Last year, many organizations stopped talking about when the workforce would be back full-time in the office. Instead, they focused on how we build a hybrid work model for the future. 2021 was active and interesting – for lack of a better word. There’s a lot to say in terms of cyber crime in general […]

The post Expert Insights: What’s Next for Ransomware? appeared first on Security Intelligence.

https://securityintelligence.com/articles/expert-what-next-ransomware/

IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware. The Trickbot Group, which X-Force tracks as ITG23, is a cybercriminal gang known primarily for developing the Trickbot banking Trojan, which was first identified in 2016 and initially […]

The post Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail appeared first on Security Intelligence.

https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/

This post was written with contributions from IBM Security X-Force’s Christopher Del Fierro, Claire Zaboeva and Richard Emerson. On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM […]

The post IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine appeared first on Security Intelligence.

https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/

For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This was among the top findings of IBM Security’s latest research published in the tenth annual X-Force Threat Intelligence Index, a comprehensive overview of the global […]

The post Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022 appeared first on Security Intelligence.

https://securityintelligence.com/posts/2022-x-force-threat-intelligence-index-ransomware-resilience-tops-findings/

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]

The post TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware appeared first on Security Intelligence.

https://securityintelligence.com/posts/trickbot-gang-template-based-metaprogramming-bazar-malware/

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The […]

The post Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data appeared first on Security Intelligence.

https://securityintelligence.com/posts/ramnit-banking-trojan-stealing-card-data/

This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through […]

The post TrickBot Bolsters Layered Defenses to Prevent Injection Research appeared first on Security Intelligence.

https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/

“You won’t know you have a problem unless you go and look.” Neil Wyler, who is known as ‘Grifter’ in the hacker community, made that statement as a precursor to an unforgettable story. An organization hired Grifter to perform active threat hunting. In a nutshell, active threat hunting entails looking for an attacker inside an […]

The post The Best Threat Hunters Are Human appeared first on Security Intelligence.

https://securityintelligence.com/posts/best-threat-hunters-human/

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered. The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

https://securityintelligence.com/posts/log4shell-vulnerability-security-risks-ot-environments/

How many times have you heard the popular information security joke: “It’s always DNS”? It means that every time there’s a problem you can’t figure out, you will dig until you reach the conclusion that it’s always DNS. But DNS is also where a lot of issues can be caught early, and it should be […]

The post Zero Trust and DNS Security: Better Together appeared first on Security Intelligence.

https://securityintelligence.com/posts/zero-trust-dns-security/

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […]

The post Nation State Threat Group Targets Airline with Aclip Backdoor appeared first on Security Intelligence.

https://securityintelligence.com/posts/nation-state-threat-group-targets-airline-aclip-backdoor/

IBM Security is following a recent disclosure regarding an Apache vulnerability in the Log4j Java library dubbed Log4Shell (or LogJam). X-Force Exchange has further details on the exploit. Millions of applications use the Java-based Log4j library to log activity, including several prominent web services. Apache has issued a patch with an update to the latest […]

The post Update on Apache Log4j Zero-Day Vulnerability appeared first on Security Intelligence.

https://securityintelligence.com/posts/apache-log4j-zero-day-vulnerability-update/

Today’s reality means that organizations need to be constantly vigilant against security breaches. Having a robust incident response plan in place is vital. IBM Security X-Force is a team dedicated to delivering the latest threat intelligence, research and analysis reports that help you manage risk in your organization. This monthly malware roundup offers a summary […]

The post X-Force Threat Intelligence: Monthly Malware Roundup appeared first on Security Intelligence.

https://securityintelligence.com/posts/x-force-threat-intelligence-monthly-malware-roundup/

IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors […]

The post Understanding the Adversary: How Ransomware Attacks Happen appeared first on Security Intelligence.

https://securityintelligence.com/posts/how-ransomware-attacks-happen/

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banking Trojan from the overlay […]

The post BrazKing Android Malware Upgraded and Targeting Brazilian Banks appeared first on Security Intelligence.

https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/

In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order […]

The post Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform appeared first on Security Intelligence.

https://securityintelligence.com/posts/zero-day-discovered-enterprise-help-desk/

Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the security industry are talking about it, and many have experienced the ransomware pain firsthand. The […]

The post A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers appeared first on Security Intelligence.

https://securityintelligence.com/posts/new-cybersecurity-executive-order-critical-infrastructure-suppliers/

According to the 2021 X-Force Threat Intelligence Index, scanning for and exploiting vulnerabilities was the top infection vector of 2020. Up to one in three data breaches stemmed from unpatched software vulnerabilities. Take a look at this list of vulnerabilities or design flaws with no official Microsoft fix. In any case, one in three might […]

The post How to Deal With Unpatched Software Vulnerabilities Right Now appeared first on Security Intelligence.

https://securityintelligence.com/articles/how-to-deal-with-unpatched-software-vulnerabilities-2/

IBM Security X-Force researchers have recently reverse-engineered Prometheus ransomware samples as part of ongoing incident response operations. X-Force has found that samples that infected organizational networks featured flawed encryption. This allowed our team to develop a fast-acting decryptor and help customers recover from the attack without a decryption key. While rare, ransomware developers can make […]

The post From Thanos to Prometheus: When Ransomware Encryption Goes Wrong appeared first on Security Intelligence.

https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/

Contributed to this research: Adam Laurie and Sameer Koranne. Given the accelerating rise in operational technology (OT) threats, this blog will address some of the most common threats IBM Security X-Force is observing against organizations with OT networks, including ransomware and vulnerability exploitation. IBM will also highlight several measures that can enhance security for OT […]

The post The Weaponization of Operational Technology appeared first on Security Intelligence.

https://securityintelligence.com/posts/weaponization-operational-technology/