Analytics

Positive Research is one of the largest information security research centers in Europe. More than 250 world-class experts in protection of SCADA, ERP, web apps, and bank and telecom systems perform research, pentests, and threat/vulnerability analysis.
Search for all time
Bank Attacks

Judging by the media headlines, it's a golden age for bank robberies. The names of criminal gangs are often known to every security specialist, and some of these thieves have made off with millions on multiple occasions. High payoffs and the relatively low risk of detection are inspiring criminals to "go online." Some groups break up or are caught by law enforcement, but newer groups pop up with more sophisticated attack techniques and take their place. Criminals quickly adapt to the changing environment; they constantly monitor newly published vulnerabilities and manage to exploit them much faster than bank security services are able to install updates. So what is the actual situation with IT security at banks? How do hackers bypass their security systems? What are the security flaws that allow hackers to entrench themselves in bank infrastructure and commit fraud, remaining unnoticed up to the very last moment? This reporting draws upon security analysis of information systems performed by Positive Technologies for specific banks for the past three years.

Social engineering: how the human factor puts your company at risk

When cybercriminals want to penetrate the infrastructure of a target company, they increasingly tend to use social engineering to do so. The human factor is still the weakest spot in any protection system, making training on information security awareness for employees more important than ever. An effective way to combat fraud is to simulate attacks in real-world conditions. This tests employees' reactions without any risk of harm to business infrastructure. Positive Technologies regularly performs assessment of information security awareness among employees at major companies all over the world. This report provides statistics and analysis from 10 most instructive testing projects in 2016 and 2017, including examples of successful attacks against employees. These projects are based on various social engineering techniques and generally included emails, phone conversations, and communication via social networks.

Cybersecurity threatscape 2017: trends and forecasts

Each quarter in 2017, we shared data about the latest information security threats and trends, shedding light on new attack techniques and offering guidance for protection. In this report, we will take a look back at last year. Cybercriminals changed their tactics and many threats evolved to be more industry-specific. These and other changes are considered in the conclusion, which outlines what we expect to see in 2018.

Web application attack statistics: Q4 2017

This report provides statistics on attacks performed against web applications during the fourth quarter of 2017. The report describes the most common types of attacks, objectives, intensity, and time distribution of attacks. It also contains statistics by industry. With this up-to-date picture of attacks, companies and organizations can monitor trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection. The example attacks presented in this report have been manually verified to rule out false positives.

SS7 vulnerabilities and attack exposure report

These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to onetime passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks. While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator's customers, but also more critical consequences, such as traffic collapses or power outages. This report reveals the results of SS7 security analysis. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability. Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats.

Cybersecurity threatscape: Q4 2017

We regularly present information on the most important and emerging IT security threats. In keeping with similar reports from previous quarters, this report covers incidents in the fourth quarter of 2017. Information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources. 73 percent of attacks were aimed at direct financial gain. The fourth quarter also saw an uptick in hacktivism (typically intended to protest government actions): 7 percent compared to 3 percent in Q3. The share of attacks aiming to acquire data fell from 25 percent in Q3 to 19 percent in Q4. In Q4, mass attacks again have taken a significant lead (58%). Government, healthcare, and finance are still under threat, attracting 13, 8, and 9 percent of the total, respectively. But most other cyberattacks targeted individuals (32%).

ICS Security: 2017 in review

Manufacturing facilities and critical infrastructure, such as energy and transportation, have fallen victim to more and more cyberattacks in recent years. Securing industrial control systems (ICS) is a critical factor in ensuring the overall information security of critical facilities and infrastructure. Many efforts have been made to promote ICS security: governments are developing regulatory frameworks, computer emergency response teams (CERT) are issuing bulletins, and ICS vendors are gaining awareness that vulnerabilities in their products can cause loss of lucrative contracts and even lives. Despite these efforts—and in the face of mounting incident costs and concern—security at most industrial facilities has shown minimal improvement since the Stuxnet attacks of 2010. The problem is worsened by the tendency to connect ICS equipment to the Internet, which is likely to intensify with the advent of the Fourth Industrial Revolution. Such connections set the stage for attacks by hackers from anywhere in the world, even without direct physical access to target equipment. This report, our fourth on the subject, describes findings by Positive Technologies regarding vulnerabilities in ICS components and their prevalence on Internet-connected systems, and how this situation has evolved over recent years.

Web Application Attack Statistics: Q3 2017

This report provides statistics on attacks performed against web applications during the third quarter of 2017. It describes the most common types of attacks as well as the objectives, intensity, and time distribution of attacks. It also contains industry-by-industry statistics. With this up-to-date picture of attacks, companies and organizations can monitor trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection.

Cybersecurity threatscape: Q3 2017

In this quarter’s report, we share information on the most important and emerging IT security threats. Information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources. The majority of attacks (70%) were performed for direct financial gain, such as draining the victim’s bank account. One quarter (25%) was aimed to steal data. In Q3, attackers again turned their attention to government (13%), which for the first time in the last two years received more attacks than did financial companies (7%). Home users are increasingly under target, now accounting for one third of attacks (33%).

Where there’s a JTAG, there’s a way: obtaining full system access via USB

Everyone makes mistakes. These words are certainly true for developers involved in low-level coding, where such common tools as print debugging and software debuggers run into limits. To solve this problem, software and firmware developers at the beginning of x86 age used in-circuit emulators. Now they use JTAG debugging interface. These hardware debugging facilities are also of interest to security researchers. These tools grant low-level system access and bypass important security protections, making it easier for researchers to study a platform's behavior and undocumented features. With Intel Skylake processors, debugging mechanisms were built into the Platform Controller Hub, which opened it up to ordinary users, including malicious ones, who could use it to gain total control over the processor. For security reasons, these mechanisms are not activated by default, but as we show in this research, they can be activated on the equipment sold in common computer stores.


1 2 3 4 5 Older
Threatscape