Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […]

The post Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds appeared first on Security Intelligence.

Continue reading Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy

Why is one of cyber crime’s oldest threats still going strong? The Anti-Phishing Working Group (APWG) reports that January 2021 marked an unprecedented high in the APWG’s records, with over 245,771 phishing attacks in one month. IBM X-Force’s 2021 Threat Intelligence Index found that phishing led to 33% of cyber attacks organizations had to deal […]

The post Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy appeared first on Security Intelligence.

Continue reading Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy

Know the Four Pillars of Cloud Security That Reduce Data Breach Risk

Can having a mature, comprehensive cloud security strategy reduce the impact of data breaches on your organization? Results from the latest Cost of a Data Breach Report indicate that taking this approach might produce potential savings for your business. Among other findings, the report noted that the mature use of security analytics was associated with […]

The post Know the Four Pillars of Cloud Security That Reduce Data Breach Risk appeared first on Security Intelligence.

Continue reading Know the Four Pillars of Cloud Security That Reduce Data Breach Risk

Mission Probable: Access Granted

Your facilities are most likely vulnerable to a physical intrusion. This is not an indictment of any organization’s security program. If intruders have enough time and are motivated, they most likely can break into a building, even one that has security measures in place. Nonetheless, it is important to identify physical vulnerabilities before they lead […]

The post Mission Probable: Access Granted appeared first on Security Intelligence.

Continue reading Mission Probable: Access Granted

X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments

As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses […]

The post X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments appeared first on Security Intelligence.

Continue reading X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments

LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment

After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure. According to IBM X-Force, a major spike in data leak activity on the gang’s new website indicates that their recruitment attempts have been […]

The post LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment appeared first on Security Intelligence.

Continue reading LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment

Fighting Cyber Threats With Open-Source Tools and Open Standards

Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified. Once a potential threat is detected, the staff of the security operations center (SOC) investigates […]

The post Fighting Cyber Threats With Open-Source Tools and Open Standards appeared first on Security Intelligence.

Continue reading Fighting Cyber Threats With Open-Source Tools and Open Standards

Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has never been more imperative that […]

The post Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight appeared first on Security Intelligence.

Continue reading Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

Red & Blue: United We Stand

Offensive and defensive security are typically viewed as opposite sides of the same fence. On one side, the offensive team aims to prevent attackers from compromising an organization, whereas on the other side the defensive team aims to stop attackers once they are inside. The fence, metaphorically speaking, is the adversary. The adversary’s moves, motives […]

The post Red & Blue: United We Stand appeared first on Security Intelligence.

Continue reading Red & Blue: United We Stand

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […]

The post Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon appeared first on Security Intelligence.

Continue reading Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon