Advanced Threats September 25, 2019 Leading Magecart Group Targeting Captive Wi-Fi Users via L7 Routers 5 min read - According to IBM X-Force IRIS, Magecart Group 5 is likely testing malicious code designed for injection into benign JavaScript files loaded by commercial-grade L7 routers.
Advanced Threats February 6, 2019 IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites 8 min read - The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.
Banking & Finance August 22, 2018 BackSwap Malware Now Targets Six Banks in Spain 3 min read - IBM X-Force researchers discovered that BackSwap, a banking Trojan that had previously only targeted Polish banks, now has its sights set on six banks in Spain.
Advanced Threats February 15, 2018 TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets 8 min read - TrickBot is getting in on the cryptocurrency gold rush, expanding its operations to target digital wallets and exchanges using serverside injections and other malicious tactics.
Banking & Finance November 13, 2017 New Banking Trojan IcedID Discovered by IBM X-Force Research 7 min read - IBM X-Force identified a new Trojan, dubbed IcedID, that uses advanced browser manipulation tactics to target financial institutions in the U.S. and U.K.
Malware October 16, 2017 Diving Into Zberp’s Unconventional Process Injection Technique 8 min read - IBM X-Force Research discovered a new variant of Zberp that evades API threat detection tools using a code injection technique it borrowed from Carberp.
Risk Management August 30, 2017 The Educator’s Back-to-School Cybersecurity Checklist: Make Mitigating Command Injection a Priority 3 min read - To protect students, parents and teachers from data theft, academic institutions must adopt comprehensive strategies to mitigate command injection attacks.
Application Security July 10, 2017 A Primer on Cross-Site Scripting (XSS) 2 min read - XSS is a prevalent web-based exploit in which threat actors inject malicious code into webpages to compromise data or facilitate phishing scams.
Banking & Finance June 15, 2017 Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking? 3 min read - Amid a period of targetless activity, IBM X-Force researchers are wondering where the operators behind the Zeus Sphinx Trojan are planning to strike next.
Fraud Protection February 11, 2016 Dark Web Suppliers and Organized Cybercrime Gigs 5 min read - Suppliers offering cybercrime-as-a-service on the Dark Web are helping organized groups achieve more effective bank fraud schemes.