November 17, 2015 By Michelle Alvarez 2 min read

This year has flown by! It seems like just yesterday IBM was presenting “2014: The Year That the Internet Fell Apart” at the InterConnect Conference. Aside from good holiday cheer, the end of the year is often a time when one reflects on past events and lessons learned. For this reason, the final issue of the 2015 IBM X-Force Threat Intelligence Quarterly shifts the focus to our in-house experts at IBM Security Services and their recent security research.

The IBM Security Services team has an extensive global reach and experience with addressing cybersecurity concerns and incidents affecting clients across a broad range of industries. Insights garnered from these experiences allow the team to identify common threads, which are woven together to form a picture of current security trends, techniques and tools used by cybercriminals, as well as reoccurring gaps in our clients’ security postures.

Security Research Finds Four Top Cybercrime Trends

Many of the security incidents to which the IBM Emergency Response Services (ERS) team responds involve fundamental breakdowns in sound security practices — that is, they could be prevented. While the incidents occur around the globe, many of them share certain characteristics and fit recurring patterns.

Our report begins by highlighting four key trends the ERS team has observed throughout 2015. These include an increase in onion-layered security incidents, ransomware attacks and insider threats, along with the transformation of security issues into a boardroom priority.

Indicators of Compromise

These security trends raise an important question: How can your enterprise find the footprints that attackers leave behind when they breach your defenses? Fortunately, the attackers aren’t the only ones who have a collection of tools at their disposal.

Our second article addresses indicators of compromise (IoC), which provide the digital evidence that an attack may have occurred and are an important tool in forensic analysis following a breach. We focus on how security teams can use IoC to track advanced attackers, assess the level of compromise and remediate issues before significant damage occurs.

Good News! Small Changes Can Have a Big Impact

It’s been a tough year for our customers’ security teams. Insider threats, malware, stealthy tools and morphing attacks continue to challenge organizations of all sizes in 2015.

When IBM X-Force looks back across the year, we see many areas for improvement. The good news is that organizations can use this security research to take stronger responsibility, make a few small changes and see a big impact for the long term.

Download the complete IBM X-Force Threat Intelligence Quarterly – 4Q 2015

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today