Whitepapers

The latest research on threats and technology.

Hunting for SOTI

Published August 2019

In this follow-on to the Killsuit research, we look into the advanced bootloader mechanism employed in The Equation Groups frameworks, which can be used in conjunction with the Killsuit modular component.

Download PDF >

Killsuit Research

Published August 2019

Exposed by the Shadow Brokers in the 2017 "Lost in Translation" leak, not much is known about the persistence component employed in the DanderSpritz framework...until now.

Download PDF >

F-Secure Security Cloud

Updated January 2019

F-Secure Security Cloud is a cloud-based digital threat analysis system operated by F-Secure Corporation. It consists of a constantly growing and evolving knowledge base of digital threats fed by data from...

Download PDF >

Detecting targeted attacks with Broad Context Detection™

Published November 2018

We explore the skills and technologies needed for a context-aware approach to effectively evaluate and respond to targeted threats.

Download PDF >

F-Secure DeepGuard, 3rd edition

Published October 2018

We summarize the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security.

Download PDF >

Callisto Group

Published April 2017

The Callisto Group threat actor's primary interest is gathering foreign and security policy intelligence. In early 2016, they began sending highly targeted phishing emails...

Download PDF >

The State of Cyber Security 2017

Published February 2017

Observations and insights to help users and businesses keep pace with a rapidly evolving threat landscape.

Download PDF >

Ransomware: How to prevent, predict, detect & respond

Published November 2016

Ransomware is one of the most prominent cyber threats today. Yet just like any other threat...

Download PDF >

NanHaiShu: "Rat"ing the South China Sea

Published July 2016

We detail the malware being used by a threat actor to target government and private-sector organizations involved in a territorial dispute centered on the South China Sea.

Download PDF >

2015 Threat Report

Published April 2016

We summarize the main trends and incidents seen in 2015 that impacted computer and mobile security, as well as developments related to digital privacy.

Download PDF >

F-Secure Adblocker

Published January 2016

This whitepaper outlines the technical principles and benefits of blocking third-party advertising content (as provided by the F-Secure ADBLOCKER app for iOS devices) to enhance the user's web browsing experience.

Download PDF >

The Dukes

Published September 2015

We explore the tools — such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc. — of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working...

Download PDF >

H2 2014 Threat Report

Published April 2015

We summarize the latest trends and developments seen in H2 2014 affecting computer and mobile security, as well as issues related to digital privacy.

Download PDF >

CozyDuke

Published April 2015

An overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations...

Download PDF >

W64/Regin, Stage 1

Published December 2014

We describe the inner workings of the stage #1 of the complex malware threat by the name of Regin...

Download PDF >

W32/Regin, Stage 1

Published December 2014

We analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin...

Download PDF >

BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

Published September 2014

BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014 ...

Download PDF >

H1 2014 Threat Report

Published September 2014

The most notable trend in H1 2014 is the continued growth of ransomware and ransoming activities, on both desktop and mobile platforms...

Download PDF >

Pitou: The "silent" resurrection of the notorious Srizbi kernel spambot

Published August 2014

The recently observed Pitou threat shows similarities with the Srizbi spambot...

Download PDF >

COSMICDUKE: Cosmu with a twist of MiniDuke

Published July 2014

CosmicDuke — the first malware seen to include code from both the notorious MiniDuke APT Trojan and another...

Download PDF >

Lecpetex: Virtual currency mining gets social

Published July 2014

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages.

Download PDF >

Mobile Threat Report Q1 2014

Published April 2014

Mobile malware development in Q1 2014 continues to focus exclusively ...

Download PDF >

Threat Report H2 2013

Published March 2014

News of alleged massive data gathering and online surveillance activities by state entities raises privacy concerns. A Tor-using botnet grows while the arrest of a suspected creator/operator...

Download PDF >

Mobile Threat Report Q3 2013

Published November 2013

We explore the latest news, notable threats and trends for mobile malware in Q3 2013.

Download PDF >

Threat Report H1 2013

Published September 2013

Exploit-based attacks, particularly against the Java development platform, continue to dominate. New developments continue in mobile malware, ransomware, Mac malware and phishing...

Download PDF >

Mobile Threat Report Q1 2013

Published May 2013

While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of ...

Download PDF >

Mobile Threat Report Q4 2012

Published March 2013

The rise of Android malware can be largely attributed to the operating system's increasing foothold in the mobile market...

Download PDF >

Threat Report H2 2012

Published February 2013

Three things stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus) ...

Download PDF >

Mobile Threat Report Q3 2012

Published November 2012

Despite Android's dominance in the mobile threat landscape, the Symbian malware scene is far from dead.

Download PDF >

Threat Report H1 2012

Published September 2012

One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution...

Download PDF >

Mobile Threat Report Q2 2012

Published August 2012

After a while on the scene, Android malware has begun to explore new methods of infection...

Download PDF >

Mobile Threat Report Q1 2012

Published May 2012

In Q1 2012, 37 new malware families and variants were discovered, which nearly quadrupled the number of new malware discovery a year earlier.

Download PDF >

Flashback OS X Malware

Published September 2012

This report was originally presented and published at VB2012.

In 2011, we saw OS X come under siege by several malware families At the forefront...

Download PDF >

Mobile Threat Report Q4 2011

Published February 2012

Android malware continues to expand rapidly in the fourth quarter of 2011, with malware originating from Russia forming a significant presence in the scene...

Download PDF >

It's Signed, therefore it's Clean, right?

Published May 2010

Originally presented at CARO 2010, this presentation discusses Authenticode signing, its usage by developers in the AV industry and ways that code-signing can be abused.

Download PDF >

Threat Summaries Volume 2, 2011 - 2007

Published September 2014

A compilation of all the Threat Summaries released by F-Secure Labs during the years 2007 to 2011, in reverse chronological order.

Download PDF >

Threat Summaries Volume 1, 2006 - 2002

Published September 2014

A compilation of all the Threat Summaries released by F-Secure Labs during the years 2002 to 2006, in reverse chronological order.

Download PDF >