95 Posts

Limor Kessem

Executive Security Advisor, IBM

Limor Kessem, CISO, CISM, is one of the top cyber intelligence experts at IBM Security. She is a seasoned security advocate, public speaker, and a prolific author of cybersecurity thought leadership. Helping security professionals understand and manage business risk, Limor is considered an authority on emerging cybercrime threats. With her unique position at the intersection of multiple research teams at IBM, and her fingers on the pulse of current day threats, Limor covers the full spectrum of information security trends affecting consumers, corporations, and the industry as a whole. On the social side, Limor tweets security items as @iCyberFighter and is an avid Brazilian Jiu Jitsu fighter.

Written By Limor Kessem

HawkEye Malware Operators Renew Attacks on Business Users

IBM X-Force researchers report an increase in HawkEye v9 keylogger infection campaigns targeting businesses around the world.

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

In an operation crowned "unprecedented," Europol and the DOJ joined forces and successfully dismantled what was left of the GozNym cybercrime gang that attempted to steal well over $100 million.

The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018

In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.

CamuBot: New Financial Malware Targets Brazilian Banking Customers

IBM X-Force researchers identified new financial malware, dubbed CamuBot, that attempts to camouflage itself as a security module required by the Brazilian banks it targets.

BackSwap Malware Now Targets Six Banks in Spain

IBM X-Force researchers discovered that BackSwap, a banking Trojan that had previously only targeted Polish banks, now has its sights set on six banks in Spain.

Mobile Banking Trojans as Keen on Cryptocurrency as PC Malware

Cybercriminals are emulating PC malware to develop mobile banking Trojans that leverage malicious miners to steal cryptocurrency and deliver it to attacker-controlled wallets.

XMRig: Father Zeus of Cryptocurrency Mining Malware?

XMRig is popular among cybercriminals because it is open source, meaning threat actors can make relatively simple changes to its code to convert the tool into a cryptojacking mechanism.

Necurs Spammers Go All In to Find a Valentine’s Day Victim

The cybergang behind the Necurs botnet launched a massive romance-themed spam campaign in the lead up to Valentine's Day, impersonating single Russian women looking for dates online.

IBM Study: Consumers Weigh in on Biometrics, Authentication and the Future of Identity

IBM Security's "Future of Identity Study" found that many consumers are moving beyond passwords and using features such as biometric authentication to secure their identities.

CPU Vulnerability Can Allow Attackers to Read Privileged Kernel Memory and Leak Data

A newly discovered hardware vulnerability underscores a microprocessor flaw that could allow an attacker to read data from privileged kernel memory.

Co-Written By Limor Kessem

Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)

IBM X-Force researchers detected, reverse engineered, reconstructed and simulated a Delphi-based Brazilian remote access Trojan.

Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

IBM X-Force researchers discovered, reverse engineered and reconstructed AVLay, a remote access Trojan that mixes DLL hijacking with a legitimate executable borrowed from various antivirus programs.

Taking Over the Overlay: Reverse Engineering a Brazilian Remote Access Trojan (RAT)

X-Force researchers discovered a new remote access Trojan variant that mixes Dynamic Link Library (DLL) hijacking with a legitimate executable borrowed from various antivirus programs.

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Is providing effective cybersecurity for the healthcare sector an IT problem or a wider-scope issue? The short answer is that it's both.

Credential Dumping Campaign Hits Multinational Corporations

X-Force researchers observed attackers targeting multinational corporations in various sectors using malicious scripts to automate attacks on misconfigured servers.

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location.

IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth

IBM X-Force analyzed modifications made to IcedID that help the banking Trojan act more stealthily on infected devices.

Securing the Microservices Architecture: Decomposing the Monolith Without Compromising Information Security

Ditching monolith for microservices may be right for your organization, but it's critical to address the relevant security considerations early in the process.

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites

The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.

Easy Does It! A Timely Look Into Fraud TTPs in the Brazilian Financial Cybercrime Landscape

In this first article of a two-part series, IBM X-Force exposes some of its research on the typical malware and tactics, techniques and procedures (TTPs) used in Brazilian financial cybercrime.

The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion

IBM X-Force researchers observed the Necurs botnet spewing millions of spam emails from more than 30,000 malicious IPs to extort bitcoin from victims who may or may not have viewed adult content.

Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers

X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors.

IBM X-Force Delves Into ExoBot’s Leaked Source Code

IBM X-Force researchers unpacked ExoBot's inner workings to reveal insights into its dynamic mechanisms and the features that help criminals use it in cross-channel bank fraud schemes.

Anubis Strikes Again: Mobile Malware Continues to Plague Users in Official App Stores

IBM X-Force reported that mobile malware developers uploaded at least 10 malicious downloader apps to the Google Play Store as the first step in a process that fetches BankBot Anubis.

Goal! Spam Campaigns Capitalize on the World Cup Craze

IBM X-Force researchers observed several ongoing spam campaigns tied to the World Cup — many of which used the official branding of tournament sponsors to lure victims.

TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets

TrickBot is getting in on the cryptocurrency gold rush, expanding its operations to target digital wallets and exchanges using serverside injections and other malicious tactics.

Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection

IBM X-Force discovered a new overlay RAT malware that exploits the AutoIt framework to evade antivirus detection while perpetrating bank fraud in Brazil.

Brazilian Malware Client Maximus: Maximizing the Mayhem

A new, upgraded version of remote access malware Client Maximus points to the growing sophistication of cybercriminals in Brazil.

QakBot Banking Trojan Causes Massive Active Directory Lockouts

IBM X-Force attributed a recent wave of malware-induced Active Directory (AD) lockouts across several IR engagements to the operators of the QakBot Trojan.

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.

Brazilian Malware Never Sleeps: Meet EmbusteBot

IBM Research — Haifa Labs detected yet another malware campaign, dubbed EmbusteBot, designed to target dozens of financial institutions in Brazil.

GootKit Developers Dress It Up With Web Traffic Proxy

X-Force researchers revealed the cybergang behind Gootkit had upgraded the banking Trojan with new network interception and certificate bypass methods.

The Full Shamoon: How the Devastating Malware Was Inserted Into Networks

X-Force IRIS researchers found that the Shamoon malware operators relied on weaponized documents that leveraged PowerShell to infiltrate targeted networks.

Anatomy of an hVNC Attack

Cybercriminals who rely on remote control tactics to commit financial fraud may use hidden virtual network computing (hVNC) modules to cover their tracks.

Client Maximus: New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil

IBM X-Force researchers discovered a new malware called Client Maximus that contains advanced code written specifically to attack banks in Brazil.

Two Heads Are Better Than One: Going Under the Hood to Analyze GozNym

IBM X-Force researchers recognized that the GozNym banking malware leverages features from two types of malware to make it double the threat.

Gozi Banking Trojan Upgrades Build to Inject Into Windows 10 Edge Browser

The developers of the Gozi banking Trojan have built some improvements into the malware that now allow it to attack Windows 10 operating systems.

Dyre Summer Renovation: Randomized Config File Names Keep Antivirus Engines Guessing

Developers of the Dyre malware are keeping a close eye on security, making several changes to the file configuration to avoid detection.

Tsukuba: Banking Trojan Phishing in Japanese Waters

IBM Security Trusteer researchers recently discovered a new financial malware dubbed Tsukuba, which targets Japanese online banking users.