Threat Research – Page 6 – WindowsTechs.com

IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine

Posted on February 24, 2022 by Christopher Del Fierro

This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM Security […]

The post IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine appeared first on Security Intelligence.

Continue reading IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine→

Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022

Posted on February 23, 2022 by John Zorabedian

For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This was among the top findings of IBM Security’s latest research published in the tenth annual X-Force Threat Intelligence Index, a comprehensive overview of the global […]

The post Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022 appeared first on Security Intelligence.

Continue reading Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022→

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Posted on February 2, 2022 by Kevin Henson

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]

The post TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware appeared first on Security Intelligence.

Continue reading TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware→

The Best Threat Hunters Are Human

Posted on January 13, 2022 by Abby Ross

“You won’t know you have a problem unless you go and look.” Neil Wyler, who is known as ‘Grifter’ in the hacker community, made that statement as a precursor to an unforgettable story. An organization hired Grifter to perform active threat hunting. In a nutshell, active threat hunting entails looking for an attacker inside an […]

The post The Best Threat Hunters Are Human appeared first on Security Intelligence.

Continue reading The Best Threat Hunters Are Human→

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

Posted on December 18, 2021 by Dereck Stubbs

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered. The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

Continue reading Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them→

Zero Trust and DNS Security: Better Together

Posted on December 16, 2021 by Chenta Lee

How many times have you heard the popular information security joke: “It’s always DNS”? It means that every time there’s a problem you can’t figure out, you will dig until you reach the conclusion that it’s always DNS. But DNS is also where a lot of issues can be caught early, and it should be […]

The post Zero Trust and DNS Security: Better Together appeared first on Security Intelligence.

Continue reading Zero Trust and DNS Security: Better Together→

Nation State Threat Group Targets Airline with Aclip Backdoor

Posted on December 15, 2021 by Melissa Frydrych

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […]

The post Nation State Threat Group Targets Airline with Aclip Backdoor appeared first on Security Intelligence.

Continue reading Nation State Threat Group Targets Airline with Aclip Backdoor→

How Log4j Vulnerability Could Impact You

Posted on December 11, 2021 by Nick Rossmann

If you hadn’t heard of Apache Log4j, chances are it’s on your radar now. In fact, you may have been using it for years. Log4j is a logging library. Imagine writing your daily activities into a notebook. That notebook is Log4j. Developers and programmers use it to take notes about what’s happening on applications and […]

The post How Log4j Vulnerability Could Impact You appeared first on Security Intelligence.

Continue reading How Log4j Vulnerability Could Impact You→

Understanding the Adversary: How Ransomware Attacks Happen

Posted on November 30, 2021 by John Dwyer

IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors […]

The post Understanding the Adversary: How Ransomware Attacks Happen appeared first on Security Intelligence.

Continue reading Understanding the Adversary: How Ransomware Attacks Happen→

BrazKing Android Malware Upgraded and Targeting Brazilian Banks

Posted on November 17, 2021 by Shahar Tavor

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banking Trojan from the overlay […]

The post BrazKing Android Malware Upgraded and Targeting Brazilian Banks appeared first on Security Intelligence.

Continue reading BrazKing Android Malware Upgraded and Targeting Brazilian Banks→