Hacking

Getty Images/iStockphoto Following public disclosure of the critical VPN flaw in December, multiple reports show threat actors are exploiting it to target…

Post Content Source: Read More

Security Director Ian Keller on the Need for a ‘People Leader’

They created pages with malicious links and ultimately conducted credential-harvesting attacks

When it comes to cybercriminals stealing money from cryptocurrency companies and protocols, 2022 was the worst year – ever. 

A report from Chainalysis claims that in 2022, $3.8 billion in various tokens were stolen. 

Drilling deeper through the year, the analysts discovered major spikes in March and October, with the latter becoming the biggest single month for crypto theft – ever. That month, a total of 32 separate attacks occurred, leaving businesses $775.7 million short.
Lazarus Group dominating

Most of the attacks saw hackers after decentralized finance (DeFi) protocols. 

The trend, which started in 2021, spilled into 2022, with DeFi protocols making up 82.1% of all crypto hack incidents last year (up from 73.3% the year prior). All in all – $3.1 billion were stolen, with two-thirds of that sum (64%) being taken from cross-chain bridge protocols.

Numerous hacking groups were involved, but one specific stands out as the worst performer – the North Korean Lazarus Group. This group is said to have strong ties with the country’s government and apparently uses the money stolen in crypto hacks to fund the country’s nuclear weapons program.

In 2022, the group amassed an estimated $1.7 billion in various cryptocurrency tokens, with $1.1 billion being taken from DeFi protocols alone.

Read more

> FBI confirms North Korean Lazarus Group was behind major Harmony crypto heist> FBI says North Korean Lazarus group was behind huge crypto theft> Check out the best ID theft protection solutions right now

Chainalysis tried to illustrate the power the group holds, saying that in 2020, North Korea exported a total of $142 million worth of goods.

But the problem with these hacks is that Lazarus Group usually ends up with large quantities of illiquid tokens, which they first need to exchange for more liquid ones. To do that, they move the tokens to other DeFi protocols, and only then move them to mixers – crypto projects which crooks usually use to launder money. 

Still, law enforcement is fighting back, the researchers say, reminding that last year $30 million worth of cryptocurrency stolen in the Axie Infinity Ronin Bridge hack was retrieved. “We expect more such stories in the coming years, largely due to the transparency of the blockchain,” the researchers concluded.

Here are the best firewalls around

IBM plans on laying off 3,900 workers, joining other tech giants in recent staff cutbacks.

Those 3,900 employees, which represent around 1.5 percent of IBM’s global workforce, will come from two business units currently being sold off: Kyndryl (IT infrastructure services; spun off as its own company) and IBM’s healthcare data analytics business (sold to a private equity firm).

However, IBM doesn’t view itself as subject to the same market forces currently impacting companies like Meta, Google, and Microsoft, all of which have announced thousands of tech layoffs over the past few months. “The reason that we are remaining in this optimistic frame of mind [is] we have no consumer business,” IBM CEO Arvind Krishna said, according to CNN. “So I think, consequently, we might be seeing a little bit different subset of the economy than those who might have a large direct exposure to a consumer business.”

However, IBM is still competing against those tech giants in arenas such as A.I. and the cloud. Over the past few years, some of its biggest cutting-edge projects have experienced some setbacks, costing it market share at a critical moment. A years-long effort to turn its A.I. platform Watson into a cancer diagnostic tool resulted in canceled contracts. Meanwhile, its attempt to compete against the likes of Microsoft Azure and Amazon Web Services (AWS) with an enterprise-grade cloud also smacked into problems, including an ill-conceived decision to develop two separate cloud infrastructure designs in parallel.

If IBM wants to compete against those tech giants, it will need to continue paying out competitive compensation to software engineers and other tech specialists. According to levels.fyi, which crowdsources tech professional compensation, IBM lags its competitors somewhat when it comes to pay for software engineers–but it’s also known for paying extraordinary salaries to A.I. researchers and other experienced specialists in key roles.

A wanted Swiss hacker accessed a federal No Fly List containing millions of records that was sitting on an unsecured server operated by a regional airline company.

According to Fortune Magazine, 40% of U.S. employees are considering an exit from their current place of business. This trend, which has been termed The Great Resignation, creates instability within organizations. High employee turnover increases security risks, making companies more vulnerable to attacks as human infrastructure becomes fragmented, leaving gaps that very often expose an..

The post Countering Insider Threats as the Great Resignation Continues appeared first on Security Boulevard.

A new campaign from the infamous North Korean hacking group Lazarus has been found to be actively targeting public and private sector research organizations, the medical research and energy sector and their supply chain. Detailed today by security researchers at cybersecurity solution provider WithSecure Oyj, the campaign was first detected in the fourth quarter of

The post Infamous North Korean hacking group Lazarus targets research organizations appeared first on SiliconANGLE.

The top-ranked IBM X-Force Exchange threat intelligence platform (TIP) integrates enterprise-grade external security threat information with the tools a security professional needs to analyze how the threat might impact the organization. This article provides more in-depth information on the product and its features.

For a comparison with other TIP products, see the complete list of top threat intelligence companies.
Product History

Internet Security Systems developed X-force in 1996 and ISS was later acquired by IBM in 2006, after which the X-Force brand became part of IBM Security. The X-Force Exchange threat intelligence platform (TIP) was launched in 2015 to open up the wealth of threat intelligence collected by IBM X-Force to the public to support collaborative defense.
Product Description

IBM X-Force Exchange provides collaborative threat intelligence through a cloud-based platform that enables security analysts to research threat indicators and accelerate responses to attacks. It offers intelligence on:

IP and URL reputation

web applications

malware

vulnerabilities

spam

Users can then enhance their security insights with machine-generated intelligence and curated human-generated insights from IBM X-Force researchers available via public case file collections on the latest malware campaigns and threats.

“Users can collaborate with peers to validate threats and develop response plans using private groups and shared collections, and strengthen their existing security solutions with threat intelligence delivered through open standards,” said Sam Dillingham, Senior Offering Manager, IBM Security.

Agents

X-Force Exchange is a cloud-based platform, and does not deploy via agents.
Markets and Use Cases

In 2015, when IBM launched the X-Force Exchange it noted that six of the world’s top 10 retailers and five of the world’s top 10 banks were part of the 1,000+ organizations contributing to the X-Force Exchange threat database. In 2016, IBM also announced shared threat intelligence feeds with Check Point. With integrated workflow support through private groups and Collections, X-Force Exchange appeals to organizations that need to support a streamlined security investigation process.

One retailer, noted Dillingham, replaced multiple threat intelligence feeds with X-Force Exchange to dramatically reduce their investigation time. This retailer is using shared collections to gather threat intelligence, letting the security team focus on applying the intelligence rather than on the mechanics of gathering it.

However, for organizations that want to incorporate multiple feeds, external feeds can also be fed into an organization’s X-Force Exchange dashboard. The TIP will then generate a consolidated threat feed based on all information sources.
Applicable Metrics

As a cloud based platform, X-Force Exchange scales to support any size organization. Customersare allowed unlimited queries via the platform itself per month or through the Advanced Threat Protection Feed. The X-Force Exchange Commercial API supports usage-based billing. As noted above, additional third-party threat intelligence feeds can be brought into X-Force Exchange using the Threat Feed Manager once a user provides their credentials or API key for those feeds via the platform.
Security Qualifications

Depending upon the chosen edition, the IBM X-Force Exchange can meet the standards necessary to satisfy global compliance standards such as: ISO 27001, ISO 27017, ISO 27018, and both the EU-US Privacy Shield and Swiss Privacy Shield frameworks.. As a threat intelligence platform, X-Force Exchange can provide automated threat feeds to other qualified security systems such as firewalls, network intrusion detection (IDS) and prevention systems (IPS or IDPS), etc.
Intelligence

Users can enhance their security insights with machine-generated intelligence. Threat intelligence from X-Force Exchange is also used by IBM QRadar Advisor with Watson so security analysts can leverage machine learning on the QRadar SIEM platform and the QRadar SOAR (Security Orchestration, Automation and Response) product.

All threat intelligence produced is cross-correlated against relevant sources used by X-Force Exchange, and this analysis is automated into reports that provide real-time visibility into risk score, activity history, geography, associated indicators, categorization and other pertinent threat intelligence. Customers of the X-Force Exchange Commercial API and the X-Force Exchange Enterprise API can also access additional reports and Indicators of Compromise (also available for the Advanced Threat Protection Feed) produced by X-Force IRIS (Incident Response and Threat Intelligence Services).
Delivery

X-Force Exchange is a cloud-based solution, accessible via a web browser or through an API interface to interface directly with existing security solutions.
Pricing

IBM X-Force Exchange is free to use via a guest login through the web interface at xforce.ibmcloud.com. A free X-Force Exchange non-commercial API is also available for limited use. For commercial use, IBM publishes information on four editions, but requires direct contact to obtain a quotation.

X-Force Exchange

Cloud based intelligence sharing platform

Unlimited record access

Limited Support

Advanced Threat Protection Feed

Unlimited Record Access

Threat feed for internal security tool integrations

RESTful API in JSON format

X-Force Exchange Commercial API

For integration with commercial applications

Perform bulk-queries for IPs and URLs

Usage Based records

RESTful API in JSON format

Includes X-Force IRIS (incident response service) reports and indicators of compromise

X-Force Exchange Enterprise API

Unmetered bulk usage of threat feeds and premium content

Unlimited Records

RESTful API in JSON format

Includes X-Force IRIS (incident response service) reports and indicators of compromise

This article was originally written by Drew Robb on July 18, 2017, and updated by Chad Kime on February 1, 2023.

The post IBM X-Force Exchange Threat Intelligence Platform appeared first on eSecurityPlanet.