The key to a good defense is to know your enemy. In the cybersecurity realm, that means defenders must understand how attackers operate to better protect against and counteract their attempts.

Adversarial goals and tactics, techniques and procedures (TTPs) can be very different for each incident, but all attacks share some core concepts that defenders can work with to expose malevolent activity before it causes damage.

Cyberattack Preparation Powered by Threat Intelligence

Those common core concepts are the foundation of IBM X-Force Incident Response and Intelligence Services’ (IRIS) cyberattack preparation and execution frameworks, which highlight the team’s unique approach to characterizing and communicating threat intelligence to help organizations protect their networks and users.

X-Force IRIS is a team of skilled professionals who proactively help organizations fortify their defenses against today’s evolving global threat landscape. The team’s approach helps security teams inside and outside of IBM understand the design and execution of a cyberattack in a detailed, organized manner. Analysts can use that insight to help identify and respond to threats that are relevant to their organization.

Read the White Paper to Learn More

This white paper presents frameworks that explain the range of activities that can occur both prior to and during an actual network compromise. Read the complete paper to learn:

  • Why X-Force IRIS developed cyberattack preparation and execution frameworks;
  • The key elements the frameworks address in the overall cyberattack model;
  • The key phases of cyberattacks that can help security teams improve prevention and response;
  • How to communicate complex threat information with ease and control.

You can also listen to the SecurityIntelligence podcast episode, “Fight Back with the X-Force IRIS Cyberattack Preparation and Execution Frameworks,” for more insights on attack preparation and response.

Read the white paper: IBM X-Force IRIS Cyberattack Preparation and Execution Frameworks

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read