HackDig : Dig high-quality web security articles for hackers

What the Explosive Growth in ICS-Infrastructure Targeting Means for Security Leaders

The recently published IBM X-Force Threat Intelligence Index 2020 pointed out that over 8.5 billion records were compromised in 2019, a figure that’s more than 200 percent greater than the number of records lost in 2018. It also determined that scanning and exploitation of vulnerabilities have increased from just 8 percent of attacks in 2018 to nearly
Publish At:2020-02-20 10:49 | Read:998 | Comments:0 | Tags:CISO Energy & Utility Security Services Brute-Force Attack C

X-Force Threat Intelligence Index Reveals Top Cybersecurity Risks of 2020

The volume of threats that security teams see on a daily basis can make it especially difficult to look at the big picture when it comes to developing an effective cybersecurity strategy. To see through the flood of data and alerts, organizations depend on actionable threat intelligence to help them understand and mitigate risks. Looking at long-term trends
Publish At:2020-02-11 08:51 | Read:1287 | Comments:0 | Tags:Advanced Threats Threat Intelligence Cloud Cloud Adoption Cl

Information and Communication Technology (ICT) Industry: Second-Most Attacked Sector in 2016

The information and communication technology (ICT) industry has evolved greatly over the last several decades. The interconnected nature of ICT devices and systems, along with modern society’s dependence on the technologies and services this sector provides, increases the risk of cyberattack. Furthermore, firms in this industry often act as a clearingh
Publish At:2017-07-10 21:30 | Read:5384 | Comments:0 | Tags:Industries Threat Intelligence X-Force Research Buffer Overf

A Magnet for Cybercrime: Financial Services Sector

As revealed in the 2017 IBM X-Force Threat Intelligence Index, the financial services sector was attacked more than any other industry last year. The average financial services client organization monitored by IBM Security Services experienced 65 percent more attacks than the average client organization across all industries (see Figure 1). Moreover, 2016 sa
Publish At:2017-04-27 19:35 | Read:5094 | Comments:0 | Tags:Advanced Threats Banking & Financial Services Threat Intelli

Life’s a Breach: Dissecting a Year of Devastating Data Breaches

Several major data breaches thrust cybersecurity into the global spotlight in 2016. In the Asia-Pacific region, for example, cybercriminals stole 100 GB of government data from the Indian state of Kerala and made off with 300 GB of voter data in the Philippines. These are just two examples of high-profile data breaches that hit in 2016. Leaked records includ
Publish At:2017-04-17 01:45 | Read:4571 | Comments:0 | Tags:Data Protection Threat Intelligence Cost of Data Breach Data

The Weaponization of IoT: Rise of the Thingbots

Threat actors use botnets — networks of infected computers or devices — for various cybercriminal purposes, most significantly distributed denial-of-service (DDoS) attacks against predefined targets. Today, botnets with DDoS capabilities are even for sale on the Dark Web. In March 2016, our IBM report, “The Inside Story on Botnets,” explored the
Publish At:2017-04-07 04:20 | Read:5869 | Comments:0 | Tags:Advanced Threats Malware Network & Endpoint Botnets Distribu

2016: The Year of the Mega Breach

“Excuse me, are you aware of what’s happening right now? We’re facing 20 billion security events every day. DDoS campaigns, ransomware, malware attacks …” says a woman sternly to an associate in a recently aired commercial featuring Watson and IBM Security. She may have been an actor, but the question and the threats she describ
Publish At:2017-03-29 20:30 | Read:4066 | Comments:0 | Tags:Threat Intelligence Data Breach IBM X-Force Report IBM X-For

CAPEC: Making Heads or Tails of Attack Patterns

When reading summaries of prevalent cyberattacks, I often find myself puzzled. Sometimes it’s because the name of an attack is too ambiguous to know what it is referring to, forcing the reader to make assumptions about the meaning. Many security analysts report attack types using the consequence of the incident, the attack pattern, the name of the de
Publish At:2017-03-27 13:00 | Read:7232 | Comments:0 | Tags:Advanced Threats X-Force Research IBM X-Force Report IBM X-F

Enticing Clicks With Spam

Among the key findings from the upcoming IBM X-Force Threat Intelligence Index for 2017, available March 29, is the ongoing use of spam as an entry vector for attackers. While targeted attacks make headlines, the prevalence of spam traffic means that a variety of attackers are still finding success in this scattershot method to gain access to protected data.
Publish At:2017-03-13 17:00 | Read:5936 | Comments:0 | Tags:Threat Intelligence Vulns / Threats IBM X-Force Report IBM X

Anonymity and Cryptocurrencies Enabling High-Stakes Extortion

Today we released the third edition of the “2015 IBM X-Force Threat Intelligence Quarterly,” where we take a deeper look at the evolution of ransomware-as-a-service and how attackers continue to capitalize in this area. Alongside that update, the IBM Managed Security Services (MSS) group reminds us why the Dark Web is a threat for enterprises and
Publish At:2015-08-25 03:35 | Read:3683 | Comments:0 | Tags:IBM X-Force Dark Web IBM X-Force Report IBM X-Force Security

The Insider Threat: A Cloud Platform Perspective

The most recent IBM X-Force Threat Report, titled “IBM X-Force Threat Intelligence Quarterly, 2Q 2015,” focuses solely on the insider threat and its various incarnations. It’s a comprehensive and compelling read. It certainly got me thinking, and I began asking myself some questions about the nature of insider threats and how to best protec
Publish At:2015-06-12 09:40 | Read:3663 | Comments:0 | Tags:Cloud Security Access Management Cloud IBM X-Force Report IB

Are Cracks in the Digital Foundation of the Internet Crumbling the Core?

Today we released the first edition of the 2015 IBM X-Force Threat Intelligence Quarterly, where we focus on a year-end review of all the attack and breach activity that occurred in the previous year, along with some interesting new twists to the methodology of how vulnerabilities are disclosed. 2014 Saw a Surge in the Disclosure of ‘Designer VulnsR
Publish At:2015-03-16 16:35 | Read:5266 | Comments:0 | Tags:IBM X-Force IBM X-Force Report IBM X-Force Security Research

Grabbing the Heartbleed Vulnerability by the (Long) Tail

In an age where we don’t have the patience for paragraphs and only a mere tolerance for tweets, it’s a wonder we’re still talking about the Heartbleed vulnerability five months after it was disclosed. In a recent video update, Lead X-Force Security Architect Michael Hamelin described the “long tail” of Heartbleed, estimating it
Publish At:2014-09-26 16:50 | Read:3122 | Comments:0 | Tags:Vulns / Threats CVE-2012-1723 Heartbleed Heartbleed OpenSSL

How to Improve Asset Management for Risk Assessment and Control

Shared Responsibility of Asset Management Reflects Patching Perspective Asset management is a topic of conversation for many industry professionals due to several factors, including continuous diagnostics and mitigation, the National Institute of Standards and Technology (NIST) Cybersecurity Framework and other conversations around breaches and vulnerability
Publish At:2014-09-24 02:10 | Read:4651 | Comments:0 | Tags:IBM X-Force Risk Management Asset Management Heartbleed IBM

Intrusion Prevention and the Seven-Year Itch

As soon as I saw the life-sized Boba Fett cardboard stand-up on the fifth floor of Internet Security Systems, I knew I had found my people. After over 12 years in very large companies honing my competitive intelligence skills, I was looking for a smart, agile company to join and dig in and contribute on a small team, and the market leader in intrusion preven
Publish At:2014-08-29 05:40 | Read:3942 | Comments:0 | Tags:Infrastructure Protection Black Hat IBM X-Force Re

Tools