Explore below to learn more about the growing risk we're seeing across a variety of industries and network segments.

Stay tuned for the latest Cyber adAPT Research commentary on threats in the wild.

Next phase, new ways, anyways it’s still malware to us.

Since the start, the battle between defenders and malware authors has been move and counter move. When one platform was finally defended, the next would be targeted. When one motivation mitigated, another picked up.

The Spectre of a Meltdown:

January 5, 2017 — The first fact, these flaws and vulnerabilities do exist. Researchers have discovered the existence and filed a report. The flaws were then recreated and confirmed. That does not mean it is the end of the computing world as we know it.

Twas the season for malware attacks

December 25, 2017 — While the world was gearing up for the end of year holiday season, purchasing gifts for friends and families, Malware authors were also busy little beavers. Since the end of October, six different malware families have been making very aggravated attacks against both Windows and Android platforms.

It’s about the Controls: Triton

December 20, 2017 — An attack against an industrial control system (ICS) has made headlines recently. While the attack was credited to malware being called Triton by the reporters, the actual report is very weak on substance.

All the Droids are TOAST bait

November 15, 2017 — The threat being discussed by researchers leverages the TOAST overlay to spread multiple malicious modules. These are being called TOASTAMIGO, based on their use of the TOAST overlay to infect by abusing the Android’s Accessibility features.

Coin Mining A New Claim

November 8, 2017 — Both JSMINER and CPUMINER are newer variants of existing malware. Several Anti-Malware companies detected it without the need to update the signatures. Since the malware also communicates in a manner similar to the desktop version, the network signatures are easily identifiable.

Bad Rabbit Season

October 30, 2017 — Discussion in trade circles this morning is on a new variant of ransomware hitting Eastern Europe. Bad Rabbit was initially spread by the technique known as drive-by download. This method is when a piece of malware is automatically downloaded by unsuspecting visitors.

File Transfer Whaaat??? (SYSCON)

October 25, 2017 — Malware authors have recently discovered an innovative new use for the old workhorse. An anti-malware vendor has discovered a Botnet that uses FTP as a Command and Control (C&C) mechanism.

DoubleLocker: The Lock and deadbolt of Ransomware

October 19, 2017 — DoubleLocker is rather innovative in that it both changes the PIN (and locks) on the infected device as well as encrypting the data that is stored on the device.

KRACK Attack: The end of secure WIFI???

October 16, 2017 — Recently, a researcher has exposed a flaw in the WPA2 secure protocol. The attack that exploits this flaw is being called Key Reinstallation Attack, or KRACK.

A Duck By Any Other Name: UnitedDrake

October 1, 2017 — The ShadowBrokers group, of whom we’ve blogged about before, has released another batch of US National Security Agency (NSA) tools. Among this batch, is a tool named UnitedDrake, a Remote Access Tool (RAT).

When The Cleaner Needs Cleaning

September 20, 2017 — A very popular PC utility was discovered to be infected reciently. The utility CCleaner, is used to “Clean” Windows (XP, Vista and versions 7 - 10) computers of bad registry entries, left over temporary files, and generally “speed up” computer performance.

The New Borne On The Block

September 19, 2017 — There has been a lot of noise concerning a near undetectable, no user-interaction, attack against Bluetooth protocol on the internet recently. The tone behind the warnings are a high-pitched anxiety this will be the next WannaCry outbreak, with “millions of devices vulnerable”.

One Expensive Wallpaper

September 15, 2017 — For the third time this month we’re talking about a piece of malware that was able to infect users by installing from the Google Store. In this case, we’re talking about a threat dubbed ExpensiveWall.

Can You Gaze A WhiteBear In A Snowstorm?

September 10, 2017 — Depending which anti-malware vendor you listen to, there are either one or two newly uncovered nation state sponsored pieces of malware in circulation. One report suggests the new malware are two distinctly different variants, while others consider them part of the same family.

Rats On The Loose

September 7, 2017 — A new variant of the mRAT family, called xRat has recently been discovered targeting mobile devices. xRat takes mRAT and adds targeting of mobile devices and a few other modifications.

MoqHao: the Hangul Connection

September 5, 2017 — Once a device has been infected, the malware can send phishing SMS messages to the user’s contacts, leak sensitive information, install Android apps provided by the C&C server, execute remote commands and return results, and can gather sensitive information via a local Google phishing website.

The Spy In Your Pocket

August 29, 2017 — here has been discussion of late of a new version of a Banking Trojan that does many of these things. An Anti-Virus vendor blogged about a Trojan that has been only seen in Russia, and active for at least a year. This blog has been picked up by mainstream media sources, such as Fox News. This Trojan is being called FakedToken.

Slipping Past the Gatekeeper

August 28, 2017 — Of the last several mobile-device-targeting malware we’ve blogged about, the majority have been slipping past the gatekeeping service by some form of ‘Automatic update’. This is where the clean version of the application is approved and inserted to the “White List” (better known as a “Store”).

Further Down the Bypass Rabbit Hole

August 25, 2017 — The apps use the Allatori Obfuscator, to first request permission to draw over other apps. It then waits 20 minutes before initiating its malicious routines. This 20-minute wait helps to defeat automated routines by waiting them out.

Pontificating Prognostication (aka talking about the future)

August 21, 2017 — I know many vendors announce their predictions and take great fanfare in publishing grand reports, and while these make great marketing material, none of us have that much time to devote to reading... so click here to read more.

Return of An Old Fiend

August 16, 2017 — Over the weekend (12 August) a researcher announced the re-emergence of an older ransomware, wrapped in a new phishing scheme. The ransomware in question is the Locky family of ransomware. Currently the author is asking for .49 Bitcoin, or about $1600 (US).

Is the Threat real or is it ‘CON’ time?

August 4, 2017 — While research is an ongoing process necessary to protect data and users, not all of it is publicized the way it is during the Conferences. While it’s important to pay attention to all this research, it is equally important to read between the lines to determine if the information is being hyped for one reason or another.

More Spyware in the Pocket: Lipizzan

July 31, 2017 — Under the guise of “License Verification”, the malicious backdoor worked to obtain root privileges on the compromised device. Once the device was rooted, Lipizzan could then perform the a list of spyware tasks.

Spreading (Devil’s) Ivy

July 19, 2017 — This vulnerability is being dubbed Devil’s Ivy, based on the capability of it being able to spready rapidly across the Internet. Some people are even predicting a WannaCry type infection hitting many Internet connected “smart” devices. This vulnerability was first discovered in a specific brand of Internet connected security cameras.

SambaCry: So you think only Windows is under attack?

July 18, 2017 — Many times, we hear “I don’t need anti-virus because I run a Mac (or Linux)”. Truth of the matter has been stated many times before, all OS have had malware written to target them, the earliest malware like activity was on a mainframe running the CP/M OS. This virus like activity was a ‘game’ called CoreWars.

LeakerLocker: A New Twist on Android Ransomware

July 14, 2017 — This recent malware does not encrypt the device like WannaCry, but rather it reports to collect personal images, messages and browsing history. The malware then LOCKS the phone and threatens to send this data to all your contacts.

Petya Pain

July 12, 2017 — This malware was initially reported infecting the Ukraine, by the end of the day, reports had come in from 64 countries including the United States. As we’ve had time to do additional analysis at this time, this malware is not exactly Ransomware, rather it is more destructive.

SpyDealer in The Root of Things

July 7, 2017 — This malware dubbed SpyDealer has been reportedly active on Android devices for two years. This malware is able to gain control at what is called Root level (the most secure level of Android devices) of Android devices and can collect phone numbers, messages, contact information, call history and connected Wi-Fi data.

More Shadows from the U.S. Government

June 30, 2017 — Recently the group calling itself “Shadow Brokers” released a lot of tools that were created by the U.S. National Security Agency (NSA). These tools are malware and exploits designed to infiltrate and monitor computer networks and computer activities. Previous tools release by the same group gave us the WannaCry, and NotPetya Malware.

Cloud Services

Cloud services are delivering business supporting technology across all sectors at an unprecedented pace — 93 percent of organizations are currently using cloud services according to McAfee. Cloud usage between public and hybrid clouds have transformed the way organizations operate and store information by enabling faster access to their infrastructure and faster time-to-market.

Law Enforcement

If you’re in law enforcement, you are part of that Thin Blue Line that keeps all of us safe. You protect a grateful citizenry (though not always as grateful as we should be!) from a wide variety of criminal threats.

IoT Connections

The Internet of Things (IoT) is transforming organizations and businesses at unparalleled speed. From creation of new business models, automated workflow, real-time functionality, better communication, ubiquitous connectivity, improved customer experience, to reducing expenditures — IoT is having a profound effect worldwide across all business sectors.

Enterprise Mobility

In a highly connected business world that never sleeps, more organizations are turning to the tangible assets of Enterprise Mobility. Cisco’s 2017 Annual Cybersecurity Report shows traffic from wireless and mobile devices will account for two-thirds (66 percent) of total IP traffic by 2020.


Companies that operate in the financial sector have always faced challenges. It’s not an easy industry. Fickle and fluid financial markets, ever-increasing regulatory pressures, and a host of other risks and potential problems combine to cause some serious headaches for financial executives.


Colleges, universities, and especially K-12 school districts are finding their institutions in a predicament. The booming Bring Your Own Device (BYOD) trend has created mounting data-security concerns as millions of students connect to schools and campuses.


Since 2010, more than 158 healthcare organizations have been compromised through network vulnerability. According to Trend Micro, healthcare was the number one vertical market with the most cyber attacks.

Enter your details and we’ll get back to you