Skip to content

Security Research Papers and Articles

More Options

Grounded in APT facts

Grounded in APT Facts

How much do you know about targeted attacks? View this infographic.

Targeted attack trends: 2014 report

Targeted Attack Trends: 2H 2013 Report

Analysis and insight on the targeted attack cases of 2014, including information on the new tools and techniques they used.

open all


Follow the data: Dissecting data breaches and debunking myths

Where does stolen data go and how do attackers use it? These research papers answer those and other questions about compromised data.

Learn about the myths


Hacker group Rocket Kitten is back


The GasPot experiment: Unexamined perils in using gas tank monitoring systems


Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers


A Profile of IRS Scammers: Behind Tax Fraud


Rocket Kitten: the hacking campaign on Israeli and European organizations


Exploit Kits: Past, present, and future


Operation Arid Viper: Bypassing the Iron Dome


Automatic Identification System (AIS): A Security Evaluation


Operation Pawn Storm: Using Decoys to Evade Detection


Backdoor Use in Targeted Attacks


Fake Apps: Feigning Legitimacy


Network Detection Evasion Methods: Blending with Legitimate Traffic


Suggestions to Help Companies with the Fight Against Targeted Attacks


The SCADA That Didn’t Cry Wolf: Who’s Really Attacking Your ICS Equipment? (Part 2)


Targeted Attacks Detection with SPuNge


Safe: A Targeted Threat


Malicious Network Communications: What Are You Overlooking?


FAKEM RAT: Malware Disguised as Windows Messenger and Yahoo! Messenger


The HeartBeat APT Campaign


Spear-Phishing Email: Most Favored APT Attack Bait


Detecting APT Activity with Network Traffic Analysis


How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks


How Tough Is It to Deal With APTs?


IXESHE: An APT Campaign


Luckycat Redux: Inside an APT Campaign with Multiple Targets in India and Japan

12 Most abused Android app permissions

12 Most Abused Android App Permissions

Cybercriminals can exploit Android app permissions for their personal gain. Find out the most commonly requested permissions and how they’re abused in our latest TrendLabs Security Gallery.

open all


Fake Apps, Russia, and the Mobile Web: Making the SMS Fraud Connection

News of an SMS fraud service affecting many countries first broke out in Russia in 2010. It has since put users at risk through popular online activities like social networking and downloading content.

Read Fake Apps, Russia, and the Mobile Web


Adding Android and Mac OS X Malware to the APT Toolbox


Eco and Ego Apps in Japan


Android Malware Acts as an SMS Relay

How Attacks Adapt

How Attacks Adapt

As with technology and popular means of communication, cybercriminal attacks and schemes continue to evolve over the years. Find out more…

Online Security for You and Your Family

Online Security for You and Your Family

Everyone's online, but not everyone's secure. It's up to you to make sure that your family is. Learn about online threats and how you can protect your family from these threats here.

open all


A “global cybercriminal underground market” does not exist

What makes each underground market unique? What do they all offer? Since we started looking into the cybercriminal underground economy, we have seen how the markets have changed and grown.


Read our 2015 findings


Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015


U-Markt: Peering into the German Cybercriminal Underground


The Glass Tank: The North American Underground


Prototype Nation: The Chinese Cybercriminal Underground in 2015


The Japanese Underground


The Russian Underground Today: Automized Infrastructure and Services, Sophisticated Tools


Criminal hideouts for lease: Bulletproof hosting services


Below the Surface: Exploring the Deep Web


Defending against PoS RAM scrapers: Current and next-generation technologies


The South Korean Fake Banking App Scam

The Yanbian Gang Sets Sights on South Koreans


Analysis of the Australian web threat landscape (2014)

Insights on TorrentLocker Attacks


Cybercriminal Underground Economy Series (CUES)

The Brazilian Underground Market: The Market for Cybercriminal Wannabes?


Predator Pain and Limitless: When Cybercrime Turns into Cyberspying


Soundsquatting: Uncovering the Use of Homophones in Domain Squatting


@Twitter #SecurityThreats: An In-Depth Analysis


SHELLSHOCK: A Technical Report


PoS RAM Scraper Malware: Past, Present, and Future


Cybercriminal Underground Economy Series

The Chinese Underground in 2013


Finding Holes: Operation Emmental


On the Actors Behind MEVADE/SEFNIT


Cybercriminals Use What Works: Targeted Attack Methodologies for Cybercrime


Cybercriminal Underground Economy Series

Russian Underground Revisited


Cybercriminal Underground Economy Series

The Mobile Cybercriminal Underground Market in China


Point-of-Sale System Breaches: Threats to the Retail and Hospitality Industries


From Russia with Love: Behind the Trend Micro-NBC News Honeypots


CPL Malware: Malicious Control Panel Items

Connect with us on