Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and misconfigurations — remain the most common means to execute attacks.

With today’s attack surface dramatically expanding, access to current, comprehensive, and evidence-based threat intelligence and adversarial insights is crucial for defenders to inform their security strategies. Today’s threat model has changed: AI-first business strategies are inadvertently changing IT architectures and making data more dynamic, introducing new attack vectors and new forms of security risk.

In an effort to make X-Force’s cutting-edge research, threat intelligence and hacker-led insights more easily accessible to the security community we’re introducing the new X-Force research hub.

The research hub will house all X-Force research spanning offensive security, defensive security, threat intelligence and adversary simulation in one place — it will include annual threat reports, threat guides, threat intelligence, proof-of-concept research, defense recommendations and much more to help defenders stay up to date with latest attack trends.

What can you expect in this new hub?

Explore the X-Force research hub

Unparalleled expertise and intelligence

X-Force, incident responders, researchers, and analysts are at the forefront of the battle against cybercrime. These experts bring a wealth of experience and knowledge to the table, constantly analyzing emerging threats and vulnerabilities to stay one step ahead of attacks. Their ability to anticipate and understand new attack vectors enables them to provide actionable intelligence and timely guidance to organizations across the globe, via major research reports like the Threat Intelligence Index 2023, Cloud Threat Landscape (2023 edition coming in September), and Cost of a Data Breach 2023, in addition to ongoing research published here. This hub will provide a front-row seat to the latest X-Force research.

Global collaboration and shared insights

X-Force believes in the power of collaboration to combat cyber threats effectively. By fostering partnerships with other cybersecurity experts, sharing threat intelligence, and participating in the broader cybersecurity community, X-Force contributes to a collective defense against cybercrime. This collaborative approach ensures that insights and knowledge gained from one attack are used to prevent similar incidents in the future, benefiting the global cybersecurity landscape.

The hub will be broken out into four categories:

  • Adversary Services: Cutting-edge security research by senior red team operators, vulnerability researchers, and offensive engineers from the X-Force Adversary Services team, used to simulate sophisticated threat actors and help customers defend against advanced attacks.
  • Defensive Security: In-depth IR coverage from the incident responders working to detect, contain and recover from attacks 24×7.
  • Threat Intelligence: Breaking research on the latest threats, vulnerabilities and trends from global security intelligence experts who provide industry-leading analysis.
  • Offensive Security: Expert analysis from the X-Force Red hackers hired to break into organizations and help fix their most critical vulnerabilities.

What types of research can you expect? Here are examples of recent research articles released:

Access to information elicits action. We hope that by creating this repository of X-Force’s insight we can help better inform security teams’ priorities and defense posture. Bookmark the new hub at: www.securityintelligence.com/x-force.

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today