Reports

The 2017 TLS Telemetry Report

Report / Apr 23, 2018

By david holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

Report / Mar 13, 2018

By sara boddy justin shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Lessons Learned From a Decade of Data Breaches

Report / Dec 7, 2017 (MODIFIED: Jan 31, 2018)

By sara boddy ray pompon

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

Phishing: The Secret of Its Success and What You Can Do to Stop It

Report / Nov 16, 2017 (MODIFIED: Jan 4, 2018)

By ray pompon

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.

CISOs: Striving Toward Proactive Security Strategies

Report / Sep 19, 2017 (MODIFIED: Nov 9, 2017)

By mike convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

The Hunt for IoT: The Rise of Thingbots

Report / Aug 9, 2017 (MODIFIED: Dec 21, 2017)

By sara boddy justin shattuck

“Thingbots” that launch Death Star-sized DDoS attacks, host banking trojans, and cause physical destruction are becoming the attacker infrastructure of the future.

How Quantum Computing Will Change Browser Encryption

Report / Jul 13, 2017 (MODIFIED: Nov 2, 2017)

By david holmes

Safeguarding TLS against attack in the quantum computing age will require changes to today’s TLS key exchange algorithms.

The Hunt for IoT: The Networks Building Death Star-Sized Botnets

Report / May 10, 2017 (MODIFIED: Aug 7, 2017)

By sara boddy justin shattuck

With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...

Using F5 Labs Application Threat Intelligence

Report / Jan 26, 2017 (MODIFIED: Jul 6, 2017)

By sara boddy ray pompon

As security professionals, we often feel like we’re fighting a losing battle when it comes to cyber security.

The 2016 TLS Telemetry Report

Report / Jan 19, 2017 (MODIFIED: Jul 6, 2017)

By david holmes

In just four short years, encryption estimates have gone from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016. How much of a victory is this?

DDoS’s Newest Minions: IoT Devices (Volume 1)

Report / Oct 8, 2016 (MODIFIED: Jul 6, 2017)

By sara boddy justin shattuck

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

Yasuo-Bot: Flexible, Customized, Fraudulent Content

Report / Dec 14, 2015 (MODIFIED: Jul 6, 2017)

By shaul vilkomir preisman

Standard mobile banking trojans post their own fraudulent content over banking applications. Yasuo-Bot goes further.

Webinject Analysis: Newsidran.com

Report / Dec 12, 2015 (MODIFIED: Jul 6, 2017)

By elman reyes

Webinject attacks modify webpages to allow fraudsters to collect credentials, or act more directly against user accounts.

Slave Malware Analysis: Evolving From IBAN Swaps to Persistent Webinjects

Report / Jun 24, 2015 (MODIFIED: Jul 6, 2017)

By nathan jester elman reyes julia karpin pavel asinovsky

Slave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping.

Dyre In-Depth: Server-Side Webinjects, I2P Evasion, and Sophisticated Encryption

Report / Apr 12, 2015 (MODIFIED: Jul 6, 2017)

By anna dorfman avi shulman

Dyre is one of the most sophisticated banking malware agents in the wild.

Tinba Malware: Domain Generation Algorithm Means New, Improved, and Persistent

Report / Oct 15, 2014 (MODIFIED: Jul 6, 2017)

By pavel asinovsky

Tinba, also known as "Tinybanker", "Zusy" and "HµNT€R$", is a banking Trojan.

Shellshock: Malicious Bash, Obfuscated perlb0t, Echo Probes, and More

Report / Oct 10, 2014 (MODIFIED: Jul 6, 2017)

By maxim zavodchik oz elisyan

Shellshock can take advantage of HTTP headers as well as other mechanisms to enable unauthorized access to Bash.

Follow us on social media.