Topical Research Reports

As part of the Enhanced and Comprehensive levels of VeriSign® iDefense® Security Intelligence Services, customers receive topical research papers containing in-depth analysis on a specific issue related to cyber security. Delivered as a PDF by email or through the VeriSign® iDefense® Intelligence Portal, reports explore specific threats identified by VeriSign and issues that our customers have asked us to explore further.

To request a research report table of contents, select up to two titles below and click the submit button at the bottom of the page. Please note that this is a sample report containing only the table of contents. Complete reports are reserved for customers.

	2008.08.06: A Nodal Analysis of Islamic Extremist Websites Since the beginning of the 21st century, the use of Internet technology by Islamic extremist-oriented terrorists to further their ideological and political goals has expanded greatly, in many ways mirroring the drastic expansion of worldwide Internet usage itself. A number of trends in the worldwide Islamic extremist-oriented terrorist movement and its evolving Internet presence are increasingly attracting the attention of iDefense analysts. Foremost among these is the rising interest in computer hacking and cyber warfare among terrorists, as evidenced by ongoing discussions into this subject on chat forums frequented by people with terrorist sympathies and hacking interests. This report contains a detailed survey of the Internet's largest and most prominent Arabic-language terrorist chat forum sites. It samples the content of each site's most active forum section in detail, provides a general survey of each site's other noteworthy forum sections, examines the links and affiliations of each site with various terrorist organizations and movements, and also takes a look at some of the influential and noteworthy members on each forum. Particular attention is also paid to specific hacker-oriented forum sections, the interests of their members and indications of any hacking and cyber terrorism discussions found elsewhere on the forums.
	2008.07.09: Cyber Fraud Trends 2008 Financial institutions worldwide face an ever-increasing number of malicious code and phishing attacks that adapt and mature constantly. Regulators and industry promote authentication as panacea while the crooks are developing and deploying highly specialized Trojans designed to target and circumvent multifactor authentication schemes. Hijacking transactions that a user has initiated and authorized is the newest of these targeted threats. This technique has been discussed theoretically for some time but has now left the malware labs and is actively being used in real world attacks. Technology and implementation are important factors for the effectiveness of multifactor authentication schemes and even strong technologies with correct implementations that thwart transaction-hijacking attempts have weaknesses that might constitute a surface for future attack scenarios.
	2008.06.04: BBB: A Threat Analysis of Targeted Spear-Phishing Attacks Since February 2007, organized groups of cyber criminals have launched more than 50 waves of highly targeted cyber fraud scams, impacting corporations and governments alike. These attacks use a social engineering technique, called "spear phishing" and sometimes "whaling," to trick a user into installing malicious code, which allows the attacker to collect valuable data from the compromised computer. Organizations of all types and sizes must immediately deal with the risks these attacks pose to internal staff and customers, each for their own reasons. Financial institutions face special risks from these attacks due to the specific and aggressive targeting of their customers and applications, while government and contracting organizations stand to leak vital strategic and national defense data. Because these fraudsters target specific corporate employees with high levels of access, and because they aggressively use the stolen information, these types of attacks are more dangerous than conventional Internet fraud schemes.