92 Posts

Limor Kessem

Executive Security Advisor, IBM

Limor Kessem is one of the top cyber intelligence experts at IBM Security. She is a seasoned security advocate, public speaker, and a regular blogger on the cutting-edge IBM Security Intelligence blog. Limor comes to IBM from organizations like RSA Security, where she spent 5 years as part of the RSA research labs and drove the FraudAction blog on RSA's Speaking of Security. She also served as the Marketing Director of Big Data analytics startup ThetaRay, where she created the company's cybersecurity thought leadership. Limor is considered an authority on emerging cybercrime threats. She participated as a highly appreciated speaker on live InfraGard New York webcasts (an FBI collaboration), spoke in RSA events worldwide, conducts live webinars on all things fraud and cybercrime, and writes a large variety of threat intelligence  publications. With her unique position at the intersection of multiple research teams at IBM, and her fingers on the pulse of current day threats, Limor covers the full spectrum of trends affecting consumers, corporations, and the industry as a whole. On the social side, Limor tweets security items as @iCyberFighter and is an avid Brazilian Jiu Jitsu fighter.

Written By Limor Kessem

New Banking Trojan IcedID Discovered by IBM X-Force Research

IBM X-Force identified a new Trojan, dubbed IcedID, that uses advanced browser manipulation tactics to target financial institutions in the U.S. and U.K.

Massive Identity Data Exposure Leads to Rising Tides of New Account Fraud — What’s Next?

New account fraud is rising in popularity among cybercriminals due to the frequency with which users are opening new online banking accounts.

Ursnif Campaign Waves Breaking on Japanese Shores

The Ursnif banking Trojan began targeting financial institutions in Japan during Q3 2017 and continues to operate in the region as we enter Q4.

Bad Rabbit Ransomware Attacks Highlight Risk of Propagating Malware Outbreaks

Companies in Russia and Ukraine suffered a widespread attack known as Bad Rabbit that directed victims to a Dark Web site to pay for their stolen files.

Not Your Father’s Cybersecurity Tips: Think Outside the Box to Protect Your Identity During NCSAM

These five cybersecurity tips can help users review and update their online practices to protect their identities from advanced threats.

TrickBot Takes to Latin America, Continues to Expand Its Global Reach

The cybergang operating the TrickBot banking Trojan were unusually active over the summer, launching new campaigns in Latin America and updating its code.

Cybercrime’s Cryptocurrency Gold Rush: Going Strong!

Cryptocurrencies such as bitcoin are becoming more popular, but that means cybercriminals are embracing the potential of cryptocurrency as well.

POS Malware Breach Sees Payment Cards Hit Underground Shops

A popular fast-food chain and supermarket were recently breached by POS malware. Some of the credit card details had been up for sale for more than a week.

All in a Spammer’s Workweek: Where Do the Busiest Spammers Work Around the Clock?

According to recent IBM X-Force data, spammers and spam botnets typically work the same hours we do to maximize their returns.

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

Before it started fading out in June 2016, Shifu malware appeared to be targeting banks in Japan and the U.K. and evolving at a steady pace.

Co-Written By Limor Kessem

Easy Does It! A Timely Look Into Fraud TTPs in the Brazilian Financial Cybercrime Landscape

In this first article of a two-part series, IBM X-Force exposes some of its research on the typical malware and tactics, techniques and procedures (TTPs) used in Brazilian financial cybercrime.

The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion

IBM X-Force researchers observed the Necurs botnet spewing millions of spam emails from more than 30,000 malicious IPs to extort bitcoin from victims who may or may not have viewed adult content.

Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers

X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors.

IBM X-Force Delves Into ExoBot’s Leaked Source Code

IBM X-Force researchers unpacked ExoBot's inner workings to reveal insights into its dynamic mechanisms and the features that help criminals use it in cross-channel bank fraud schemes.

Anubis Strikes Again: Mobile Malware Continues to Plague Users in Official App Stores

IBM X-Force reported that mobile malware developers uploaded at least 10 malicious downloader apps to the Google Play Store as the first step in a process that fetches BankBot Anubis.

Goal! Spam Campaigns Capitalize on the World Cup Craze

IBM X-Force researchers observed several ongoing spam campaigns tied to the World Cup — many of which used the official branding of tournament sponsors to lure victims.

TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets

TrickBot is getting in on the cryptocurrency gold rush, expanding its operations to target digital wallets and exchanges using serverside injections and other malicious tactics.

Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection

IBM X-Force discovered a new overlay RAT malware that exploits the AutoIt framework to evade antivirus detection while perpetrating bank fraud in Brazil.

Brazilian Malware Client Maximus: Maximizing the Mayhem

A new, upgraded version of remote access malware Client Maximus points to the growing sophistication of cybercriminals in Brazil.

QakBot Banking Trojan Causes Massive Active Directory Lockouts

IBM X-Force attributed a recent wave of malware-induced Active Directory (AD) lockouts across several IR engagements to the operators of the QakBot Trojan.

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.

Brazilian Malware Never Sleeps: Meet EmbusteBot

IBM Research — Haifa Labs detected yet another malware campaign, dubbed EmbusteBot, designed to target dozens of financial institutions in Brazil.

GootKit Developers Dress It Up With Web Traffic Proxy

X-Force researchers revealed the cybergang behind Gootkit had upgraded the banking Trojan with new network interception and certificate bypass methods.

The Full Shamoon: How the Devastating Malware Was Inserted Into Networks

X-Force IRIS researchers found that the Shamoon malware operators relied on weaponized documents that leveraged PowerShell to infiltrate targeted networks.

Anatomy of an hVNC Attack

Cybercriminals who rely on remote control tactics to commit financial fraud may use hidden virtual network computing (hVNC) modules to cover their tracks.

Client Maximus: New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil

IBM X-Force researchers discovered a new malware called Client Maximus that contains advanced code written specifically to attack banks in Brazil.

Two Heads Are Better Than One: Going Under the Hood to Analyze GozNym

IBM X-Force researchers recognized that the GozNym banking malware leverages features from two types of malware to make it double the threat.

Gozi Banking Trojan Upgrades Build to Inject Into Windows 10 Edge Browser

The developers of the Gozi banking Trojan have built some improvements into the malware that now allow it to attack Windows 10 operating systems.

Dyre Summer Renovation: Randomized Config File Names Keep Antivirus Engines Guessing

Developers of the Dyre malware are keeping a close eye on security, making several changes to the file configuration to avoid detection.

Tsukuba: Banking Trojan Phishing in Japanese Waters

IBM Security Trusteer researchers recently discovered a new financial malware dubbed Tsukuba, which targets Japanese online banking users.