Analytics

Positive Research is one of the largest information security research centers in Europe. More than 250 world-class experts in protection of SCADA, ERP, web apps, and bank and telecom systems perform research, pentests, and threat/vulnerability analysis.
Search for all time
Web Application Attack Statistics: Q3 2017

This report provides statistics on attacks performed against web applications during the third quarter of 2017. It describes the most common types of attacks as well as the objectives, intensity, and time distribution of attacks. It also contains industry-by-industry statistics. With this up-to-date picture of attacks, companies and organizations can monitor trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection.

Cybersecurity threatscape: Q3 2017

In this quarter’s report, we share information on the most important and emerging IT security threats. Information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources. The majority of attacks (70%) were performed for direct financial gain, such as draining the victim’s bank account. One quarter (25%) was aimed to steal data. In Q3, attackers again turned their attention to government (13%), which for the first time in the last two years received more attacks than did financial companies (7%). Home users are increasingly under target, now accounting for one third of attacks (33%).

Where there’s a JTAG, there’s a way: obtaining full system access via USB

Everyone makes mistakes. These words are certainly true for developers involved in low-level coding, where such common tools as print debugging and software debuggers run into limits. To solve this problem, software and firmware developers at the beginning of x86 age used in-circuit emulators. Now they use JTAG debugging interface. These hardware debugging facilities are also of interest to security researchers. These tools grant low-level system access and bypass important security protections, making it easier for researchers to study a platform's behavior and undocumented features. With Intel Skylake processors, debugging mechanisms were built into the Platform Controller Hub, which opened it up to ordinary users, including malicious ones, who could use it to gain total control over the processor. For security reasons, these mechanisms are not activated by default, but as we show in this research, they can be activated on the equipment sold in common computer stores.

Next-generation networks, next-level cybersecurity problems

In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (SS7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft and DoS. This research piece outlines, using examples, how next-generation networks can be abused by an attacker and the steps which can be taken to protect against this.      

Web Application Attack Statistics: Q2 2017

This report provides statistics on attacks performed against web applications during the second quarter of 2017. It describes the most common types of attacks as well as the objectives, intensity, and time distribution of attacks. It also contains industry-by-industry statistics. With this up-to-date picture of attacks, companies and organizations can monitor trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection.

Disabling Intel ME 11 via undocumented mode

Our team of researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this analytical article, the experts describe how they discovered this undocumented mode and how it is connected with the U.S. government's High Assurance Platform (HAP) program.

Cybersecurity Threatscape: Q2 2017

While the security community was following the latest developments involving WannaCry and NotPetya cryptoware, attackers were not sitting idle. In this quarter’s report, we share information on the most important and emerging IT security threats. Information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources.

Positive Research 2017

This year was an eventful one as digital attackers chased new targets in new ways. Along with pentesting and vulnerability audits, Positive Technologies took part in investigations of numerous incidents, including attacks on major banks. We assembled a high-level picture of attacks based on data from our security operations center, pilot projects, and deployments at client companies. As in previous years, we are happy to share the most interesting results in our annual Positive Research journal.

Security trends & vulnerabilities review: web applications (2017)

Every year, web applications expand their presence in more and more areas. Almost every business has its own web applications for clients and for internal business processes. However, application functionality is often prioritized at the expense of security, which negatively affects the security level of the entire business. As a result, web application vulnerabilities provide massive opportunities for malicious actors. By taking advantage of mistakes in application architecture and administration, attackers can obtain sensitive information, interfere with web application functioning, perform DoS attacks, attack application users, penetrate a corporate LAN, and gain access to critical assets.

Security trends & vulnerabilities review: corporate information systems

Information systems at large corporations are like living organisms: they "breathe in" new hosts and systems, grow to accommodate network topology changes, and adapt to new equipment configurations. Ensuring the uninterrupted security of information systems is difficult, with infrastructure scattered across countries and continents, labyrinthine architectures, and a large number of dependencies within and between subsystems. Here we provide an overview of the most common vulnerabilities detected during security audits by Positive Technologies in 2016. In an audit, our experts simulate how actual attackers (external and internal) would try to penetrate corporate systems. This method identifies a large number of protection flaws, including ones impossible to detect in any other way. The research reveals the overall protection level of tested systems and the main tendencies, and includes recommendations for improving corporate information system security.


1 2 3 4 Older
Threatscape