The rise of social media, cloud, mobility and big data makes insider threats harder to identify, and provide more ways to pass protected information. The average organization monitored by IBM Security Services experienced approximately 81 million security events in 2014, with 55% of attacks carried out by those who had insider access to organizations’ systems. Historically, the term “insider threat” meant that disgruntled or negligent employees were inflicting harm to the company’s assets, either physical or electronic. Today many different classifications have been identified, from inadvertent insiders to quasi-insiders like 3rd party contractors.

Key findings of the IBM X-Force Threat Intelligence Quarterly – 2Q 2015:

  • Social engineering has turned an annoyance like spam into a legitimate attack vector, as for-profit operators create and sell spam campaigns to trick inadvertent insiders to open an attachment or click on a link.
  • Through rigorous practices such as monitoring and maintenance of privileged access, enterprises can better manage and monitor users and networks for both security and compliance.
  • In the event of an incident, a thorough understanding of what transpired is essential to preventing it from happening again; learn more about network forensics and how it can benefit the investigation process.

Download the complete IBM X-Force Threat Intelligence Quarterly – 2Q 2015

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

Trickbot rising — Gang doubles down on infection efforts to amass network footholds

11 min read - IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti ransomware. As of mid-2021, X-Force observed ITG23 partner with two additional malware distribution affiliates — Hive0106 (aka TA551) and Hive0107. These and other cybercrime vendors…

Your browser doesn't support HTML5 audio
Press play to continue listening
00:00 00:00