18 Posts

Dave McMillen

Senior Threat Researcher, IBM Managed Security Services

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he was part of a core team of six IBMers that created the IBM Emergency Response Service which eventually grew and evolved into Internet Security Systems. As an industry-recognized security expert and thought leader, Dave's background in security is full featured. Dave thrives on identifying threats and developing methods to solve complex problems. His specialties are intrusion detection/prevention, ethical hacking, forensics and analysis of malware and advanced threats. As a member of the IBM MSS Threat Research Team, Dave takes the intelligence he has gathered and turns out immediate tangible remedies that can be implemented within a customer’s network or on IBM MSS's own proprietary detection engines. Dave became interested in security back in the late 1980's and owned and operated a company that provided penetration and vulnerability testing service, one of the first of its kind. As the internet's footprint began to grow, it became clear to him there was a new problem on the horizon; protecting data. Dave worked with WheelGroup (later acquired by Cisco) where he helped develop NetRanger IDS and NetSonar. Dave also assisted with development of the very first IBM intrusion detection system, BillyGoat. Dave also has developed several other security based methods and systems which were patented for IBM.

Written By Dave McMillen

Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold

IBM Managed Security Services (MSS) detected a sixfold increase in attacks involving embedded CPU mining tools between January and August 2017.

Apache Struts 2: A Zero-Day Quick Draw

It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.

Mirai IoT Botnet: Mining for Bitcoins?

Just in time for IoT Day, the Mirai botnet is launching attacks with a new trick up its sleeve: a built-in bitcoin mining component.

Andromeda: A Galaxy of Pain, Coming to a Machine Near You

The IBM X-Force team analyzed the Andromeda malware and determined that its operators have shifted their attention to the payment card industry.

Attacks Targeting Industrial Control Systems (ICS) Up 110 Percent

A recent IBM X-Force report found that attacks against industrial control systems (ICS) increased significantly in 2016 over last year's numbers.

Ninety-Five Percent of Webshell Attacks Written in PHP

Webshells are dangerous in the hands of APT groups. According to IBM Managed Security Services (MSS), 95 percent of webshell attacks are written in PHP.

Dissecting a Hacktivist’s DDoS Tool: Saphyra Revealed

Distributed denial-of-service (DDoS) attacks have been all over the news in recent months, with hacktivist groups taking major targets completely offline. According to IBM Managed Security Services data, the vast majority of DDoS attacks come in one...

Anonymous Unleashes Gold Medal DDoS Tools

The dust, waves and jubilation have settled on the sports festivities of this past summer. Since we’re in the business of cybersecurity, let’s reflect on one of the malicious activities that attempted to derail focus from this spirited...

Command Injection: A Deadly Needle in the Haystack

Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.

The Webshell Game Continues

IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.