March 29, 2017 By Security Intelligence Staff < 1 min read

2016 was a year in which “more was more” in the security world. From larger-than-life data breaches with over 4 billion records leaked to record numbers of DDoS attacks, vulnerability disclosures, ransomware and spam, it seems no digital stone was left unturned.

The security research experts at IBM X-Force regularly examine the threat landscape to identify key attack vectors and why they are succeeding, who is driving the attacks and what industries are the most impacted. Drawing on insights from nearly 300 million monitored endpoints, 23 billion analyzed webpages and 1 trillion monitored security events every month, IBM X-Force is one of the most renowned commercial security research groups in the world.

Read the latest IBM X-Force Threat Intelligence Index to learn:

  • The implications of the unprecedented leaks of comprehensive data sets — from political to intellectual property concerns;
  • Why attackers are using a blend of class attack vectors and evolving threats to disrupt operations and steal data;
  • Why the lower attack rate for the average security client may not be good news; and
  • What steps your organization can take to protect against these threats.

Download the 2017 IBM X-Force Threat Intelligence Index

More from Threat Intelligence

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today