“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we’re talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses ove

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index

According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That’s a 33% increase from 2021.  One

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can y

!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> The non-fungible token (NFT) boom has also led to some serious security incidents. For example, the number of suspicious-looking domain registrations with names of NFT stores increased nearly 300% in March 2021.   To participate in an NFT marke

!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> The banking and finance industries deliver more services online now than ever before due to the pandemic. As a result, banking cybersecurity became more important than ever this year. Some of the threats to big data security in recent years included rans

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogra

This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get thro

The holiday rush is upon us, and so is the risk of cyberattack. Threat actors often get to work during the holidays. IT staff is heading out for vacation, and everyone is in a hurry. This means we might skimp on security. Still, there are some holiday cybersecurity tips that will help make the season go smoothly.    End of Year and Christmas

If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. After all, they affect the pu

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banki

A recent Fortune Business Insights report projects that the global Identity and Access Management (IAM) market (valued at $9.53 billion in 2018) will reach $24.76 billion by the end of 2026, showing a CAGR of 13.17%. What’s behind this massive demand? In a nutshell, people don’t want their identities stolen. But the real drivers are growing regu

Online shopping bots are not new to the e-commerce world. Stores use bots to offer better customer service, but malicious bots can cause major harm to a business. These pose cybersecurity risks to e-commerce retailers and consumers alike. Some customers use shopping bots to execute automated tasks based on a set of instructions, such as log onto website -&g

Most organizations take what you might call an active approach to cybersecurity, They’re prepared to do certain things once an attack happens. Or, they take a reactive approach, taking action after an attack is completed. A proactive cybersecurity strategy is about acting before any attack occurs; it’s a good cybersecurity posture of readiness.&