Category Archives: X-Force

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Posted on by

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]

The post TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware appeared first on Security Intelligence.

Continue reading TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Posted on by

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The […]

The post Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data appeared first on Security Intelligence.

Continue reading Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

TrickBot Bolsters Layered Defenses to Prevent Injection Research

Posted on by

This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through […]

The post TrickBot Bolsters Layered Defenses to Prevent Injection Research appeared first on Security Intelligence.

Continue reading TrickBot Bolsters Layered Defenses to Prevent Injection Research

The Best Threat Hunters Are Human

Posted on by

“You won’t know you have a problem unless you go and look.” Neil Wyler, who is known as ‘Grifter’ in the hacker community, made that statement as a precursor to an unforgettable story. An organization hired Grifter to perform active threat hunting. In a nutshell, active threat hunting entails looking for an attacker inside an […]

The post The Best Threat Hunters Are Human appeared first on Security Intelligence.

Continue reading The Best Threat Hunters Are Human

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

Posted on by

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered.  The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

Continue reading Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

Zero Trust and DNS Security: Better Together

Posted on by

How many times have you heard the popular information security joke: “It’s always DNS”? It means that every time there’s a problem you can’t figure out, you will dig until you reach the conclusion that it’s always DNS. But DNS is also where a lot of issues can be caught early, and it should be […]

The post Zero Trust and DNS Security: Better Together appeared first on Security Intelligence.

Continue reading Zero Trust and DNS Security: Better Together

Nation State Threat Group Targets Airline with Aclip Backdoor

Posted on by

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […]

The post Nation State Threat Group Targets Airline with Aclip Backdoor appeared first on Security Intelligence.

Continue reading Nation State Threat Group Targets Airline with Aclip Backdoor

How Log4j Vulnerability Could Impact You

Posted on by

If you hadn’t heard of Apache Log4j, chances are it’s on your radar now. In fact, you may have been using it for years. Log4j is a logging library. Imagine writing your daily activities into a notebook. That notebook is Log4j. Developers and programmers use it to take notes about what’s happening on applications and […]

The post How Log4j Vulnerability Could Impact You appeared first on Security Intelligence.

Continue reading How Log4j Vulnerability Could Impact You

“Trusted Partner” in Cybersecurity: Cliché or Necessity?

Posted on by

I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either. I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual […]

The post “Trusted Partner” in Cybersecurity: Cliché or Necessity? appeared first on Security Intelligence.

Continue reading “Trusted Partner” in Cybersecurity: Cliché or Necessity?

X-Force Threat Intelligence: Monthly Malware Roundup

Posted on by

Today’s reality means that organizations need to be constantly vigilant against security breaches. Having a robust incident response plan in place is vital. IBM Security X-Force is a team dedicated to delivering the latest threat intelligence, research and analysis reports that help you manage risk in your organization. This monthly malware roundup offers a summary […]

The post X-Force Threat Intelligence: Monthly Malware Roundup appeared first on Security Intelligence.

Continue reading X-Force Threat Intelligence: Monthly Malware Roundup