Threat Research
Read the latest cybersecurity threat research on vulnerabilities, threat actors, malware and more, including data from recent industry reports and intel from the experts at IBM Security X-Force. Learn more about IBM Security X-Force’s threat intelligence and incident response services.
Latest Articles
Advanced Threats September 17, 2021

How to Protect Against Deepfake Attacks and Extortion

2 min read - Cybersecurity professionals are already losing sleep over data breaches and how to best protect their employers from attacks. Now they have another nightmare to stress over — how to spot a deepfake.  Deepfakes are different because attackers can easily use data and images as a weapon. And those using deepfake…

Intelligence & Analytics September 16, 2021

How DevSecOps Can Secure Your CI/CD Pipeline

2 min read - Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In…

CISO September 15, 2021

X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments

4 min read - As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway…

Intelligence & Analytics September 13, 2021

Cryptominers Snuck Logic Bomb Into Python Packages

3 min read - Malware can show up where you least expect it. Researchers discovered a logic bomb attack in the Python Package Index (PyPI) repository, which is code repository for Python developers and part of the software supply chain. Attackers aimed to get honest software developers to include the bombs in their applications…

Intelligence & Analytics September 13, 2021

What’s Behind the Leaks of Customer Data From Retailer Databases?

2 min read - Retail data breaches involving customer data happen often today. However, they tend to be smaller insize than health care, finance or government breaches. So, the general public notices them less. Yet, they happen more often than realized. Why? And how can you defend against them?  Human Error in Customer Data…

Advanced Threats September 3, 2021

Fighting Cyber Threats With Open-Source Tools and Open Standards

7 min read - Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified.…
Advanced Threats September 3, 2021

Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

10 min read - Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has…

Software Vulnerabilities September 1, 2021

The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have

5 min read - The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks…

Malware September 1, 2021

What Has Changed Since the 2017 WannaCry Ransomware Attack?

3 min read - The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread…

CISO August 31, 2021

August 2021 Security Intelligence Roundup: Pipeline Changes, Social Engineering and Software Supply Chain Attacks

3 min read - Ransomware catches people’s attention in part because it feeds on emotion. People click on links without looking at them first, and this remains one of the most common vectors for attack. While it may seem like the internet is filled with the same advice over and over again, even the…

Advanced Threats August 24, 2021

How to Protect Yourself From a Server-Side Template Injection Attack

5 min read - Server-side templates provide an easy method of managing the dynamic generation of HTML code. But they can also fall victim to server-side template injection (SSTI). Take a look at the basics of server-side web templates, and how to detect, identify and mitigate SSTI in web applications. Server-side templates allow developers…

Software Vulnerabilities August 23, 2021

SSDF: The Key to Defending Against Supply Chain Cyberattacks

4 min read - For reasons we all know, software supply chain attacks took on new meaning near the end of 2020. This hasn’t changed over this year. One of the best modern ways to combat these cyberattacks is to integrate a secure software development framework (SSDF) into a vendor’s software development life cycle…

Malware August 23, 2021

Pay Now or Pay Later: Don’t Procrastinate When It Comes to Preventing Ransomware

3 min read - Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime that occurs during the incident, the post-breach costs can be significant. These costs can include everything from the time and resources it takes to detect how the compromise occurred and…

Advanced Threats August 18, 2021

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

6 min read - Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed…

Failed to load data
Featured by topic
© 2021 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature