Several compromises at our high-interaction honeypot, in which we could for example study credit card trading
Lots of malware binaries were collected (> 600.000 unique binaries in our database at cwsandbox.org). We thus developed some tools for automated malware classification ("Learning and Classification of Malware Behavior") and are currently working on automated malware clustering.
More data analysis tools are needed. Analyzing incidents at high-interaction honeypots still takes lots of time, more automation would be nice. Furthermore, applying data mining techniques on the huge volume of data generated by automated malware analysis would be helpful to extract high-level information.