Endpoint Detection and Response: How To Choose the Right EDR Solution A rise in remote work trends has led to a rapid increase and interconnectivity of endpoints and data in recent years. This ‘next normal’ way of working comes with its own set of security challenges – from the rise in sophisticated and automated attacks […]

The post What Is Endpoint Detection and Response? appeared first on Security Intelligence.

https://securityintelligence.com/posts/what-is-endpoint-detection-response/

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the Trickbot group, tracked by X-Force as ITG23 and […]

The post Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine appeared first on Security Intelligence.

https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/

Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity? What does their email signature look like? What’s the color and size of the charity’s logo?    This kind of information is priceless to attackers. From there, attackers can craft […]

The post Why Phishing Is Still the Top Attack Method appeared first on Security Intelligence.

https://securityintelligence.com/posts/why-phishing-still-top-attack-method/

The majority of C-suite executives are confident in their organization’s protection against ransomware attacks. At least, that’s what a recent research report from ISC2 shows. In fact, just 15% express a lack of confidence. Does this confidence take into account the nearly 53% rise in double extortion ransomware attacks between January and February? Are the […]

The post The C-Suite Is Optimistic About Ransomware. Are They Right? appeared first on Security Intelligence.

https://securityintelligence.com/articles/c-suite-optimistic-about-ransomware/

Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity? What does their email signature look like? What’s the color and size of the charity’s logo?    This kind of information is priceless to attackers. From there, attackers can craft […]

The post Why Phishing Is Still the Top Attack Method appeared first on Security Intelligence.

https://securityintelligence.com/posts/why-phishing-still-top-attack-method/

The metaverse, artificial intelligence (AI) run amok, the singularity … many far-out situations have become a dinner-table conversation. Will AI take over the world? Will you one day have a computer chip in your brain? These science fiction ideas may never come to fruition, but some do point to existing security risks. While nobody can […]

The post Real Security Concerns Are Scarier Than Doomsday Predictions appeared first on Security Intelligence.

https://securityintelligence.com/articles/metaverse-nft-doomsday-predictions-ai-cybersecurity/

What’s the best way to stop ransomware? Make it riskier and less lucrative for cyber criminals. Nearly all intruders prefer to collect a ransom in cryptocurrency. But it’s a double-edged sword since even crypto leaves a money trail. Recovering ransomware payouts could lead to a sharp decline in exploits. Ransomware is still today’s top attack […]

The post Recovering Ransom Payments: Is This the End of Ransomware? appeared first on Security Intelligence.

https://securityintelligence.com/articles/recovering-ransomware-payment/

This research was made possible through the data collection efforts of Maleesha Perera, Joffrin Alexander, and Alana Quinones Garcia. Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021:  2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware […]

The post Countdown to Ransomware: Analysis of Ransomware Attack Timelines appeared first on Security Intelligence.

https://securityintelligence.com/posts/analysis-of-ransomware/

This post was written with contributions from Chris Caridi and Kat Weinberger. IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers […]

The post Black Basta Besting Your Network? appeared first on Security Intelligence.

https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network/

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.  This year, a new industry took the infamous top spot: […]

The post Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report appeared first on Security Intelligence.

https://securityintelligence.com/articles/lessons-learned-top-cyberattacks-x-force/

IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new insight into the connections and cooperation […]

The post ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups appeared first on Security Intelligence.

https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence […]

The post New DOJ Team Focuses on Ransomware and Cryptocurrency Crime appeared first on Security Intelligence.

https://securityintelligence.com/articles/doj-ransomware-crypto/

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […]

The post X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 appeared first on Security Intelligence.

https://securityintelligence.com/posts/x-force-top-10-cybersecurity-vulnerabilities-2021/

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […]

The post X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 appeared first on Security Intelligence.

https://securityintelligence.com/posts/x-force-top-10-cybersecurity-vulnerabilities-2021/

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]

The post Hive0117 Continues Fileless Malware Delivery in Eastern Europe appeared first on Security Intelligence.

https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/

This post was written with contributions from IBM Security’s Sameer Koranne and Elias Andre Carabaguiaz Gonzalez. Operational technology (OT) — the networks that control industrial control system processes — face a more complex challenge than their IT counterparts when it comes to updating operating systems and software to avoid known vulnerabilities. In some cases, implementation […]

The post Where Everything Old is New Again: Operational Technology and Ghost of Malware Past appeared first on Security Intelligence.

https://securityintelligence.com/posts/operational-technology-ghost-malware-past/

One of my favorite parts about talking to cybersecurity professionals is asking how they landed in the industry. Few tell me about a straight path to their career, like attending college or earning a certification. Most launch into an interesting tale of their non-traditional career paths. When I share these stories, I’m often asked how […]

The post Top 5 Cybersecurity Podcasts to Follow in 2022 appeared first on Security Intelligence.

https://securityintelligence.com/articles/top-5-cybersecurity-podcasts-2022/

On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […]

The post CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations appeared first on Security Intelligence.

https://securityintelligence.com/posts/caddywiper-malware-targeting-ukrainian-organizations/

Cybersecurity is an ongoing battle, and the latest figures from penetration testers prove that the fight is far from over. According to Positive Technologies, 93% of all networks are open to breaches due to common vulnerabilities. However, there are proactive steps business owners can take to stay on the right side of that ratio. Take […]

The post 93% of Organizations Have Network Vulnerabilities: Here’s How to Beat the Odds appeared first on Security Intelligence.

https://securityintelligence.com/articles/93-of-organizations-have-network-vulnerabilities-heres-how-to-beat-the-odds/

On February 24, 2022, ESET reported another destructive wiper detected at a Ukrainian government organization dubbed as IsaacWiper. This is the third sample of malware IBM Security X-Force has analyzed which has been reportedly targeting systems belonging to Ukrainian organizations.  IBM Security X-Force obtained a sample of the IsaacWiper ransomware and has provided the following […]

The post New Wiper Malware Used Against Ukranian Organizations appeared first on Security Intelligence.

https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/