Security Threat Reports

2016-07 Global Threat Report

Feature Article: Scamming the Would-Be Scammer

Download

2016-06 Global Threat Report

Feature Article: Bank Fraud, Privacy and Passwords

Download

2016-05 Global Threat Report

Feature Article: TeslaCrypt Apologizes and Offers Decryption Key

Download

2016-04 Global Threat Repor

Feature Article: Grandma, what big vulnerabilities you have!

Download

2016-01 Global Threat Report

Feature Article: Tech Support Scams Revisited (Again)

Download

2015-12 Global Threat Report

Feature Article: Tech Support Scams: a Beginner's Guide

Download

2015-11 Global Threat Report

Feature Article: Cybersecurity

Download

2015-09 Global Threat Report

Feature Article: Watching the Furby Fly

Download

2015-06 Global Threat Report

Feature Article: Professor Klaus Brunnstein

Download

2015-05 Global Threat Report

Feature Article: Nepal earthquake scam: out for a duck…

Download

2015-03 Global Threat Report

Feature Article: 50 Shades of Security

Download

2015-02 Global Threat Report

Feature Article: Hoaxes and Facebook

Download

2015-01 Global Threat Report

Feature Article: Mobile Malware: Should I keep Taking The Tablets?

Download

2014-12 Global Threat Report

Feature Article: Bank Card Courier Scams

Download

2014-11 Global Threat Report

Feature Article: Virus Bulletin and AVAR: a conference paper is for life

Download

2014-10 Global Threat Report

Feature Article: Irish Tax Refund Phishing Scam

Download

2014-09 Global Threat Report

Feature Article: Biting the Biter

Download

2014-08 Global Threat Report

Feature Article: Can the Can (or Arbitrage Outrage)

Download

2014-07 Global Threat Report

Feature Article: The Domino’s Effect

Download

2014-06 Global Threat Report

Feature Article: The Increasingly Strange Case of the Antipodean iOS Ransomware

Download

2014-05 Global Threat Report

Feature Article: CSO So-So So-and-So

Download

2014-04 Global Threat Report

Feature Article: XP-diency: what if you can’t upgrade yet?

Download

2014-03 Global Threat Report

Feature Article: Postcard from Hallmark hoax

Download

2014-02 Global Threat Report

Feature Article: Phishing Scam Update

Download

2014-01 Global Threat Report

Feature Article: Death and Tax Scams

Download

2013-12 Global Threat Report

Feature Article: The Year of Surviving Dangerously: Highlights from We Live Security 2013

Download

2013-11 Global Threat Report

Feature Article: It’s a Cyber Weapon, but is it Art?

Download

2013-10 Global Threat Report

Feature Article: The Thoughtful Phisher casteth wide his Net… \\SRV-WEB-FARM\Files\Threat-Report\Global-Threat-Trends-Report-October-2013.pdf

Download

2013-08 Global Threat Report

Feature Article: PC Support Scams: still keeping us amused

Download

2013-09 Global Threat Report

Feature Article: TLDs, Phishing, Business Security and Education

Download

2013-07 Global Threat Report

Feature Article: Keyboards and Keywords

Download

2013-06 Global Threat Report

Feature Article: Multi-factor Malware, discussing the evolution of malware over recent years.

Download

2013-05 Global Threat Report

Featured Article: Facebook, Scepticism and the antisocial media

Download

2013-03 Global Threat Report

Today I found a particularly endearing example of the 419 (advance fee fraud) scam in my mailbox. The sender, one 'Harry Cole' claims to represent a bank called the IFC (presumably that's the International Finance Corporation) and says that an 'inquest' (sounds like a matter of 'grave' concern) conducted by the bank turned up an 'inactive/dormant' account, and that I'm a 'potential beneficiary to an unclaimed sum.'

Download

2013-04 Global Threat Report

Featured Article: Spookeasy

Download

2013-02 Global Threat Report

Feature Article: Academic Vanity Press: Who gets scammed?

Download

2013-01 Global Threat Report

In a world where nothing seems to be constant but change, it's good to know that there are, in fact, some things that change fairly slowly. Unfortunately, readiness to believe and spread hoaxes is one of them. Even worse, they're often the same hoaxes that were being spread years and even decades ago. Here's a hoax message - actually two hoaxes shoehorned into the same message - that was passed on to me this month. It goes back well over a decade: my wife (who received it from a well-meaning friend) and I are both pretty sure we saw hoaxes very much like this in the 1990s.

Download

2012-12 Global Threat Report

2012 on the ThreatBlog was far too busy to do justice to in a fairly short article: inevitably, I’ll have to leave out some articles. Nevertheless the following summary should at least give you an idea of how the year looked to the blogging team.

Download

2012-11 Global Threat Report

It’s been a while since I’ve talked about hoaxes (here or anywhere else), but they haven’t gone away, even if we don’t see many of the stories about catastrophic, undetectable viruses any more. Here are three old favourites that have hit my radar recently by email or via Facebook. (Many antique hoaxes have taken on a new lease of life by migrating from email to Facebook.)

Download

2012-10 Global Threat Report

The concept of the “Londoning” scam is far from new, but as it is still making the rounds and claiming victims, and we want to make sure that you’re aware of it. The scam can arrive as an email, as a Facebook message, sometimes even as a mobile text message.

Download

2012-09 Global Threat Report

Believe it or not, there are actually anti-virus company web sites that list that email as a malicious hoax and warn their readers not to spread it. I guess they have less faith in the intelligence of their customers than ESET does.

Download

2012-08 Global Threat Report

This is the tale of a 419 scammer who may have had one too many Vodka Martinis (shaken, not stirred): it’s actually the merging of two articles, one for SC Magazine’s Cybercrime Corner, and the other a spin-off/explanatory piece.

Download

2012-07 Global Threat Report

The Anti-Phishing Working Group (APWG) has recently made available its “Phishing Activity Trends Report” for the first quarter of 2012. It makes interesting reading, at any rate if you're a collector of statistics, and most researchers are to an extent. What does it tell us about the contemporary phishing scene, or at least that part of it that APWG and its members are able to monitor? Well, for the detail, you really need the 11-page report, but here are some highlights.

Download

2012-06 Global Threat Report

Recently the worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s Live Grid® (a cloud-based malware collection system utilizing data from ESET users worldwide). ESET’s research shows that the worm steals AutoCAD drawings and sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files. ESET confirms that tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaking at the time of the discovery.

Download

2012-04 Global Threat Report

Now Google Privacy Policy Reaches the Cloud, How to recognize a PC support scam, Pirated software: an update from Ireland, The Top Ten Threats.

Download

2012-05 Global Threat Report

In terms of media coverage, one of the bigger malware stories in May was malicious code variously called The Flame, Flamer, or even Stryker (detected by ESET as Win32/Flamer.A). The story was a timely reminder that, from the earliest days of computer security there has been a gap between the knowledge and understanding of those who specialize in this field and those who are impacted by its failures and accomplishments. For example, the average computer virus expert, if such an animal could be said to exist, knows a whole lot more about viruses than the vast majority of people who become victims of viruses.

Download

2012-03 Global Threat Report

Do you let your employees use their own computers for work? How about smartphones, iPads and other tablet devices? If so, you are not alone. The phenomenon of allowing or encouraging employees to use their own devices for work--known as Bring Your Own Device, or BYOD--is now widespread in many countries. On the plus side, you may get more work from people when they can work in more places and at more times of the day (from the breakfast table in the morning to the kitchen table at night and the coffee shop in between). There can be cost savings too: equipment outlays can be reduced if employees use their own devices instead of the company buying them.

Download

2012-02 Global Threat Report

David Harley and a Russian research colleague, Aleksandr Matrosov, explain that the most widely spread banking trojan in Russia is now trying to steal money from Facebook users. ESET researchers noted that Win32/Carberp used bootkit components from malware called Ronix, which was also the subject of scrutiny in February.

Download

2011-12 Global Threat Report

ESET Ireland’s research in 2011 showed that 1 in 4 Irish computer users has had his or her computer crashed or otherwise damaged by viruses or malware. We found that 1 in 5 users had experienced a malware infection or data theft while 14 percent said they were hacked or had their social media accounts hijacked. Nearly ten percent of the survey population had been cheated, had their credit cards or private information abused, or found their system was used to transmit spam. We think these numbers reflect the following trends that we observed in 2011, both in Ireland and around the world.

Download

2012-01 Global Threat Report

I’m not exactly fond of 419 (“Nigerian” or advance fee fraud) scammers. You know the sort of thing: African monarchs and the wives of dead dictators wanting to pay you vast sums for your help in moving their money, or messages telling you that you’ve won a lottery. I detest them because when they really score, they’re utterly merciless when it comes to milking the “big fools” (mugu) who fall for the scams: I recently saw an interview with a very dejected victim on television who’d paid out several hundred thousand pounds in advance fees in the expectation that he’d eventually be paid several million.

Download

2011-10 Global Threat Report

Feature Article: Do you think you’re safe online? Social Engineering and Social Media, Virus bulletin 2011: fake but free, OSX/Tsunami.A, a Mac OS X Trojan, The Top Ten Threats, Top Ten Threats at a Glance (graph).

Download

2011-11 Global Threat Report

Fifty ways to leave your lover? Although a tiny 1% would post hostile remarks on their ex's social media, and 8% would remove them as a contact altogether, letting go is not easy for 1 in 4 Irish people. Over 25% stay friends and follow each other's profiles even after breakup.

Download

2011-08 Global Threat Report

One third of the Irish enjoy holiday gloating while another third prefer secret holiday destinations. With the holiday season nearly over we wanted to know, how much of their holiday plans or activities the Irish reveal on social media? This security issue goes beyond announcing that your house will be empty in a certain period and thus inviting burglary. Lately, cybercriminals often contact their target’s social media friends with some sort of financial scam that involves the holiday destination. (This is sometimes refered to as Londoning, though it’s by no means confined to imaginary London, as explained here.)

Download

2011-09 Global Threat Report

Years ago, when I was a security analyst/administrator at a medical research organization in the UK, one of the units (not one I was personally responsible for, fortunately) had a nasty experience with a server. All its PCs were being dutifully backed up to the server in question, but unfortunately, it hadn’t occurred to anyone to back up the server. Not, at any rate, until problems hit both a PC and the server that resulted in the loss of data. Not critical data, perhaps, since the unit and the organization are still around, but significant enough to threaten managerial heads with a sudden migration from neck to guillotine basket, though to the best of my knowledge, no heads did roll in the end.

Download

2011-07 Global Threat Report

Real Men Don’t Do Safe Hex, The Russia House, 1 in 20 mobile devices infected next year?, Stop spam/botnets? Follow the money, Latin America chosen for Trojan bankers attack and Hotmail accounts, The Top Ten Threats

Download

2011-06 Global Threat Report

Feature Article: Ireland: Password Security Improving Survey Reveals Chasm between Users’ Concerns and Behavior CTAC tile (staying in touch with ESET research) INF/Autorun: Threat Losing Thread? Support Scams Not Gone, Not Forgotten The Top Ten Threats

Download

2011-05 Global Threat Report

Feature Article: Don't be silly online, please Facebook privacy: security concerns Cybersecurity symposium in San Diego Return of the password reset attack The Top Ten Threats

Download

2011-04 Global Threat Report

Feature Article: 419s Still a la Mode ESET Researchers at Virus Bulletin TDSS: the Next Generation Anti-Malware Testing Standards Organisation World Backup Day SC Magazine - Cybercrime Corner The Top Ten Threats

Download

2011-03 Global Threat Report

Feature Article: BlackHat Japanning Spring is Here Unwanted Flattery And the Firewalls Came Tumbling Down? The Hole in the Wall Gang Rides Again The Top Ten Threats

Download

2011-02 Global Threat Report

Feature Article: From Russia with Spam Misplaced trust in trustworthy names? Nothing exceeds like Stuxnet AMTSO anticipation RSA The Top Ten Threats

Download

2011-01 Global Threat Report

Feature Article: Stuxnet: conspiracy or sensationalism? Tweetie Pie How effective are phishing attacks? Merry-go-round: the AMTSO wheel of pain The Top Ten Threats

Download