You spend your days getting ready to stop threat actors. But even as you wonder, attackers could already be ‘casing the joint’. Before any well-organized attack, skillful or professional attackers quietly snoop around, looking for chances to gain access. It’s called malicious reconnaissance — the unauthorized active monitoring or probing…

IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new insight…

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible.  Between June of 2020 and June of 2021, the transportation industry witnessed a…

Does the left hand know what the right hand is doing? Or does even the left pinky know what the left ring finger is doing? Problems can easily arise when policies, including cybersecurity ones, end up being out of sync with business, technical, legal or regulatory requirements. The situation becomes…