Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and misconfigurations — remain the most common means to execute attacks.

With today’s attack surface dramatically expanding, access to current, comprehensive, and evidence-based threat intelligence and adversarial insights is crucial for defenders to inform their security strategies. Today’s threat model has changed: AI-first business strategies are inadvertently changing IT architectures and making data more dynamic, introducing new attack vectors and new forms of security risk.

In an effort to make X-Force’s cutting-edge research, threat intelligence and hacker-led insights more easily accessible to the security community we’re introducing the new X-Force research hub.

The research hub will house all X-Force research spanning offensive security, defensive security, threat intelligence and adversary simulation in one place — it will include annual threat reports, threat guides, threat intelligence, proof-of-concept research, defense recommendations and much more to help defenders stay up to date with latest attack trends.

What can you expect in this new hub?

Explore the X-Force research hub

Unparalleled expertise and intelligence

X-Force, incident responders, researchers, and analysts are at the forefront of the battle against cybercrime. These experts bring a wealth of experience and knowledge to the table, constantly analyzing emerging threats and vulnerabilities to stay one step ahead of attacks. Their ability to anticipate and understand new attack vectors enables them to provide actionable intelligence and timely guidance to organizations across the globe, via major research reports like the Threat Intelligence Index 2023, Cloud Threat Landscape (2023 edition coming in September), and Cost of a Data Breach 2023, in addition to ongoing research published here. This hub will provide a front-row seat to the latest X-Force research.

Global collaboration and shared insights

X-Force believes in the power of collaboration to combat cyber threats effectively. By fostering partnerships with other cybersecurity experts, sharing threat intelligence, and participating in the broader cybersecurity community, X-Force contributes to a collective defense against cybercrime. This collaborative approach ensures that insights and knowledge gained from one attack are used to prevent similar incidents in the future, benefiting the global cybersecurity landscape.

The hub will be broken out into four categories:

  • Adversary Services: Cutting-edge security research by senior red team operators, vulnerability researchers, and offensive engineers from the X-Force Adversary Services team, used to simulate sophisticated threat actors and help customers defend against advanced attacks.
  • Defensive Security: In-depth IR coverage from the incident responders working to detect, contain and recover from attacks 24×7.
  • Threat Intelligence: Breaking research on the latest threats, vulnerabilities and trends from global security intelligence experts who provide industry-leading analysis.
  • Offensive Security: Expert analysis from the X-Force Red hackers hired to break into organizations and help fix their most critical vulnerabilities.

What types of research can you expect? Here are examples of recent research articles released:

  • Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
  • Patch Tuesday to Exploit Wednesday: Weaponizing an N-Day vulnerability to an exploit in 24 hours
  • MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis & Feature Flag manipulation
  • X-Force certified containment: responding to AD CS attacks
  • BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan
  • The TrickBot Conti Crypters: Where are they now?
  • ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

Access to information elicits action. We hope that by creating this repository of X-Force’s insight we can help better inform security teams’ priorities and defense posture. Bookmark the new hub at: www.securityintelligence.com/x-force.

The post Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub appeared first on Security Intelligence.


Leave a Reply

Your email address will not be published. Required fields are marked *