In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service, called Turla, the Snake malware operated for close to 20 years, stealing do ..read more

In mid-March 2022, the underground cyber forum BreachForums quietly made its debut. Within a year, the platform became one of the most prolific cyber crime forums in history. According to the FBI, BreachForums illegally posted hacked data pertaining to nearly 14 billion people globally. It hosted breaches that included data related to 7 million Robinhood customers, 23 terabytes of Shanghai National Police data and, more recently, 56,000 records from the D.C. Health Benefit Exchange Authority. The D.C.-based hack exposed the personal details of Congress members, their families, staff and tens o ..read more

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses must be prepared to block more break-ins and implement strategies that keep attackers ..read more

Dark web forums are home to various individuals interested in conducting illicit or questionable activities. These forums offer opportunities such as the transaction of stolen data, Malware-as-a-Service, hacking services and invitations to collaborate in hacktivism. Cyber crime team members are recruited directly from the source: the dark web. What does this activity look like? Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. They examined job postings and resumes that contained information about full-time or long-term employment. Like any modern ..read more

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin. Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down. Its creator was eventually arrested and sentenced to life in prison. But in a plot twist right out of a spy novel, a cyber attacker stole thousands of bitcoins from Silk Road and hid them away. It took law enforcement years to find the perpetrator. By then, the Bitcoins were worth more than $3.3 billion. The extended law enforcement operation was ..read more

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on the “cracked doors” that cybercriminals are usi ..read more

As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses still control their own destiny when it comes to cloud security. Misconfigurations across applications, databases and policies could have stopped two-thirds of breached cloud environments observed by IBM in this year’s report. IBM’s 2021 X-Force Cl ..read more

A globe-spanning group of law enforcement agencies took down DarkMarket, an underground dark web marketplace. The European Union Agency for Law Enforcement Cooperation (Europol) announced the successful operation on Jan.12. DarkMarket was a hub for threat actors to buy and sell counterfeit products. Stolen credit card details and malware were up for grabs, as well as other illicit goods and services. At the time of the takedown, DarkMarket was the world’s largest illegal dark web marketplace with about 500,000 users and 2,400 sellers. Its more than 320,000 sales involved over 4,650 bitcoi ..read more

Financial firms continue to move to digital-first deployments, as retail branches close, and people shift to remote work. This shift makes understanding and preventing even common darknet, or dark web, threats a priority. Financial cybersecurity investment institutions need to understand what the dark web is, provide their security teams with the tools to explore it safely and prioritize areas of concern. Taken together, these actions can limit risk and improve regulatory compliance. About the Darknet Originally designed to hide users’ activities and identities, the dark web, also known as dar ..read more

As reported in the IBM X-Force Threat Intelligence Index 2020, X-Force research teams operate a network of globally distributed spam honeypots, collecting and analyzing billions of unsolicited email items every year. Analysis of data from our spam traps reveals trending tactics that attackers are utilizing in malicious emails, specifically, that threat actors are continuing to target organizations through the exploitation of older Microsoft Word vulnerabilities (CVE-2017-0199 and CVE-2017-11882). CVE-2017-0199 was first disclosed and patched in April 2017. It allows an attacker to download an ..read more