Physical conflicts increasingly have a cyber element to them. This report highlights how Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans.

FireEye researchers uncovered these stolen documents as part of our ongoing threat research. Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions belonging to the men fighting against Syrian President Bashar al-Assad’s forces. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

Download this report to learn more.

Mandiant’s annual threat report reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced persistent threat (APT) actors have evolved over the last year. The report, compiled from hundreds of Mandiant incident response investigations in more than 30 industry sectors, also includes approaches that organizations can take to improve the way they detect, respond to, and contain advanced attacks.

Download the report to learn:

• How attackers are staying hidden and maintaining a foothold in compromised systems
• Which industries comprised the bulk of Mandiant engagements in 2014
• Five key questions your investigation should answer
• How the lines are blurring between nation-state attacks and cyber crime—and why it matters

Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. In this follow-up to our groundbreaking May 2014 report, “Cybersecurity’s Maginot Line: A Real-World Assessment of the Defense-in-Depth Model,” we examine new data gathered in the ensuing weeks. Like France’s famed Maginot Line—an impressive but ultimately futile defense line built in the run-up to World War II to stave off a German invasion—today’s defenses are failing.

Because FireEye sensors operate behind other security layers, we have unique vantage point from which to gauge other security tools. By design, any threat observed by FireEye in the study had passed through all other security defenses.

The new data validates our original findings and identifies several new trends. Across all industry segments, 96 percent of systems were breached on average. And 27 percent of those breaches involved advanced malware. Download the report to learn more.

This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 “proof-of-value” trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model.

The study gets its title from France’s famed Maginot Line — the technically impressive 940-mile border defense that Germany simply bypassed with a novel blitzkrieg style of warfare. Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s threat landscape. Organizations spend billions of dollars every year on IT security. But attackers are easily outflanking these defenses with clever, fast-moving attacks.

Operating since at least mid-2013, FIN4 distinctly focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition (M&A) deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries. FIN4 has targeted individuals such as top executives, legal counsel, outside consultants, and researchers, among others.

Our visibility into FIN4’s activities is limited to their network operations; we can only surmise how they may be using and potentially benefiting from the valuable information they are able to obtain. However one fact remains clear: access to insider information that could make or break stock prices for over 80 publicly traded companies could surely put FIN4 at a considerable trading advantage.

Download the report to:

• Find out the types of companies FIN4 has targeted and the information they're after
• Learn about the techniques used to compromise key executive email accounts
• Discover the mechanisms FIN4 uses to organize the data they collect and the steps used to evade detection
• Understand the preventative measures that can be taken to avoid similar attacks

This report details the survey results of all aspects of alert management in Europe – covering where alerts originate, how they’re categorized, and how they’re managed – and how the process can increase the likelihood of a breach being successful.

Download the report and learn:

• Why alerts are not fool-proof
• Why having more consoles may not be the answer to your security needs
• How your IT team may not be prepared to handle critical alerts
• How long it takes other organizations to respond to alerts, and how you compare
• Why outsourcing could save you money and mitigate risk

It hides in network communications, in all the noise—designed so that defenders can neither detect nor characterize its activity. But its purpose is transparent: to use Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks.

Download the report and read about the recently discovered HAMMERTOSS, a malware backdoor created by the Russian advanced persistent threat (APT) group APT29.