Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM X-Force Insights from the 2016

Published byLilian Hudson Modified over 7 years ago

Similar presentations

Presentation on theme: "IBM X-Force Insights from the 2016"— Presentation transcript:

1 IBM X-Force Insights from the 2016
IBM X-Force Threat Intelligence Report Chris Poulin Research Strategist, X-Force IBM Security April 2016

2 is the foundation for advanced security and threat research across the IBM Security Framework.
Advanced Security and Threat Research, which includes the X-Force team, is the foundation for many of the pillars in the security product portfolio. As the team tasked with staying on top of the latest threats and vulnerabilities, the information it provides is a critical aspect of providing protection to the other parts of the framework. 2

3 Web Application Control Vulnerability Protection
IBM X-Force® Research Expert analysis and data sharing on the global threat landscape IP Reputation Zero-day Research URL / Web Filtering Malware Analysis Web Application Control Vulnerability Protection Anti-Spam The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow’s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

4 IBM X-Force monitors and analyzes the changing threat landscape
20,000+ devices under contract 15B+ events managed per day 133 monitored countries (MSS) 3,000+ security related patents 270M+ endpoints reporting malware 25B+ analyzed web pages and images 12M+ spam and phishing attacks daily 96K+ documented vulnerabilities 860K+ malicious IP addresses Millions of unique malware samples IBM X-Force has a long standing history as one of the best known commercial security research and development groups in the world Can leverage security expertise across IBM to better understand what is happening in security Work closely with IBM managed security services group Monitor over 15B security events every day from nearly 4,000 security clients in over 133 countries Have numerous intelligence sources: Global web crawler, probably biggest in world behind Google and Bing Spam traps around the work database of more than 81K security vulnerability – monitored every day International spam collectors All of this is done to stay ahead of continuing threats for our customers Web crawler is particularly interested in files, images, or pages that contain malicious links or content. The team in Kassel Germany who builds our web crawler also developed an anti spam product We have spam traps around the world, receive large amounts of spam so that we can analyze and understand the different types so that we can preemptively block that spam Our work covers 4 key areas: Research Engines Content Deliver Industry/Customer deliverables – such as this X-Force report, blogs, articles, presentations and speaking engagements

5 Key Trends from 2015 Focus on High Value Targets: Health-related PII and other highly sensitive data can be used for social engineering to access even more valuable financial targets Sophistication of Attack Techniques: Quantum leaps in mobile malware juxtapose a continued use of classics like DDoS and POS malware Breaches without Borders: Breaches are now being reported more widely around the world due to expanded targeting and stricter disclosure guidelines A Need for Security Basics: Many of the incidents we’ve seen could be avoided with a focus on security basics

6 Attacks are focusing on higher value data targets
2013 800,000,000+ records breached, with no signs of decreasing in the future 2014 1,000,000,000 records breached, while CISOs cite increasing risks from external threats 2015 Healthcare mega-breaches set the trend for high value targets of sensitive information By January 2016, IBM® X-Force® had tracked 272 security incidents for 2015, on par with the 279 incidents tracked in In terms of total disclosed records, 2014 was notable for more than one billion records being leaked, while 2015 was down to a still staggering 600 million leaked records in incidents tracked by X-Force using public breach disclosures. Notes on 2015: Cybercriminals’ targets are now bigger and their rewards greater as they fine-tune efforts to obtain and leverage higher value data than years past. The demand for leaked data is trending toward higher-value records such as health-related personally identifiable information (PII) and other highly sensitive data, with less emphasis on the s, passwords and even credit card data that were the targets of years past. This PII can be used for social engineering to gain access to valuable financial targets. February saw the first of five 2015 healthcare mega-breach disclosures, which together exposed nearly 100 million records of patient data. While stolen credit card data and user account information can be valuable, these records have a short lifespan and are replaceable. In contrast, Social Security numbers and health history data stolen in these incidents are both much more sensitive and personal to the victims, as well as much harder to replace. As reported by the recent IBM/ Ponemon data breach study, dark web resale of healthcare data can be worth as much as USD363 per record compared to the average for all types of data of USD154 In addition to the theft of healthcare data, 2015 saw an increase in the trading of another type of highly sensitive information. Breaches at adult websites including Adult Friend Finder and Ashley Madison exposed people’s sexual preferences and infidelities to the general public. The intimate nature of this data opened opportunities for extortion and increased social engineering intelligence. It also was linked to a number of suicides of affected victims. More than ever, these incidents bring attention to the complex intersection between our digital and physical identities. $50 vs >=$1/CC#: excellent resale on the black market Cannot replace medical identity like CC# $13,500 = recovery costs for 65% of of victims Used for spear phishing, blackmail, procedures (!) Difficult to erase falsified record data Healthcare provider / payer churn IoT increasing attack surface (pentest reached remote surgical robot!) The healthcare industry is being targeted by cyber threats at an increasingly alarming rate. Once trumped significantly in terms of breaches and malicious attacks by other sectors such as financial and retail, healthcare is no longer on the sidelines. Bringing them front and center are the four largest security breaches affecting this industry  in the last five years. They all occurred in the first half of 2015 with nearly 100,000,000 healthcare records compromised. These breaches brought tremendous costs to the victim healthcare organizations – often significantly greater than those affecting other industries. According to the 2015 Cost of Data Breach Study from the Ponemon Institute, the average cost of a breach per lost or stolen record to a healthcare organization could be as high as $363. This figure is 136 percent higher than the average global cost of a data breach. Large class action lawsuits and fines from violations of regulatory mandates such as the Health Insurance Portability and Accountability Act (HIPPA) in the U.S. most likely contribute to the disparaging differences in costs between healthcare breaches and those targeting other sectors. Why has the healthcare industry become a popular target? The answer is in the data. Healthcare’s crown jewels, protected health information (PHI), has an excellent resale value on the black market.  HIPPA introduced PHI as a term to represent all medical records and health information of an individual. Another frequently used term in the healthcare arena is Electronic Health Record (EHR) which is a record containing PHI. In addition to medical information, EHRs could also include s, social security numbers, banking and employment information. Consequences of compromised PHI are multi-fold. Aside from the significant costs to the compromised healthcare organization, the customers of the targeted company face a plethora of potential hardships and costs. For one, data cannot be privatized again once the records are disclosed. Unlike credit card data that can be easily replaced, an individual’s healthcare history cannot be erased and swapped with a new one. According to a study on the pervasiveness of medical identity theft in United States, “2.32 million adult-aged Americans or close family members became victims of medical identity theft during or before 2014.” This same study also revealed that sixty-five percent of medical identity theft victims paid an average of $13,500 . This significant cost to the individual victim translates to damaged reputation for the targeted health institution. Health and pharmaceutical companies experience higher customer churn following a data breach over other industries in similar predicaments. Not only do attackers find the healthcare industry especially attractive from a financial gain perspective, the many vectors of attack also make it an attractive target. Social engineering via spear-phishing and other scams are proving successful for the attacker targeting healthcare institutions. The use of legacy systems and dated technology allow attackers to attack via tried and true methods. The Internet of Things (IoT), mobile apps, and the cloud are growing trends in this industry that are expanding the attack surface for new exploitation vectors. Daunting as these security challenges may seem, healthcare organizations that are making a concerted effort to put cyber security at the forefront of their priorities are in a strong position to prevent attacks and compromise. Source: IBM X-Force Threat Intelligence Report

7 Classic attacks like DDoS and malware continued to be successful because of a lack of practiced security fundamentals In 2013 we saw the beginning of a new era of retail breaches with a number of large brands impacted by the theft of data from hundreds of millions of credit card accounts. Since then, attackers have been refining their techniques used to exfiltrate point-of-sale (POS) credit card data using specialized malware. In the United States in 2015, the emphasis seemed to be less on attacking larger retail chains. Instead, a greater number of smaller businesses, POS service providers and niche payment systems were targeted. Source: IBM X-Force Threat Intelligence Report

8 Sensitive Personal Data
Breaches of durable PII bring attention to the complex intersection between digital and physical identities 100M healthcare records were exposed in five mega-breaches Durable PII (e.g., SSNs) is harder to replace Healthcare PII Breaches at adult dating websites exposed sexual preferences and infidelities Opens opportunities for extortion and increased social engineering intelligence The breaches were linked to a number of suicides of affected victims Sensitive Personal Data Increasing amounts of bandwidth, with the highest reported attack >600Gbps. The attack can affect not only the targeted domain, but also other sites and services managed by the ISP. DDoS The success of ransomware laid the groundwork for other types of cyber-extortion. Bitcoin ransom demands range from a few hundred to tens of thousands of US dollars. Cyber-Extortion The value of information Ashley Madison & Adult Friend Finder: extortion, intelligence. Suicides of affected victims. Complex intersection between our digital and physical identities. Incidents from digital to physical Jeep hack Attackers successfully disrupted electricity for several days in a region of Ukraine, leaving thousands without power Polish airline grounded in Warsaw in June by what was believed to be a DDoS attack that disrupted flight plan computer systems The success of ransomware schemes targeting end users has laid the groundwork for other types of cyber-extortion. This year saw a rise in DDoS extortion attempts in which attackers threatened website disruptions and demanded a Bitcoin ransom ranging anywhere from the equivalent of a few hundred to tens of thousands of US dollars. Several crime groups such as DD4BC and the Armada Collective targeted a variety of businesses with campaigns that included an attack on several private secure providers. In most cases, the targeted companies opted not to pay and sustained outages while they tuned their defenses to eventually protect themselves.

9 A little something we call OPSEC
Accounts Ashley Madison Adult Friend Finder Identity Tracking Healthcare: many, many United & American OPM, IRS Starwood, Hyatt, Trump background info, fingerprints IoT, Shodan

10 Source: IBM X-Force Threat Intelligence Report - 2016

11 Cybercrime is no longer the domain of amateurs, but rather organized gangs
The top 10 list of malware code listed in figure 4 below reveals, in fact, that cybercrime is no longer the domain of amateurs. While lone hackers and small factions continue to use the Zeus code for their fraud attempts, the more impactful cybercrime is beyond doubt the domain of organized gangs. This is a shift from the situation in 2014, when the Zeus Trojan topped the chart as most rampant, being a code that was publicly leaked and used by many different fraudsters across the globe, most of whom have no way to fix bugs in the malware and no way to further develop the code. Source: IBM X-Force Threat Intelligence Report

12 Crime as a Service (CaaS)
They’ve made it so easy, there’s even Crime as a Service (CaaS) Web based interface, no tech needed Plug in your bitcoin and choose your victims Sit back and collect your ill gotten gains There’s even tech support Source:

13 80% affiliation w/organized crime
Crime as a Service Operational sophistication Commercial collaboration: Sharing, or common sourcing, of infrastructure and configuration data Retrieve web injections from same servers: Shifu, Neverquest, Dyre, Dridex Includes redirection schemes, relying on replicas of real banking sites …combined with technological sophistication Migrate to new platforms, such as Windows 10 Professional programming techniques: Change tracking & versioning Application security “Investing” in new POS malware variants 80% affiliation w/organized crime 35 years average age of cybercriminal

14 The cybercriminal hierarchy
The cybercrime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network. Today’s cybercriminal hierarchy is like a pyramid Major players; hardest to find The “middlemen” Users who want to make money, a statement, or both with their campaigns Source: Cisco 2014 Annual Security Report

15 1 Billion 300K - 3M 150,000 80,000 35M USD that Carbanak grossed
Major cyber heists 1 Billion USD that Carbanak grossed 300K - 3M USD that CryptoLocker —in 100 days Cross between Anunak and Carberp TalkTalk UK based telecom group 150,000 # customer accounts 80,000 GBP ransom amount 35M GBP total est costs

16 Malware is evolving quicker than ever
CoreBot was discovered by IBM researchers in late August. Within days, evolved samples of the modular CoreBot Trojan took on capabilities of a full-fledged banking Trojan. Capabilities now include: Browser hooking for IE, Firefox and Chrome Generic real-time form-grabbing VNC module for remote control MitM capabilities for session takeover 55 preconfigured URL triggers (regex, broad) to target banks Custom web-injection mechanism On-the-fly web-injections from a remote server CoreBot is quite modular, in that its structure and internal makeup are programmed to allow for the easy addition of new data theft and endpoint control mechanisms. CoreBot’s Targets CoreBot now comes with a list of 55 URL triggers that launch it into action. All triggers are online banking sites in the U.S., Canada and the U.K. The triggers include the corporate banking, business banking and private banking pages of 33 target financial institutions. CoreBot’s configuration file appears to be using a trigger format that is very similar to Dyre’s, where not all URLs are very precise. Rather, the triggers are written in regular expressions (RegEx) format, which helps the Trojan fixate on URL patterns and thus target a wider array of financial institutions that use the same electronic banking platforms. CoreBot’s New Financial M.O. With its new theft mechanisms, CoreBot has a new modus operandi. Instead of only stealing stored passwords, it now acts like other banking Trojans such as Zeus, Dyre and Dridex: To begin, CoreBot grabs the victim’s credentials. It displays social engineering to manipulate the victim into divulging more information/personally identifiable information (PII). The Trojan alerts the fraudster to get online once a session has been authenticated. The malware displays a wait notice to stall the victim while the fraudster connects to the endpoint via VNC and takes the session over. At this point, the fraudster can use the session cookie to merge into the same Web session and take over to initiate a transaction or modify the parameters of an existing transfer. The money is subsequently sent to an account the fraudster controls. What’s Next for CoreBot? After the changes CoreBot has seen of late, this malware should be considered a banking Trojan like any other. While it is not as widely distributed as other malware of this sort, it is only a matter of time before it starts appearing in malware campaigns designed to infect users in its target geographies. Another point to keep in mind is that CoreBot is an active project that is in current development. It is likely we may learn more about new capabilities in the coming months and see it targeting other regions around the world. At this time, CoreBot is not being sold in the underground, but that, too, could change. Source: IBM X-Force malware research, “Watch Out for CoreBot, New Stealer in the Wild” and “An Overnight Sensation — CoreBot Returns as a Full-Fledged Financial Malware”

17 The Shifu Trojan took on “best of breed” elements from infamous crimeware that preceded it, and will now lock them out of Shifu’s territory. Shifu Shiz DGA Theft from Bank Apps Corcow Zeus Anti-Sec Gozi/ISFB Stealth Dridex Config XML (uncommon) Conficker Wipe system restore Domain Generation Algorithm (DGA): Shifu uses the Shiz Trojan’s DGA. The exposed algorithm itself is easy to find online, and the developers behind Shifu have elected to use it for the generation of random domain names for covert botnet communications. Theft From Bank Apps: Theft of passwords, authentication token files, user certificate keys and sensitive data from Java applets is one of Shifu’s principal mechanisms. This type of modus operandi is familiar from Corcow’s and Shiz’s codes. Both Trojans used these mechanisms to target the banking applications of Russia- and Ukraine-based banks. Shifu, too, targets Russian banks as part of its target list in addition to Japanese banks. Anti-Sec: Shifu’s string obfuscation and anti-research techniques were taken from Zeus VM (in its Chtonik/Maple variation), including anti-VM and the disabling of security tools and sandboxes. Stealth: Part of Shifu’s stealth techniques are unique to the Gozi/ISFB Trojan, and Shifu uses Gozi’s exact same command execution scheme to hide itself in the Windows file system. Config: The Shifu Trojan is operated with a configuration file written in XML format — not a common format for Trojans, and similar to the Dridex Trojan’s configuration (Dridex is a Bugat offspring). Wipe System Restore: Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009. On the less technical side, Shifu communicates via secure connection that uses a self-signed certificate, just like the one used by the Dyre Trojan. Shifu comes with basic built-in capabilities, which are supplemented by additional modules once it contacts its command-and-control (C&C) server. The initial package comes with features like: Anti-research, anti-VM and anti-sandbox tools; Browser hooking and webinject parser; Keylogger; Screenshot grabber; Certificate grabber; Endpoint classification, monitoring applications of interest; Remote-access tool (RAT) and bot-control modules. Out to Get It All For a banking Trojan to be defined as advanced, it would typically need to possess a variety of real-time theft mechanisms and more than one way to control infected endpoints, including user-grade takeover via RDP/VNC. Shifu appears to come with quite a few bells and whistles in that regard. This Trojan steals a large variety of information that victims use for authentication purposes, covering different sorts of authentication. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications. These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers. Shifu scans, parses and exfiltrates data from smartcards if they are attached to a smartcard reader on the endpoint, and searches cryptocurrency wallets to steal from the infected victim. Intruders: Back Off! Shifu’s operators appear to have no intention of sharing the spoils with anyone outside their gang. Once Shifu has landed on a newly infected machine, it activates an antivirus-type feature designed to keep all other malware out of the game by stopping the installation of suspicious files. Shifu monitors the processes of a list of applications that interact with the Internet on a regular basis, it hooks the URLDownloadtoFile function and keeps close watch on the incoming files the endpoint receives. Files that may harbor malware will be stopped if they: Come from unsecured connections (HTTP); Are executables; Are unsigned. Shifu will stop files suspected of harboring malware, send a copy to its master C&C server, and spoofs an “out of memory” message in reply to the system attempting to run the file. This feature serves to keep Shifu exclusive on the machines it infects. Moreover, sending malware files to its operator on a regular basis allows Shifu to keep tabs on the competition and find out when other cybercriminals are attacking in the same geographical turfs. This is the first time we are seeing malware build “rules” for suspicious files in order to make sure that the endpoint it’s on remains in its exclusive control from the moment of infection. If the endpoint is already infected with other malware, Shifu does not find and delete other malware; but by stopping new files from coming in, it can prevent malware from receiving version and configuration updates, potentially cutting its ties with other botmasters. This is the first time we are seeing malware build prevention “rules” for suspicious files, to make sure that the endpoint it’s on remains in its exclusive control from the moment of infection.

18 Malware is migrating across borders…
Tracking the evolution of malware and the groups that operate banking Trojans shows that organized cybercrime gangs acquire and move resources to different parts of the globe when they believe they will see success in new regions. While malware configurations are easy to change, and target lists can be quite dynamic, Figure 5 illustrates the geography crossings that were the most significant cases we took note of in 2015. Sources: Limor Kessem, “Dyre Malware Takes Summer Holiday in Spain,” Security Intelligence, 14 July 2015. Limor Kessem, “Tinba Trojan Sets Its Sights on Romania,” Security Intelligence, 12 August 2015. Limor Kessem, “Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory?” Security Intelligence, 18 August 2015. Limor Kessem, “Shifu Officially Spreads to the UK: Banks and Wealth Management Firms Beware,” Security Intelligence, 28 September 2015. Eduard Kovacs, “Tinba Banking Trojan Targets Russia,” SecurityWeek, 04 November IBM X-Force Malware Research team. Limor Kessem, “Organized Cybercrime Big in Japan: URLZone Now on the Scene,” Security Intelligence, 01 February 2016. Limor Kessem, “Konnichiwa, Rovnix! Aggressive Malware Hits Japanese Banks,” Security Intelligence, 07 January 2016. Malware leaps across target countries are indicative of increasing sophistication and organization in crime rings because they require more than simple changes to configuration files. Source: IBM X-Force Threat Intelligence Report

19 … indicating growing sophistication needed to organize these new geographic targets
Develop or buy social engineering s for the target geography Rent or pay for localized spam spreading Study local banks’ authentication requirements Develop web-injections to correspond with the transaction flow, language, and look & feel for each target Have local criminals and money mules ready to use The reason these geographical leaps are indicative of increasing sophistication and organization is that they required more than simple changes to configuration files. In each one, malware operators had to go through a preparatory stage to adapt their attack components to the new target geography. They also had to develop or buy addresses for social engineering in the target geography, rent or pay for spam spreading, study local banks’ authentication requirements, develop web injections to correspond with the transaction flow for each target and have local money mules ready to use.

20 The Dyre Wolf campaign is run by a ring of unusually well-funded, experienced and intelligent people
Dyre Wolf’s perpetrators employ a variety of techniques— spear phishing, the Deep Web, malware (initial infection via Upatre), complex process injections, even distributed denial of service (DDoS) sprees—but the main focus of the new campaign is social engineering aimed at stealing banking credentials. Ultimately that’s how money gets transferred directly from victims’ accounts. Source: IBM MSS, “Inside the Dyre Wolf malware campaign“

21 Overlay malware on the mobile operating system is what web injections are to the PC
Mobile overlay malware offers a one-stop shop for blackhats Works with bank apps and other applications that use HTML/JS injections Enable credential collection Capture SMS OTPs Forward authorization calls To mobile what web injections are to the PC First true mobile malware breakthrough since SMS hijacking and spyware Mobile malware’s quantum leap Cybercriminals looking to monetize malicious code by targeting mobile devices have long attempted to devise malware that will enable the same fraud scenarios on mobile devices that Trojans enact on PCs. Although blackhat developers came into the mobile platform with experience and concepts learned from existing PC malware, the crossover to mobile has not matured all that rapidly. The quest for malware that can attack the mobile platform has been ongoing for the past decade, as malicious mobile applications progressed slowly from plain short message service (SMS) hijackers to spyware, remote access Trojans (RATs) and eventually their first true breakthrough in 2015: overlay malware. From sneaky screen switches to pop-up animation tricks, overlay malware on the mobile operating system is what web injections are to the PC. Though lacking the same sophistication and actual “injection” effect (as in its PC counterpart), overlay Trojans nonetheless implement a convincing social engineering effect that can fool users into divulging e-payment login details, online banking credentials and payment card details right from their compromised device. The strength of this type of mobile malware, which emerged in underground boards in the first quarter of 2015, is that it turns the device into a “one-stop shop” for fraudsters. With one overlay malware application, cybercriminals can harvest victim credentials in real time, listen for two-factor authentication codes sent via SMS, or even forward authorization calls to their own numbers in order to complete fraudulent transactions.69 Attacking users on the mobile device can facilitate account takeover and card fraud at a much lower cost to the criminals, and at a lesser risk of being exposed compared to the costs of amassing and running a PC-based botnet. Cybercriminals targeting mobile devices typically use malware that was sold to many different actors, making attribution more difficult to ascertain.60 What’s more, when mobile botnets are set up, they use Voice over IP (VoIP) lines and mobile numbers to receive the stolen data from compromised devices. The cybercriminals register these resources with fake names, under bogus addresses. Just as Trojan communication domains can be registered in a different part of the world, mobile botnet resources do not readily lead to the actual actor behind them, especially if they are located in Eastern Europe. Overlay malware is considered to be the next quantum leap in mobile threats, and this emerging technique is rapidly gaining popularity and prevalence in the wild. Today, overlay malware is created and sold by blackhat mobile developers in underground communities. They are commoditized into service offerings that include the rental or purchase of the malware, a botnet administration panel, application customization, the necessary operational resources (including hosting, servers and IP-based phone numbers) and 24-hour technical support services. This CaaS business model for mobile malware is very reminiscent of how commercial Trojans for PCs used to be peddled in the underground until a few years back. By design CaaS enables newcomers to take on the operation of mobile botnets designed for online financial fraud easily for a few Bitcoins, and then watch their operation in real time on a web-based dashboard.

22 2015 brought X-Force the highest annual number of disclosed vulnerabilities recorded in our database
Our mid-year study, IBM X-Force Threat Intelligence Quarterly, 3Q 2015, reported just over 4,000 new security vulnerabilities, with projected estimate of 8,000 total vulnerabilities for the year. In the second half of 2015 we saw an increase in disclosed vulnerabilities for a total of just under 9,000. This represents the highest number of vulnerabilities the X-Force team has seen and recorded in our database. That number doesn’t include the roughly 1,400 secure socket layer (SSL) vulnerabilities in Android applications that were discovered using an automated tool by US-CERT in 2014 (seen highlighted in the 2014 first quarter report) and that received a Common Vulnerabilities and Exposures (CVE) identifier. Source: IBM X-Force Threat Intelligence Report

23 Mobile and the Internet of Things is creating a Big Data risk
Massive volumes, arriving at high velocity Hard to separate sensitive from not Hard to determine and maintain integrity M2M means access control is being challenged DevOps with continuous delivery is exacerbating the problem

24 Many organizations do not sufficiently monitor published vulnerabilities that may affect the technology protecting their data Reasons could be: They don’t know all the sources of their data because they lack an asset inventory. They don’t understand how critical their vulnerabilities are or the danger they pose to effectively supporting and growing the business. They intend to do a vulnerability scan to identify risks and remediate vulnerabilities, but, lacking an understanding of the risks, they never get around to taking action. Source: IBM X-Force Threat Intelligence Report

25 Many of the incidents we’ve seen could be avoided with a focus on security basics
Maintain a current and accurate asset inventory. Keep up with threat intelligence. Have a patching solution that covers your entire infrastructure. Maintain an identity governance practice to enforce and audit access control. Instrument your environment with effective detection. Create and practice a broad incident response plan.

26 Learn more about IBM X-Force
130+ countries where IBM delivers managed security services 25 industry analyst reports rank IBM Security as a LEADER No. 1 enterprise security software vendor in total revenue 12K+ clients protected including… 90% of the Fortune 100 companies Visit our web page ibm.com/security/xforce Watch our videos IBM Security YouTube Channel View upcoming webinars & blogs SecurityIntelligence.com Follow us on Twitter @ibmsecurity Join IBM X-Force Exchange xforce.ibmcloud.com

27 Mandatory closing slide with copyright and legal disclaimers.

Download ppt "IBM X-Force Insights from the 2016"

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301) 512-3350.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
01110000011100100110100101101111011100100110100101110100011110010010000001100 10001100001011101000110000101110000011100100110100101101111011100100110100101.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.

Topic 5: Basic Security.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Computer Security Keeping you and your computer safe in the digital world.

Computer Security Keeping you and your computer safe in the digital world.
Www.spiceworks.com. www.gntsolutions.com R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING EMAIL CAMPAIGNS,

R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,

Similar presentations

Ads by Google