Tag: Security Intelligence

In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a…

Read more →

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as…

Read more →

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only…

Read more →

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The…

Read more →

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely…

Read more →

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations…

Read more →

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee…

Read more →

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts.…

Read more →

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface…

Read more →

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines…

Read more →

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How…

Read more →

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development…

Read more →

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing…

Read more →

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…

Read more →

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies…

Read more →

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four…

Read more →

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it’s hard to ignore the impact that global supply chains, rising labor costs,…

Read more →

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling…

Read more →

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate,…

Read more →

Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts. With reverse tabnabbing, on…

Read more →

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain…

Read more →

Smart devices are all around us: in our homes, in our pockets, at our desks and in our vehicles. They know when to wake us up in the morning, remind us of birthdays and doctor appointments and answer personal questions…

Read more →

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular…

Read more →

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then…

Read more →

The modern threat landscape presents serious challenges to businesses struggling to build their security programs.  While these businesses modernize IT and security programs, the attack surface is proliferating. Security leaders must realize that perimeter defenses no longer cope with the…

Read more →

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms…

Read more →

Supply chain risk is now recognized as a top challenge, with more than half of security breaches attributed to supply chain and third-party suppliers. This can be a costly vulnerability. The global average data breach cost was $4.35 million last…

Read more →

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered…

Read more →

Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs…

Read more →

Responding to a cyber incident requires teamwork across departments and disciplines. Technical incident responders must work to halt incoming attacks while the communications teams develop a public response. Clear communication is essential.  Communication strategies differ before and after a cyber…

Read more →

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space…

Read more →

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and…

Read more →

Modern-day cybersecurity isn’t just about preventing and responding to threats; it’s about setting up defenses that can detect and respond to suspicious activity before it can do any damage. But to adequately protect an organization’s systems, a team of cybersecurity…

Read more →

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread…

Read more →

Zero-day attacks are on the rise. Not only was 2021 a record-breaking year for the total number of zero-day attacks, but it also accounted for 40% of the zero-day breaches over the last decade. In part, this race to zero…

Read more →

I’ve always told my kids that everyone makes mistakes. What really matters is how you handle them and that you learn from what happened.  SolarWinds followed the same thinking in how it handled its 2020 breach. Not only did the…

Read more →

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing…

Read more →

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security…

Read more →

As part of our ongoing series highlighting various roles in the cybersecurity industry, this article shines the light on the incident response professional. While there are many misconceptions surrounding the role, let’s examine a few frequently asked questions. How In-Demand…

Read more →

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access…

Read more →

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers…

Read more →

During a recent get-together, my friend arrived late. She apologized, quickly explaining that she’d had trouble finding a charging station for her electric vehicle (EV). While she knew where the stations in her hometown were, she couldn’t easily find them…

Read more →

In August 2022, the threat intelligence and cybersecurity company Cyble found 8,000 virtual network computing (VNC) instances exposed online. Additionally, this research revealed that most of these ports are in the United States, China and Sweden — putting many critical…

Read more →

Some rare good news in the world of cyber crime trends: Certain crimes declined in 2022 after years of constant rises. Should we credit crypto? Some estimates say that cryptocurrencies have lost $2 trillion in value since November 2021. During…

Read more →

View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth,…

Read more →

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data…

Read more →

Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of…

Read more →

One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines.  These new guidelines will help set the course for…

Read more →

Reverse Tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. Here, the redirection happens through links  from the parent site to attacker’s…

Read more →

Cyberattacks can cause immense damage to an organization’s system and have only increased in frequency over recent years. SQL injection is an especially devastating example. This form of attack involves exploiting a website or application code through the use of…

Read more →

Attacks on service providers are mounting — and so are downstream victims. Earlier this year, some customers of the cloud service provider DigitalOcean received emails instructing them to reset their passwords. These users hadn’t actually forgotten their passwords — their…

Read more →

You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names? As a cybersecurity writer, I quickly add new strains to my vocabulary.…

Read more →

With the cost of data breaches at an all-time high, organizations are working to proactively identify areas of risk on the network. Using pentesters to conduct penetration (pen) testing is becoming more common. To protect themselves, businesses must know their…

Read more →

Working as a cybersecurity engineer for many years, and closely following the rapid evolution of the space ecosystem, I wholeheartedly believe that space systems today are targets of cyberattacks more than ever. The purpose of this article is to give…

Read more →

The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job. Today’s modern CISO must ensure they are always prepared for the…

Read more →

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform…

Read more →

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one…

Read more →

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.   Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways…

Read more →

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not…

Read more →

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT…

Read more →

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million.…

Read more →

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that…

Read more →

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.   Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways…

Read more →

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not…

Read more →

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT…

Read more →

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that…

Read more →

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin.  Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI…

Read more →

The recent proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become —…

Read more →

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived.  Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a “default deny”…

Read more →

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late. Security operations center (SOC) teams monitor and hunt…

Read more →

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks…

Read more →

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting…

Read more →

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of…

Read more →

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next?  As of this writing in January of 2023, there remains uncertainty around…

Read more →

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need…

Read more →

Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking.  Sounds like a typical Software-as-a-Service…

Read more →

On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then…

Read more →

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Read more →

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code…

Read more →

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these…

Read more →

Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker.  Social engineering typically involves tricking an authorized user into…

Read more →

Let’s say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your…

Read more →

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have…

Read more →

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses…

Read more →

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by…

Read more →

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application.  Password managers have one…

Read more →

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. …

Read more →

Cyberattacks represent a serious problem for small to medium-sized businesses (SMBs). Consider that in 2019, 43% of attackers went after small businesses, and in 2021, 60% of SMBs said they were victimized by a cyberattack. Even more worrisome? For small…

Read more →

Security information and event management (SIEM) frameworks are essential for enterprises to monitor, manage and mitigate the impact of evolving cyberattacks. As the number of threats and the financial impact of breaches increase, these frameworks are even more crucial. Consider…

Read more →

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we’re talking about misinformation and disinformation, you’ll be unsurprised to learn Twain…

Read more →

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many…

Read more →

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks…

Read more →

The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom. Initially a spear-phishing campaign, the RomCom attack has evolved to include…

Read more →

In November 2011, the FBI-led Operation Ghost Click raided malicious servers run by the Rove Digital cyber group. This was only after the group had leveraged the DNSChanger Trojan to infect over four million computers and generate over $14 million…

Read more →

When it comes to data protection laws, the United States has long lagged behind Europe, whose  General Data Protection Regulation (GDPR) came into effect in 2018 as the gold standard in data protection.  Also, in 2018, California passed the California…

Read more →

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident…

Read more →

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that…

Read more →

In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate. In 2021, U.S. financial institutions lost nearly $1.2…

Read more →

The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling. If successful, the labeling system will replace existing frameworks across the globe. Modeled after the EPA’s…

Read more →

Working in cyber incident response can certainly make life interesting. Experiences typically run the gamut from exciting, dull, fun, repetitive and challenging. IBM Security commissioned a study from Morning Consult that surveyed over 1,100 cybersecurity incident responders across ten countries.…

Read more →