The period between Christmas and New Year’s Day has long been the time people give to charities the most, making the charities themselves attractive targets for cyber criminals. Because the events of 2020 will likely boost existing trends, nonprofit cybersecurity challenges may be greater than ever this year — even as groups find themselves with

The current pandemic has shown us what humanity stands for: kindness, care, sharing, giving and all the great values that we have as a global community, especially in hard times. In these times of need, there are multiple initiatives that are being driven by individuals and organizations alike asking for help — both in kind and cash. And, as one would expect

During the past few months, IBM X-Force researchers have noticed a familiar malware threat that typically affects bank customers in Brazil has spread to attack banks in Spain. The rise in campaigns prompted us to look into it further. Grandoreiro, a remote-overlay banking Trojan, has migrated to Spain without significant modification, proving that attackers

The past two years have borne witness to the increasing collaboration between organized cybercrime groups to avoid duplication of efforts and maximize profits. Although this collaboration has primarily occurred between gangs developing and distributing well-known banking Trojans, such as Emotet, TrickBot and IcedID, it does not stop there. In a new and dange

Not too many of us have directly experienced the unavailability of a critical service or infrastructure (e.g., power outages, unavailability of hospital data, etc.), but we as a security community have seen an explosive growth of cyberattacks targeting operational technology (OT) environments recently. The IBM X-Force Threat Intelligence Index 2020 found tha

The financial malware arena became a mainstream issue a little over a decade ago with the rise of malware like the Zeus Trojan, which at the time was the first commercial banking Trojan available to the cybercrime world. We have come a long way since, and the past decade saw banking Trojans become increasingly sophisticated, specialized and exclusive, operat

Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) emplo

IBM X-Force has identified a spam campaign targeting users in Japan that employs the Coronavirus scare as a lure to encourage people to open malicious emails. The messages contain Microsoft Office files loaded with macros that, when enabled, launch an infection routine that delivers the Emotet Trojan. In general, Emotet is very focused on infecting companies

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi

Averting cyberattacks planned out by aggressive threat actors is no easy feat for any organization, and much less for incident response (IR) teams who are usually called in after the attack has caused damage. IBM X-Force Incident Response and Intelligence Services (IRIS) analysts know this firsthand. The problem with this approach is that when an attack is a

Follow the money! That is the famous first rule for investigating white collar criminal activity. It should also be the first rule for protecting your organization from a data breach, ransomware attack or other malicious activity. A basic fact of modern cybersecurity life is that the lone hacker of yore has long since vanished, replaced by sophisticated cy

Chance favors the prepared mind. That’s what famous chemist Louis Pasteur once said, but it’s also an important principle that applies to psychological security. Remember back in middle school when name-calling was a way we expressed our emotions? You’ll likely recall the common response: “It takes one to know one!” It Takes a

Today’s cybercriminals have new options that make their malicious efforts easier than ever. Cyberattacks can be purchased in several forms, including as-a-service packages and simple downloads to be installed in rogue servers. While these may not be the most cutting-edge techniques, they can be effective in infiltrating systems that have not been suff

The cyber age has brought incalculable advantages to modern life. The world is connected and accessible like never before. But like all technological advances, there is a dark side to this progress: Quite simply, the cyber age is revolutionizing warfare. Whereas security threats were once visible and easily identifiable, today’s cyberthreats are invi

According to a report published by the threat intelligence firm Recorded Future cybercriminals earn between $1,000 and $3,000 a month. How much money earns a cyber criminal? According to a report published by the threat intelligence firm Recorded Future crooks earn between $1,000 and $3,000 a month, but one of five earns $20,000 a month or more reaching also