Research

Details of the different regional underground scenes we visited in 2015. Find out why we say the cybercriminal underground is not a huge global conglomerate, but rather a wide-ranging cluster of specialized “branches” that cater to specific needs.

Trend Micro's latest visit to the Brazilian cybercriminal underground reveals its latest trends and available services, from online banking malware to tutorial classes for new cybercriminals.

While considered new and relatively smaller than its foreign counterparts, the German underground is a fully developed, well-managed haven that gives cybercriminals just about everything they need to start their own cybercrime business

A look into the North American underground reveals a more "open" community that encourages cybercriminal activity with easily accessible sites and convenient marketplaces.

This research paper provides a closer look into China’s bustling cybercriminal underground—including new market offerings like leaked data search engines and carding devices.

This research paper offers a glimpse into Japan's unique cybercriminal underground—it's economy, the cybercriminals' activities, and a marketplace characterized by the taboo, the illegal, and the vindictive.

A decade's worth of breaches has led to this. Forward-looking threat researcher Numaan Huq analyzes what has happened to the stolen data affecting major US industries. We map out the probabilities; see where the information goes and how much it's sold.

Details from the TorrentLocker infections seen in the first half of 2015, including common evasion techniques and solutions that can be used to defend against the threat.

This latest paper details the latest activities of Rocket Kitten, a threat actor group involved in Operation Woolen-Goldfish last March, and how they've been found to be attacking multiple targets in the Middle East.