The key to a good defense is to know your enemy. In the cybersecurity realm, that means defenders must understand how attackers operate to better protect against and counteract their attempts.

Adversarial goals and tactics, techniques and procedures (TTPs) can be very different for each incident, but all attacks share some core concepts that defenders can work with to expose malevolent activity before it causes damage.

Cyberattack Preparation Powered by Threat Intelligence

Those common core concepts are the foundation of IBM X-Force Incident Response and Intelligence Services’ (IRIS) cyberattack preparation and execution frameworks, which highlight the team’s unique approach to characterizing and communicating threat intelligence to help organizations protect their networks and users.

X-Force IRIS is a team of skilled professionals who proactively help organizations fortify their defenses against today’s evolving global threat landscape. The team’s approach helps security teams inside and outside of IBM understand the design and execution of a cyberattack in a detailed, organized manner. Analysts can use that insight to help identify and respond to threats that are relevant to their organization.

Read the White Paper to Learn More

This white paper presents frameworks that explain the range of activities that can occur both prior to and during an actual network compromise. Read the complete paper to learn:

  • Why X-Force IRIS developed cyberattack preparation and execution frameworks;
  • The key elements the frameworks address in the overall cyberattack model;
  • The key phases of cyberattacks that can help security teams improve prevention and response;
  • How to communicate complex threat information with ease and control.

You can also listen to the SecurityIntelligence podcast episode, “Fight Back with the X-Force IRIS Cyberattack Preparation and Execution Frameworks,” for more insights on attack preparation and response.

Read the white paper: IBM X-Force IRIS Cyberattack Preparation and Execution Frameworks

More from Threat Intelligence

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today