In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. For this reason, analyzing the last year occurred events would help cyber-security professionals to prevent further attacks during the next few months. In many cases the attacks reached a very high sophistication levels, both nation-state cyber espionage groups and cyber crime organizations carried out attacks that had a severe impact on the victims. This is just the tip of the iceberg since in many cases organizations are not able to detect threats allowing them to cause huge damage on their infrastructure.
Yoroi Cyber-security Report analyzes the evolution of the threat landscape observed between January 2018 and December 2018. Differently from other reports published by many security firms, this analysis focuses on threats detected by Yoroi Cyber-Security Sensors standing behind Customers infrastructures. Every single attack and/or threat has been managed by the experts at Yoroi.
The report provides a unique point of view because it describes threats and attacks that have bypassed security measures implemented by the targets. Those data are not coming from OSINT or CLOSINT, but have been collected directly from the customer side.The report is divided into sections. Each section is atomic and could be read independently from each other section. Section 1 describes the evolution of the malware in the threat landscape in the past twelve months. it also includes a special focus on 0-Day Malware and their propagation methods.
Section 2 reports observed data from the attacks surface focusing on IP addresses analysis and ASNs involved in the attacks. Section 3 describes the “blocked attacks” through Yoroi DNS protection during the year, while Section 4 describe Dark-Net activities observed by our researchers. Dark-nets are abused for many malicious purposes, they can be abused to hide command and control infrastructure or to carry out an attack attempting to remain anonymous. This section provides data on the attacks originated from resources hidden in the dark-nets and communications from customers infrastructures to dark-nets, likely associated with malware activity. Section 5 includes a wide analysis on data leaks discovered using the Yoroi Digital Surveillance and finally the Section 6 describes new trends on attacks techniques and operations.