Category: Security Intelligence

The debates have (mostly) stopped about whether remote work is here to stay. For many people, it’s just the way we work today. However, even three years later, cybersecurity around remote work is still a top concern. Both companies and…

Read more →

My entire career has been driven by automation. I learned early on that automating repetitive tasks using simple scripts allowed me more time to focus on exciting challenges. If I did anything more than twice, I would ask myself if…

Read more →

For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods…

Read more →

This blog was made possible through contributions from Christopher Caridi.  IBM Security X-Force recently discovered a new malware family we have called “Domino,” which we assess was created by developers associated with the cybercriminal group that X-Force tracks as ITG14,…

Read more →

Information-stealing malware has become extremely pervasive in recent years. This malware harvests millions of credentials annually from endpoint devices and enterprises across the globe to devastating effects.  Using highly automated and orchestrated attack methods, threat actors and initial access brokers…

Read more →

In 2022, 10.7% of observed cyberattacks targeted the energy industry, according to the X-Force Threat Intelligence Index 2023. This puts energy in fourth place overall — the same as the year prior and behind manufacturing, finance and insurance and professional…

Read more →

Blockchain has transformed many industries, from healthcare to real estate to banking. But despite the “unhackable” hype, flaws in Blockchain technology undeniably weaken its goals of bringing greater security, transparency and privacy to the world. Between January and November 2022,…

Read more →

With the threat of cyberattacks on the rise worldwide, hardening your organization’s network perimeter has never been more critical. Many organizations have begun to focus more on actively securing and monitoring their externally facing assets to fend off cyberattacks from…

Read more →

In the evolution of cybersecurity, the threat landscape is ever-changing while the line of defense is ever-shrinking. Security professionals started with securing the perimeters, but now we need to assume a breach in a zero-trust environment. However, providing intelligence to…

Read more →

When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has…

Read more →

In every industry, visionaries drive progress and innovation. Some call these pioneers “crazy”. The same rule applies to the world of cyber gangs. Most threat groups try to maintain a low profile. They don’t seem to trust anyone and want…

Read more →

Organizations face many challenges regarding cybersecurity, including keeping up with the ever-evolving threat landscape and complying with regulatory requirements. In addition, the cybersecurity skill shortage makes it more difficult for organizations to adequately staff their risk and compliance functions. According…

Read more →

Organizations face many challenges regarding cybersecurity, including keeping up with the ever-evolving threat landscape and complying with regulatory requirements. In addition, the cybersecurity skill shortage makes it more difficult for organizations to adequately staff their risk and compliance functions. According…

Read more →

The hacker group Lapsus$ (sometimes referred to as LAPSUS$ or simply Lapsus) is a relatively newer organization in the cyber arena. The group began to garner public attention in December 2021 after some successful attacks on major corporations, where even…

Read more →

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard,…

Read more →

On February 14, 2023, a Russian national and owner of Moscow cybersecurity firm M-13 was found guilty of wire fraud, securities fraud and conspiracy to obtain unauthorized access to computers. Vladislav Klyushin was charged along with four other men —…

Read more →

The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Read more →

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored…

Read more →

In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a…

Read more →

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as…

Read more →

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only…

Read more →

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The…

Read more →

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely…

Read more →

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations…

Read more →

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee…

Read more →

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts.…

Read more →

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface…

Read more →

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines…

Read more →

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How…

Read more →

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development…

Read more →

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing…

Read more →

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…

Read more →

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies…

Read more →

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four…

Read more →

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it’s hard to ignore the impact that global supply chains, rising labor costs,…

Read more →

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling…

Read more →

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate,…

Read more →

Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts. With reverse tabnabbing, on…

Read more →

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain…

Read more →

Smart devices are all around us: in our homes, in our pockets, at our desks and in our vehicles. They know when to wake us up in the morning, remind us of birthdays and doctor appointments and answer personal questions…

Read more →

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular…

Read more →

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then…

Read more →

The modern threat landscape presents serious challenges to businesses struggling to build their security programs.  While these businesses modernize IT and security programs, the attack surface is proliferating. Security leaders must realize that perimeter defenses no longer cope with the…

Read more →

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms…

Read more →

Supply chain risk is now recognized as a top challenge, with more than half of security breaches attributed to supply chain and third-party suppliers. This can be a costly vulnerability. The global average data breach cost was $4.35 million last…

Read more →

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered…

Read more →

Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs…

Read more →

Responding to a cyber incident requires teamwork across departments and disciplines. Technical incident responders must work to halt incoming attacks while the communications teams develop a public response. Clear communication is essential.  Communication strategies differ before and after a cyber…

Read more →

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space…

Read more →

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and…

Read more →

Modern-day cybersecurity isn’t just about preventing and responding to threats; it’s about setting up defenses that can detect and respond to suspicious activity before it can do any damage. But to adequately protect an organization’s systems, a team of cybersecurity…

Read more →

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread…

Read more →

Zero-day attacks are on the rise. Not only was 2021 a record-breaking year for the total number of zero-day attacks, but it also accounted for 40% of the zero-day breaches over the last decade. In part, this race to zero…

Read more →

I’ve always told my kids that everyone makes mistakes. What really matters is how you handle them and that you learn from what happened.  SolarWinds followed the same thinking in how it handled its 2020 breach. Not only did the…

Read more →

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing…

Read more →

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security…

Read more →

As part of our ongoing series highlighting various roles in the cybersecurity industry, this article shines the light on the incident response professional. While there are many misconceptions surrounding the role, let’s examine a few frequently asked questions. How In-Demand…

Read more →

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access…

Read more →

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers…

Read more →

During a recent get-together, my friend arrived late. She apologized, quickly explaining that she’d had trouble finding a charging station for her electric vehicle (EV). While she knew where the stations in her hometown were, she couldn’t easily find them…

Read more →

In August 2022, the threat intelligence and cybersecurity company Cyble found 8,000 virtual network computing (VNC) instances exposed online. Additionally, this research revealed that most of these ports are in the United States, China and Sweden — putting many critical…

Read more →

Some rare good news in the world of cyber crime trends: Certain crimes declined in 2022 after years of constant rises. Should we credit crypto? Some estimates say that cryptocurrencies have lost $2 trillion in value since November 2021. During…

Read more →

View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth,…

Read more →

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data…

Read more →

Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of…

Read more →

One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines.  These new guidelines will help set the course for…

Read more →

Reverse Tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. Here, the redirection happens through links  from the parent site to attacker’s…

Read more →

Cyberattacks can cause immense damage to an organization’s system and have only increased in frequency over recent years. SQL injection is an especially devastating example. This form of attack involves exploiting a website or application code through the use of…

Read more →

Attacks on service providers are mounting — and so are downstream victims. Earlier this year, some customers of the cloud service provider DigitalOcean received emails instructing them to reset their passwords. These users hadn’t actually forgotten their passwords — their…

Read more →

You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names? As a cybersecurity writer, I quickly add new strains to my vocabulary.…

Read more →

With the cost of data breaches at an all-time high, organizations are working to proactively identify areas of risk on the network. Using pentesters to conduct penetration (pen) testing is becoming more common. To protect themselves, businesses must know their…

Read more →

Working as a cybersecurity engineer for many years, and closely following the rapid evolution of the space ecosystem, I wholeheartedly believe that space systems today are targets of cyberattacks more than ever. The purpose of this article is to give…

Read more →

The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job. Today’s modern CISO must ensure they are always prepared for the…

Read more →

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform…

Read more →

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one…

Read more →

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.   Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways…

Read more →

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not…

Read more →

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT…

Read more →

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million.…

Read more →

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that…

Read more →

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.   Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways…

Read more →

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not…

Read more →

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT…

Read more →

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that…

Read more →

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin.  Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI…

Read more →

The recent proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become —…

Read more →

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived.  Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a “default deny”…

Read more →

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late. Security operations center (SOC) teams monitor and hunt…

Read more →

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks…

Read more →

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting…

Read more →

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of…

Read more →

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next?  As of this writing in January of 2023, there remains uncertainty around…

Read more →

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need…

Read more →

Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking.  Sounds like a typical Software-as-a-Service…

Read more →

On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then…

Read more →

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Read more →

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code…

Read more →

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these…

Read more →

Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker.  Social engineering typically involves tricking an authorized user into…

Read more →

Let’s say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your…

Read more →