threat intelligence reports that describe the members of advanced persistent threat (APT) groups, how they work, and how to recognize their tools, tactics, and procedures. Threat intelligence reports also cover vulnerabilities of specific business technologies, such as email, sandboxes, and mobile devices. With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks.
Threat intelligence on a Nigeria-based scam, including its targets, tactics, organization, expertise, techniques, tools, and most importantly, how you can protect yourself from losing thousands of dollars.
Threat intelligence on how the China-based APT17 group used Microsoft’s TechNet blog for its Command-and-Control (CnC) operation.
Threat Intelligence: Independent Research
- The Numbers Game: How Many Alerts is too Many to Handle Worldwide survey of C-level security executives at large enterprise companies on how they manage huge volumes of security alerts.
- IANS Research Survey: Building a Better Budget for Advanced Threat Detection and Prevention Survey of how security teams are trying to influence budget prioritization throughout their organizations for advanced security solutions.
- Definitive Guide to Advanced Threat Protection Comprehensive guide on how next-generation threat protection can fill the gaps in organizations' network defenses to protect against modern cyber attacks.
- Gartner Research: Taking a Lean-Forward Approach to Combat Today's Cyber Attacks Report on why you need more than traditional security to protect against today’s attacks. Includes “Strategies for Dealing With Advanced Targeted Attacks”
- ISMG: The Need for Speed: 2013 Incident Response Survey Survey findings detail the top challenges faced by incident response teams.
- NIST: Best Practices in Cyber Security Chain Risk Management Use case on securing the supply chain and integrating hardware development and manufacturing operations for risk management.
- SANS 2013 Report: Digital Forensics and Incident Response Survey Survey on difficulties encountered as a result of cloud computing and BYOD, and how to better prepare for investigations in the new IT environment.
- Gartner Research: The New Breed of Email-based Cyber Attacks Report on email as a channel for targeted attacks. Feature includes "Email Security Focus Shifts to Address the Risks of Targeted Attacks and Data Loss"
- SANS 2013 Report: Critical Security Controls Survey: Moving From Awareness to Action Survey on awareness and use of critical security controls.
- IANS Data Compromise Awareness Survey detailing the inadequacy of traditional IT security at large enterprises
- Forrester Research: Determine The Business Value Of An Effective Security Program Report on the Information Security Value Model that helps calculate the value of security and share that information with executives.
- Forrester Research: Planning for Failure Report on the elements of a thoughtful, well-implemented incident response plan – including staffing, training, and testing.
Threat Intelligence: Attack Groups
- HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group Threat intelligence on the history, targets, and methodology of the Russian APT29 group that created the elusive malware backdoor HAMMERTOSS.
- An Inside Look: Into the World of Nigerian Scammers Threat intelligence on a Nigeria-based scam, including its targets, tactics, organization, expertise, techniques, tools, and most importantly, how you can protect yourself from losing thousands of dollars.
- APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic Threat intelligence on how the China-based APT17 group used Microsoft’s TechNet blog for its Command-and-Control (CnC) operation.
- APT30: The Mechanics Behind A Decade Long Cyber Espionage Operation Threat intelligence on the APT30 group, which directed an extended cyber attack on government and commercial targets with critical political, economic, and military information.
- APT1: Exposing One of China's Cyber Espionage Units Threat intelligence on the APT1 group, which has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
- APT1: Digital Appendix and Indicators Threat intelligence with a list of more than 3,000 APT1 indicators, including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons.
- Behind the Syrian Conflict's Digital Front Lines This report highlights how Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans.
- Hacking the Street? FIN4 Likely Playing the Market FIN4 group targets over 100 publicly traded companies and advisory boards. Find out the targeted industries, techniques used, and more.
- APT28 - a window into Russia's cyber espionage operations Report that uncovers how a Russian attack group targets insider information related to governments, militaries, and security organizations.
- Operation Saffron Rose Insight into multiple cyber-espionage operations against companies in the U.S. defense industrial base and Iranian dissidents
- Operation "Ke3chang": Targeted Attacks Against Ministries of Foreign Affairs Insight into how ministries of foreign affairs in Europe were targeted and compromised by a threat actor FireEye has dubbed “Ke3chang”
- Supply Chain Analysis: From Quartermaster to Sunshop Examination of 11 seemingly unrelated APT campaigns that, upon further investigation, reveal shared characteristics that suggest a common “supply-chain” infrastructure
Threat Intelligence: Technologies
- SYNful Knock: A Cisco Implant Insight into how attackers use Cisco routers as a threat vector to establish a foothold and compromise data.
- Windows Management Instrumentation (WMI) Offense, Defense, and Forensics An in-depth look at how the Windows Management Instrumentation (WMI) has been used by attackers and what network defenders can do to properly detect and respond to attacks that utilize WMI.
- Mobile Threat Report This report details several aspects of key mobile threats, covering targeted malware, adware and non-malicious apps with serious vulnerabilities.
- Hot Knives Through Butter: Evading File-based Sandboxes Overview of techniques used to evade off-the-shelf file-based sandboxes
- A Daily Grind: Filtering Java Vulnerabilities This report examines the inner workings of three commonly exploited Java vulnerabilities, their behaviors, and the infection flow of exploit kits that target them
- Investigating PowerShell Attacks This paper focuses on forensic analysis and discusses the Windows security controls intended to limit malicious usage of PowerShell, and the authors’ assumptions regarding an attacker’s level of access
- Digital Bread Crumbs: Seven Clues To Identifying Who's Behind Advanced Cyber Attacks Insight into what to look for to help identify attackers
- Leviathan: Command and Control Communications on Planet Earth This report analyzes first stage command and control (C2) malware callbacks from FireEye clients around the world
- Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libraries A look at how the Sidewinder Targeted Attack allows threat actors to take over Android devices to track location, take photos, send texts, and more via the ads libraries Android apps are built on.
- DLL Side-loading: A Thorn in the Side of the Anti-Virus Industry Insight into this popular cyber attack method and measures to take to ensure legitimate files are not exploited
- Brewing Up Trouble: Analyzing Four Widely Exploited Java Vulnerabilities Examination of the inner workings of the four most commonly exploited Java vulnerabilities
- The Little Malware That Could: Detecting and Defeating the China Chopper Web Shell Information on the features that make the China Chopper Web Shell a popular tool for cyber attackers and how to better detect it
- Poison Ivy: Assessing Damage and Extracting Intelligence Information on Poison Ivy, a RAT that is still being used, and Calamine, a set of free tools to detect Poison Ivy infections
- Top Words Used in Spear Phishing Attacks Insight into the nature of files used by cybercriminals to bypass traditional security defenses