Tag: Security Intelligence

Job recruitment scams have grown into a huge problem. The BBB reports that in the U.S. and Canada alone, an estimated 14 million people are exposed to job scams every year, with $2 billion in direct losses annually. These attacks…

Read more →

Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as…

Read more →

Fraudsters are constantly finding new ways to exploit vulnerabilities in the banking system, and one of the latest tactics involves stealing credit card information via mobile banking apps. This type of attack has been seen in different variations in Spain…

Read more →

Businesses of all sizes increasingly rely on cloud computing to power their operations. This shift has brought with it a new set of security challenges. To protect their workloads in the cloud, many of these businesses are deploying a critical…

Read more →

Software depends on layers of code, and much of that code comes from open-source libraries. According to an Octoverse 2022 report, open-source code is used in 97% of applications. Not only do developers embrace open source, but so do nine…

Read more →

In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your…

Read more →

By attracting attention from threat actors, merger and acquisition (M&A) events are a significant source of cyber crime risk. So much so that, according to a 2020 IBM Institute of Business Value study, more than one in three executives said…

Read more →

The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend upon open-source components and libraries. These can be sourced from external vendors like Docker images…

Read more →

Ransomware attacks are on the rise in both volume and sophistication. Triple extortion (a ransomware attack on one business leading to extortion threats on its business partners) is raising the cost of attacks. Ransomware-as-a-Service puts the means to attack in…

Read more →

Despite Conti shutdown, operators remain active and collaborative in new factions In IBM Security X-Force, we have been following the crypters used by the Trickbot/Conti syndicate, who we refer to as ITG23, since 2021 and demonstrated the intelligence that can…

Read more →

How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack…

Read more →

In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress…

Read more →

Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the…

Read more →

The current fast-paced business environment demands quick delivery of new products and services, often at the expense of security. To address this, DevSecOps has emerged as a security-focused approach to software development that reconciles the trade-off between speed and security.…

Read more →

Each year, we continue our everlasting hope that ransomware attacks will disappear. The unfortunate reality is that ransomware is as prominent as ever. Experts predict that ransomware attacks will only become more frequent and sophisticated, posing an even greater threat…

Read more →

The more data in one place, the more data it attracts. This “data gravity” is a familiar function for enterprises, even if the term isn’t. As the number of applications hosted on local servers increases, so too does the amount…

Read more →

The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often…

Read more →

Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were…

Read more →

The average cost of cybersecurity systems, solutions and staff is increasing. As noted by research firm Gartner, companies will spend 11% more in 2023 than they did in 2022 to effectively handle security and risk management. This puts companies in…

Read more →

CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million…

Read more →

ChatGPT reached 100 million users in January 2023, only two months after its release. That’s a record-breaking pace for an app. Numbers at that scale indicate that generative AI — AI that creates new content as text, images, audio and…

Read more →

In the digital economy, data is like oxygen — giving life to innovation. And just as important, data security establishes the trust needed for that data to deliver value. In fact, organizations with the most advanced security capabilities delivered 43%…

Read more →

In the past, developers created the software, and security teams made it secure. But now, agile organizations are baking security into software from the very start. DevSecOps (development, security and operations) is a framework designed to automate security integration during…

Read more →

To understand why you need cybersecurity awareness training, you must first understand employees’ outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022…

Read more →

Doom and gloom. Fear, uncertainty and doubt. The “stick” versus the “carrot”. What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated…

Read more →

In today’s digital age, information is being transmitted across various platforms and networks, passed from user to user and device to device. Organizations rely on collecting and storing sensitive and personal information to perform business-critical operations, such as collecting credit…

Read more →

Sensitive Data FOMO: Why You Can’t Afford to Miss Out on Protecting Your Data   Everyone knows that horrible feeling of scrolling through social media when all of a sudden a photo pops up of all of your friends hanging…

Read more →

For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable…

Read more →

In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has…

Read more →

On March 27, 2023, reports surfaced that 50 U.S. government employees had been targeted by phone spyware overseas. On the day of that report, President Joe Biden signed an executive order to restrict federal agencies’ use of commercial spyware. The…

Read more →

Security would be easy without users.  That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity.  In addition to…

Read more →

Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey…

Read more →

No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach…

Read more →

It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase…

Read more →

Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote…

Read more →

Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information…

Read more →

  This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, and Diego Matos Martins. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023…

Read more →

Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code.  The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code…

Read more →

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are…

Read more →

White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping…

Read more →

More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating.  Credit rating agencies continuously strive to gain a better understanding of the risks that companies face.…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators.  As the industry increasingly moves towards cloud and hybrid computing environments,…

Read more →

The World Economic Forum recently published a list of trends that are likely to shape the future of cybersecurity by 2030. The article names “progress in cybersecurity, but access must be widened” as a top trend. If these two goals seem…

Read more →

With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.” That…

Read more →

For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a cyberattack.…

Read more →

Many, if not the majority of, big decisions at organizations come from the boardroom. Typically, the board of directors focuses on driving the direction of the company. Because most boards approve yearly budgets, they have significant oversight of resources and…

Read more →

The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the…

Read more →

A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching a…

Read more →

KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s…

Read more →

While examining the state of ransomware in 2023, the statistics show promise — at least on the surface. According to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in 2022.”…

Read more →

Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer.  A CISO is a senior executive in charge of an organization’s…

Read more →

The threat landscape is expanding, and regulatory requirements are multiplying. For the enterprise, the challenges just to keep up are only mounting. In addition, there’s the cybersecurity skills gap. According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity…

Read more →

Without the U.S. energy grid, life as we know it simply grinds to a halt. Businesses can’t serve customers. Homes don’t have power. Traffic lights no longer work. We depend on the grid operating reliably each and every day for…

Read more →

As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with…

Read more →

In the high-stakes world of cybersecurity, offensive security experts play a pivotal role in identifying and mitigating potential threats. These professionals, sometimes referred to as “ethical hackers”, use their skills to probe networks and systems in search of vulnerabilities, ultimately…

Read more →

Unexpected end tag : p The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence…

Read more →

You depend on your home network for binge-watching your favorite shows and ordering the perfect pair of shoes. When it’s time to pay bills or manage your retirement accounts, you likely head online as well. Not to mention that home…

Read more →

Emphatically, no, it isn’t. But now that we have your attention, is that even the right question? Probably not. Your security can never truly be “too good”; conversely, neither can it be “too poor,” though it is possible to have…

Read more →

The Biden Administration recently introduced a new national cybersecurity strategy, expected to aggressively address an increasingly complex and dangerous threat landscape. Improving cybersecurity may not be the top priority for the Biden Administration, but it is an issue that the…

Read more →

Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or…

Read more →

Robot vacuum cleaner products are by far the largest category of consumer robots. They roll around on floors, hoovering up dust and dirt so we don’t have to, all while avoiding obstacles.  The industry leader, iRobot, has been cleaning up…

Read more →

The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the…

Read more →

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not…

Read more →

Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only…

Read more →

As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost…

Read more →

When ChatGPT and similar chatbots first became widely available, the concern in the cybersecurity world was how AI technology could be used to launch cyberattacks. In fact, it didn’t take very long until threat actors figured out how to bypass…

Read more →

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable…

Read more →

As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way…

Read more →

The role of a Security Operations Center (SOC) analyst is crucial in maintaining an organization’s security posture. A SOC analyst wears many hats but typically acts as a watchdog looking out for attacks in progress while also finding ways to…

Read more →

How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes…

Read more →

The Internet of Things (IoT) has been around since 1990 — ever since John Romkey created a toaster that could be switched on over the internet. Today, 66% of North American homes have at least one IoT device, such as…

Read more →

When Covid hit, companies had to accelerate their digital transformation process out of necessity. But now, almost three years after the initial shutdown, most organizations have embraced digital to the point where they are now maintaining new technologies rather than…

Read more →

Cyberattacks don’t happen in a vacuum. While your organization may be specifically targeted by cybercriminals, the style of attack they are using isn’t unique to you. It’s one they will use over and over, especially if it is successful, and…

Read more →

Data breaches are a risk that every business has to prepare for. To mitigate potential risks like the loss of sensitive information, financial impact and reputational damage, organizations need to take a proactive approach to protect their data and comply…

Read more →

When cyber insurance first became available in the 1990s, there wasn’t much need for it — or at least, so people thought. The internet as we know it today was still in its infancy, and most organizations didn’t see the…

Read more →

Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint…

Read more →

The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service…

Read more →

What happens when you think you have something valuable locked away in a safe place for an emergency, only to find out it is not available when you need it? Apart from expected disappointment, panic may set in. Now, think…

Read more →

The old days of “honest” ransomware gangs are long gone. In the past, ransomware groups pressured each other to honor file decryption promises after the ransom was paid. However, their motives were far from altruistic. They thought victims would be…

Read more →

The Masters is known for its many timeless traditions. The azaleas of Amen Corner. The Green Jacket. The pimento cheese sandwiches. But there’s also a modern twist with the way the Masters uses data as the foundation of its digital…

Read more →

As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable…

Read more →

The traditional approach to security has been to get the product to market fast and worry about security later. Unfortunately, that approach has never really worked. It puts too much of the cybersecurity responsibilities on the customer and leaves many…

Read more →

The debates have (mostly) stopped about whether remote work is here to stay. For many people, it’s just the way we work today. However, even three years later, cybersecurity around remote work is still a top concern. Both companies and…

Read more →

My entire career has been driven by automation. I learned early on that automating repetitive tasks using simple scripts allowed me more time to focus on exciting challenges. If I did anything more than twice, I would ask myself if…

Read more →

For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods…

Read more →

This blog was made possible through contributions from Christopher Caridi.  IBM Security X-Force recently discovered a new malware family we have called “Domino,” which we assess was created by developers associated with the cybercriminal group that X-Force tracks as ITG14,…

Read more →

Information-stealing malware has become extremely pervasive in recent years. This malware harvests millions of credentials annually from endpoint devices and enterprises across the globe to devastating effects.  Using highly automated and orchestrated attack methods, threat actors and initial access brokers…

Read more →

In 2022, 10.7% of observed cyberattacks targeted the energy industry, according to the X-Force Threat Intelligence Index 2023. This puts energy in fourth place overall — the same as the year prior and behind manufacturing, finance and insurance and professional…

Read more →

Blockchain has transformed many industries, from healthcare to real estate to banking. But despite the “unhackable” hype, flaws in Blockchain technology undeniably weaken its goals of bringing greater security, transparency and privacy to the world. Between January and November 2022,…

Read more →

With the threat of cyberattacks on the rise worldwide, hardening your organization’s network perimeter has never been more critical. Many organizations have begun to focus more on actively securing and monitoring their externally facing assets to fend off cyberattacks from…

Read more →

In the evolution of cybersecurity, the threat landscape is ever-changing while the line of defense is ever-shrinking. Security professionals started with securing the perimeters, but now we need to assume a breach in a zero-trust environment. However, providing intelligence to…

Read more →

When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has…

Read more →

In every industry, visionaries drive progress and innovation. Some call these pioneers “crazy”. The same rule applies to the world of cyber gangs. Most threat groups try to maintain a low profile. They don’t seem to trust anyone and want…

Read more →

Organizations face many challenges regarding cybersecurity, including keeping up with the ever-evolving threat landscape and complying with regulatory requirements. In addition, the cybersecurity skill shortage makes it more difficult for organizations to adequately staff their risk and compliance functions. According…

Read more →

Organizations face many challenges regarding cybersecurity, including keeping up with the ever-evolving threat landscape and complying with regulatory requirements. In addition, the cybersecurity skill shortage makes it more difficult for organizations to adequately staff their risk and compliance functions. According…

Read more →

The hacker group Lapsus$ (sometimes referred to as LAPSUS$ or simply Lapsus) is a relatively newer organization in the cyber arena. The group began to garner public attention in December 2021 after some successful attacks on major corporations, where even…

Read more →

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard,…

Read more →

On February 14, 2023, a Russian national and owner of Moscow cybersecurity firm M-13 was found guilty of wire fraud, securities fraud and conspiracy to obtain unauthorized access to computers. Vladislav Klyushin was charged along with four other men —…

Read more →

The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Read more →

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored…

Read more →