Today we released the third edition of the “2015 IBM X-Force Threat Intelligence Quarterly,” where we take a deeper look at the evolution of ransomware-as-a-service and how attackers continue to capitalize in this area. Alongside that update, the IBM Managed Security Services (MSS) group reminds us why the Dark Web is a threat for enterprises and how companies can better protect themselves. Finally, we provide a brief overview of the latest changes occurring with vulnerability tracking.

Ransomware Isn’t What It Used to Be

A quick search across the Security Intelligence site for the word ransomware will reveal a trove of recent blogs in which X-Force researchers have been informing readers about these evolving threats, which continue to net criminals millions of dollars each year.

In this third-quarter report, we discuss more of the evolution of ransomware. Not only are a surprising number of users still fooled by fake or rogue antivirus messages that are nothing more than animated Web ads designed to look like actual products, but many cybercriminals are embracing the technical sophistication required to create specialized ransomware that targets specific communities.

From Anonymity to Anarchy: Tor Network Provides Cover for Dark Dealings

The Dark Web is an unencrypted, anonymous network used by nefarious individuals and organizations to conduct illicit or illegal business, including launching attacks on corporate networks to exfiltrate valuable data.

In this report, we examine the genesis of The Onion Router (Tor) software, which enables anonymous communication as both an attack medium and an infrastructure for botnet command-and-control. The design of routing obfuscation in the Tor network provides illicit actors with additional protection for their anonymity.

We discuss various methods companies should take to block connections to the Dark Web from their networks in order to limit attack surfaces, as well as liability issues that arise from content originating from Tor nodes. This can include wholesale blocking at the firewall, IDS/IPS technology to flag attacks and developing a corporate policy to stop the creation of Tor relays or similar access nodes to the Dark Web.

Download the Q3 2015 IBM X-Force Threat Intelligence Quarterly

A Modern Scoring System to Assess the Latest Vulnerabilities

In May 2012, the Board of Directors of the Forum of Incident Response and Security Teams (FIRST) selected IBM as one of the security vendors to participate in the creation of v3 of the Common Vulnerability Scoring System (CVSS).

We highlight some of the critical changes of this updated schema and why it more accurately reflects the scope and impact of modern vulnerabilities. IBM adopted CVSS v3 in July 2015.

In the first half of 2015, we reported just over 4,000 new security vulnerabilities. If this trend continues throughout the rest of the year, the total projected vulnerabilities for 2015 would be about 8,000 — the lowest total since 2011.

For more information, download the third-quarter X-Force Threat Intelligence Quarterly or take a look at some of the other recent reports.

More from Threat Research

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read