Welcome to “In Security,” the new web comic that takes a lighter look at the dark wave of threats crashing across business networks, endpoints, data and users. Click here for an introduction to the team and be sure to read Episode 001 and Episode 002.

Illustrations by Nathan Salla

Now that EveryApp has seen the Pandapocalypse attacks occur in real time, will they need to sing another chorus of “Where do we go from here?” next episode? Most likely!

How the Command Center Can Help

Network and IT security is no longer a point solution placed on the perimeter. It’s no longer one simple scenario that has a linear playbook of answers. Today’s malicious actors are attackers on all fronts of the ever-expanding enterprise. When businesses make a move to enable themselves with new technology, those that would cause harm won’t be far behind in exploiting any open and available sieves.

The EveryApp team made the right call to visit the Cambridge Command Center to assess the current threat landscape and learn the steps toward rapid remediation. But tomorrow will be a different day.

What about your organization? Are you prepared for today’s threats? What about tomorrow’s unknowns?

Learn More

Interested in learning more about how IBM’s X-Force Command Centers will help clients stay ahead of the most advanced threats? You can:

More from Threat Research

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but even over a month after the patch, no additional information outside of Microsoft’s advisory had been publicly published. From my side, it had been a…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…