Whitepapers
The latest research on threats and technology.
Outerhaven: The UEFI Memory space just itching to be misused
UEFI - the link between a machine's hardware and operating system - is also a potential path for attacks that can persist even if the device is wiped and a fresh OS installed. Let's look at attacks - and potential methods of detection.
F-Secure Ultralight
F-Secure Ultralight combines several unique and advanced technologies to improve protection level, performance, and user experience in our consumer and corporate products.
Hunting For SOTI
In this follow-on to the Killsuit research, we look into the advanced bootloader mechanism employed in The Equation Groups frameworks, which can be used in conjunction with the Killsuit modular component.
Killsuit research
Exposed by the Shadow Brokers in the 2017 "Lost in Translation" leak, not much is known about the persistence component employed in the DanderSpritz framework...until now.
F-Secure Security Cloud
F-Secure Security Cloud is a cloud-based threat analysis system operated by F-Secure. It’s growing knowledge base of digital threats is fed by data from client systems and automated threat analysis services.
Automating advanced threat identification with Broad Context Detection™
We explore the skills and technologies needed for a context-aware approach to effectively evaluate and respond to targeted threats.
F-Secure Deepguard, 3rd Edition
We summarize the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security.
The state of cyber security 2017
Observations and insights to help users and businesses keep pace with a rapidly evolving threat landscape.
Ransomware: How to prevent, predict, detect & respond
Ransomware is one of the most prominent cyber threats today. Yet just like any other threat...
NanHaiShu: "Rat"ing the South China Sea
We detail the malware being used by a threat actor to target government and private-sector organizations involved in a territorial dispute centered on the South China Sea.
Reflash: practical ActionScript3 instrumentation with RABCDAsm
The research described on this paper concentrates exclusively on the Flash part of this complete picture.
The Dukes
This whitepaper explores the tools - such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc- of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making.
CozyDuke
An overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations...
W64/Regin, Stage 1
We describe the inner workings of the stage #1 of the complex malware threat by the name of Regin...
W32/Regin, Stage 1
We analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin...
BlackEnergy & Quedagh: The convergence of crimeware and APT attacks
BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014
COSMICDUKE: Cosmu with a twist of MiniDuke
CosmicDuke — the first malware seen to include code from both the notorious MiniDuke APT Trojan and another...