Steganography: A Safe Haven for Malware
Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network…
Leaking Cloud Databases and Servers Expose Over 1 Billion Records
As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple permission error or server…
Keep Intruders Out of Your Network With Proactive Threat Hunting
A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having…
Just a Passing Fad? Fidget Spinners and the Malware Sandbox
This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the…
Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code
The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world of unknown code — a gap between…
Blindfolded on the Battlefield: The Importance of Threat Hunting in the Modern Age
One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused. Just stop for a moment to…
Elementary, My Dear Watson: Identifying and Understanding Malware With Cognitive Security
Malware is a major cause of cyberattacks today, with fraudsters using targeted spear phishing emails and social engineering to distribute malicious files to unsuspecting employees at various organizations. To make matters worse, malware has evolved to avoid detection by traditional security tools and systems.
10 Ways to Fight Advanced Malware With Threat Intelligence Sharing
Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.
Four New Cyberthreats on the CISO’s Radar
Enterprises today face new cyberthreats from many different vectors, including some that didn’t exist just a few years ago. Chief information security officers (CISOs) need to keep their eyes on the evolving ways their companies can be breached and close any gaps to minimize the damage.
Cybersecurity analytics and operations: Need for automation and orchestration
New research from Enterprise Strategy Group (ESG) shows that when it comes to the evolution of Cybersecurity Analytics and Operations, 71% of respondent organizations find it more difficult today than it was two years ago due to the changing threat landscape, followed by volume of alerts and increased regulatory changes. “Despite businesses making it a…