The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018
In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.
The Biggest Stories From RSAC 2019: What Scares the Cybersecurity Experts?
When the perspectives of CISOs and experts at RSAC 2019 are viewed as a continuum, you can begin to see a story emerging about the state of cybersecurity in 2019.
Blockchain: Making the Reward Much Greater Than the Risk
The decentralized nature of blockchain, coupled with consensus protocols, helps to address some security needs, but the consequences can be dire if security isn't fully explored.
Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems
Two X-Force Red interns discovered 19 previously undisclosed vulnerabilities across five popular visitor management systems that could enable attackers to establish a foothold on corporate networks.
Recapping IBM Think 2019 and HIMSS19: The Shared Landscape of Global Security
We're only a few months into the year, but HIMSS19 and Think 2019 have already helped shape this year's focus on enterprise transformation, innovation and global cybersecurity.
Cryptojacking Rises 450 Percent as Cybercriminals Pivot From Ransomware to Stealthier Attacks
IBM X-Force saw a decline in ransomware in 2018 as cybercriminals shifted tactics to cryptojacking and attacks that don’t leverage malware.
Calling Into Question the CVSS
X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.
New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks
A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.
How the Financial Services Industry Is Preparing to Avoid and Respond to Systemic Cyberattacks
Financial services industry leaders visited the IBM X-Force Command Cyber Range for a war game exercise designed to battle-test their response to a systemic cyberattack.