Archive for IBM

Cloud Vulnerabilities Surge 200% Due To Poor Security: IBM

Posted in Commentary with tags on September 14, 2023 by itnerd

The IBM X-Force Cloud Threat Landscape Report 2023 tracked 632 new cloud-related vulnerabilities between June 2022 and June 2023 and saw a 194% increase over the previous year bringing the total number tracked by the vendor to 3900, a number that has doubled since 2019. 

In 36% of the real-world cloud incidents, the top initial access point for cloud compromises was the use of valid credentials either attained during an attack or stolen prior to targeting a specific victim. That is a significant jump from the 9% observed the previous year.  

“[It] highlights the need for organizations to move beyond human-reliant authentications and prioritize technological guardrails capable of securing user identity and access management,” IBM analyst Chris Caridi said. 

The X-Force team found examples of poor security practices such as plaintext credentials located on user endpoints in 33% of incidents involving cloud environments. 

The next two most common access strategies, each 14% of engagements, were exploitation of public-facing applications and phishing and spear phishing.

Dave Ratner, CEO, HYAS had this to say:

   “Chris Caridi is correct that organizations need to do a better job of securing and authenticating user identity.  At the same time, bad actors will always break in, so the report also highlights the need for improved visibility and observability of anomalous communication patterns via Protective DNS — the telltale sign of an initial breach beaconing out to its command-and-control for instructions.  Only through a defense-in-depth strategy will organizations truly be able to implement business and operational resiliency.”

With the cloud being as pervasive as it is within most organizations, there really needs to be a focus on clouds security to ensure that this isn’t a threat to an organization’s security.

Healthcare Breach Costs Reaches $11M With The Sector Having Trouble Attracting Talent Says IBM

Posted in Commentary with tags on July 24, 2023 by itnerd

According to IBM’s Cost of a Data Breach Report released today, the average healthcare data breach has reached $10.93 million which is an 8% jump from a year ago, when the average cost topped $10 million for the first time.  

For the 13th year in a row, the healthcare industry has suffered more expensive data breaches than any other sector. By comparison, the average cost of a data breach across all industries is less than half at $4.45 million.  

“We’re seeing a very big increase for healthcare organizations, probably because they’re really in the crosshairs of attackers. And there is no relenting so far,” said Limor Kessem, a senior cybersecurity consultant for IBM Security.  

Meanwhile, healthcare organizations have trailed other industries in their cybersecurity defenses as health systems have had trouble attracting top cybersecurity talent, because other industries pay better.  

“Security folks are going to work for places where they could get the bigger paycheck, and it’s not always going to be a healthcare organization,” Kessem says. “It’s a tough industry to get very skilled staff.” 

I have three comments on this. The first is from Carol Volk, EVP, BullWall:

   “Work smarter, not harder. There is good affordable automation available (and coming) in the cybersecurity field. Even the best cybersecurity teams get overwhelmed by too many alerts, so there is a serious effort to automate the filtering of those “alerts” to just those requiring immediate human interaction, effectively slowing down the alert pace to a manageable, human speed.  This is why the automation of detection and containment of attacks is more and more the focus. The attack is slowed or stopped before data can be affected, allowing defenders time to respond. The application of AI is expected to greatly accelerate this effort of determining what must be reviewed by humans for response.”

The second is from Emily Phelps, Director, Cyware

   “Healthcare will always be an attractive target for threat actors because of the valuable data they collect and store. Adversaries don’t only outnumber available cybersecurity pros; they collaborate effectively too. To mitigate the risks, healthcare organizations should leverage automation tools that enable lean security teams to efficiently address threats; they should ensure they invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks; and they should consider partner with security providers that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”

And the last is from Stephen Gates, Principal Security SME,

   “The healthcare industry is being impacted by an enormous threat landscape with vast numbers of threat actors who are looking to breach organizations’ networks, steal their data, hold them for ransom, and potentially destroy their businesses. The defensive technologies they have in place are proving to be insufficient in blocking today’s attacks. Continuously assessing your network attack surface, finding your weaknesses, remediating them immediately, and verifying that your remediations worked is the best way organizations can stay ahead of attackers. Consider attacking yourself daily, then fixing what matters most.”

The challenges with securing the healthcare space need to be fixed, and that needs to happen now. Whether that’s through automation, people, or both, the status quo cannot be allowed to continue.

Rapid7 Says That An IBM Aspera Vulnerability Has Been Used To Install Ransomware

Posted in Commentary with tags on March 29, 2023 by itnerd

Security researchers with Rapid7 have disclosed threat actors are exploiting a critical vulnerability in an IBM file-exchange application to install ransomware on servers. The IBM Aspera Faspex critical vulnerability, tracked at CVE-2022-47986, was patched by IBM in January.

Sylvain Cortes, VP of Strategy at Hackuity had this comment:

     “It is unsettling to note that for the same vulnerability (CVE-2022-47986) many cyber security companies have their own information that remains fragmented. It is important to be able to unify this information from several vendors in order to maximize its defense operations and trigger the right response. Solutions that aggregate vulnerability-related data from vulnerability scanners, EDRs or even service practices provide organizations with the critical visibility they depend on.”

This reminds me of the  GoAnywhere file transfer solution vulnerability that has led to multiple organizations being pwned by the Cl0p ransomware group. Except that we haven’t seen threat exploit this to the same degree that Cl0p has. If you use IBM Aspera, you should be applying these patches ASAP, assuming you haven’t already so this doesn’t turn into another GoAnywhere situation.

Time To Deploy Ransomware Down… Successful Ransomware Prevention Up: IBM

Posted in Commentary with tags on February 22, 2023 by itnerd

According to IBM, ransomware prevention saw massive improvements in 2022, while ransomware time to deploy (TTD) dopped by 94%, just two findings derived from billions of datapoints collected in 2022 from network and endpoint devices by IBM and reported on in their “X-Force Threat Intelligence Index 2023.” This is a wide-ranging report with excellent stats:

  • 27% – Percentage of attacks included extortion – 30% aimed at manufacturing
  • 21% – Share of incidents that saw backdoors deployed – the top action on objective
  • 17% – Ransomware’s share of attacks (down from 21% in 2021)
  • 41% – Percentage of incidents involving phishing for initial access
  • 26% – Exploited public-facing applications
  • 100% – Increase in the number of thread hijacking attempts per month

Top impacts 2022

  • 21% – Extortion
  • 19% – Data theft
  • 11% – Credential harvesting
  • 11% – Data leak
  • 9% – Brand reputation

This is a bit of mixed bag. But at least the fact that ransomware is being stopped is good news.

Morten Gammelgaard, EMEA, co-founder of BullWall had this to say:

   “It is excellent news that ransomware prevention is improving, if for no other reason than it diverts cybercriminals away from executing attacks to developing new tactics, which they will. With extortion, data theft, data leaks and brand reputation being the top 4 out of 5 ways ransomware impacted organizations in 2022, organizations cannot rely solely on prevention and need to also consider active defense/containment strategies to catch the attacks that bypass prevention-based tools. When an active attack is unable to encrypt or exfiltrate data, organizations are given time to respond, eliminating 80% of the potential impact to their business.”

David Maynor, Senior Director of Threat Intelligence at Cybrary followed up with this:

“There are three kinds of lies: lies, damn lies, and ransomware stats. For the last couple of months depending on who you ask ransomware attacks and becoming less of a problem or they are increasing. If your risk model is based on arbitrary thresholds like at 20% we don’t address it but we take it seriously at 21% of attacks seen…you have already lost and a ransomware actor is probably watching you read this.”

Hopefully when this report comes out in 2024, we see more ransomware being stopped which means by extension that ransomware is less profitable for the people behind ransomware.

IBM Axes Nearly 4000 Jobs

Posted in Commentary with tags on January 26, 2023 by itnerd

The tech layoffs continue with IBM being the latest company to lay staff off. They announced yesterday that nearly 4000 had gotten the axe:

Chief Financial Officer James Kavanaugh told Reuters that the company was still “committed to hiring for client-facing research and development”.

The layoffs — related to the spinoff of its Kyndryl business and a part of AI unit Watson Health — will cause a $300 million charge in the January-March period, IBM said.

But here’s the really bad part about this. Investors don’t think the cuts went far enough:

Shares of the company fell 2% in extended trading, erasing earlier gains on the largely upbeat results. Analysts said news of the job cuts and free cash flow miss was behind the drop.

“It seems as if the market is disappointed by the size of its announced job cuts, which only amounted to 1.5% of its workforce,” said Jesse Cohen, senior analyst at

“Investors were hoping for deeper cost-cutting measures.”

If that is true it really is a sad commentary on the times that we live in. Having people lose their jobs shouldn’t be seen as a sport where the biggest job cuts announced by a company wins. But clearly that’s how Wall Street sees things. And that’s sad.

IBM Comes Out With A Report On The Cost of a Data Breach

Posted in Commentary with tags on July 27, 2022 by itnerd

IBM has released the annual ‘Cost of a Data Breach’ report, conducted by Ponemon Institute, which found that the cost of a data breach in 2022 totaled $4.35 Million, an increase of 2.6% since last year’s total of $4.24 Million.

Sanjay Raja, VP of Product, Gurucul had this comment:

     “The follow-up attack effect, as described, is a significant problem as the playbooks and solutions provided to security operations teams are overly broad and lack the necessary context and response actions for proper remediation. For example, shutting down a user or application or adding a firewall block rule or quarantining a network segment to negate an attack is not a sustainable remediation step to protect an organization on an ongoing basis. It starts with a proper threat detection, investigation and response solution. Current SIEMs and XDR solutions lack the variety of data, telemetry and combined analytics to not only identify an attack campaign and even detect variants on previously successful attacks, but also provide the necessary context, accuracy and validation of the attack to build both a precise and complete response that can be trusted. This is an even greater challenge when current solutions cannot handle complex hybrid multi-cloud architectures leading to significant blind spots and false positives at the very start of the security analyst journey.”

What’s worse than the economic cost is the repetitional damage that can happen. And that’s a dollar amount that you can’t calculate. Thus companies need to make sure that they don’t become the next headline.

IBM Is Out Of The Facial Recognition Business Citing Racial Profiling Issues Among Others

Posted in Commentary with tags on June 9, 2020 by itnerd

A bombshell dropped earlier today from IBM who announced that they are getting out of the facial recognition business. This news came via IBM CEO Arvind Krishna in a letter to Congress today. Here’s the reasons why:

IBM no longer offers general purpose IBM facial recognition or analysis software. IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency. We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.

Artificial Intelligence is a powerful tool that can help law enforcement keep citizens safe. But vendors and users of Al systems have a shared responsibility to ensure that Al is tested for bias, particularity when used in law enforcement, and that such bias testing is audited and reported.

Finally, national policy also should encourage and advance uses of technology that bring greater transparency and accountability to policing, such as body cameras and modern data analytics techniques.

Clearly this is related to the protests tied to the death of George Floyd at the hands of police. Companies like IBM are clearly re-evaluating their relationships with police agencies and making adjustments. However, I would say that into this void other companies will step in. Clearview AI who appear not to have the same moral standards as IBM is likely to fill this void. Which means that this tech will still be out there.

IBM To Acquire Red Hat… Wow!

Posted in Commentary with tags , on October 29, 2018 by itnerd

IBM has decided to drop $34 billion to acquire Red Hat who are one of the leaders, if not the leader in the enterprise Linux space. According to a joint statement, IBM will pay cash to buy all shares in Red Hat at $190 each. Given that shares of Red Hat were at $116.68 on Friday, that’s one hell of a premium that IBM has to pay to score this company. Red Hat will become a unit of IBM’s Hybrid Cloud division, with Red Hat CEO Jim Whitehurst joining IBM’s senior management team and reporting to CEO Ginni Rometty. So clearly there’s a cloud related play here.

Trust me, this deal is going to get a lot of attention in a lot of places. Most notably in Redmond Washington.

GM & IBM Team Up To Create OnStar Go

Posted in Commentary with tags , on October 26, 2016 by itnerd

General Motors and IBM today announced a partnership to bring the power of OnStar and IBM Watson together to create OnStar Go, the auto industry’s first cognitive mobility platform. Starting in early 2017, OnStar is expected to give millions of GM drivers the ability to connect and interact with their favorite brands. The platform will deliver personalized content through the dashboard and other digital channels supported by the OnStar Go ecosystem to make the most of time spent in the car.


Combining OnStar’s industry leading vehicle connectivity and data capabilities with IBM Watson APIs will create experiences that allow drivers and passengers to achieve greater levels of efficiency and safety. These experiences could include avoiding traffic when you’re low on fuel, then activating a fuel pump and paying from the dash; ordering a cup of coffee on the go; or getting news and in-vehicle entertainment tailored to your personality and location in real time.

The GM/IBM partnership will expand the existing OnStar AtYourService offers and deals platform by launching new capabilities supported by OnStar Go with IBM Watson. These capabilities will be available in more than two million 4G LTE connected vehicles and millions of GM vehicle brand app-enabled mobile devices in the U.S. by the end of 2017.

With the customer’s consent, Watson will learn the driver’s preferences, apply machine learning and sift through data to recognize patterns in their decisions and habits. This information will allow brand and marketing professionals working with IBM and OnStar to deliver individualized location-based interactions that directly impact their target audiences. Companies in retail, fuel, hospitality, media and entertainment, restaurants and travel and transportation and more can use OnStar Go to build individualized mobile, in-vehicle experiences for a growing population of connected drivers that opt-in.

The new cognitive mobility platform enables brands to design Watson-enabled consumer experiences. Examples of potential uses include:

  • OnStar Go taps Watson Personality Insights and Watson Conversation APIs to remind a working father to pick up diapers and formula at the pharmacy a few miles before his exit, so he won’t have to leave the house again once he gets home.
  • The platform employs Watson Tradeoff Analytics to give a traveling foodie dining recommendations from celebrity chefs when driving in a new city.
  • Watson Retrieve and Rank, used by OnStar Go, lets the driver know that their order is ready for pickup at a nearby retail store and one of the store’s employees will load their purchases into the car.

“IBM and GM are changing the whole notion of where valuable, daily rituals occur.  The combination of IBM Watson and industry-leading OnStar connectivity will enable vehicles with intelligent branded skills and services to empower drivers and passengers,” said Paul Papas, Global Leader, IBM iX. “Simply put, OnStar Go with IBM Watson transforms time wasted in the car into time well spent.”

ExxonMobil, Glympse, iHeartRadio, Mastercard and Parkopedia are the first brands to join the platform.

  • ExxonMobil will use the cognitive mobility platform to help drivers quickly locate Exxon and Mobil retail fuel stations, recommend the best fuel and lubricant product for their vehicle, and authorize fuel payment from inside the vehicle. Consumers can even pay for a car wash or, when away from their car, get notified when they are low on fuel.
  • As a location technology partner in the cognitive mobility platform, Glympse enables consumers and businesses to manage customized real-time location sharing with anyone on any device.
  • iHeartRadio will use Watson insights from OnStar Go to curate personalized experiences that leverage on-air personalities and local content from radio stations across the U.S. Drivers will be invited to share information from their calendars, social graph, location, music preferences and more, to create dynamic and locally relevant entertainment experiences only available through the power of radio.
  • Mastercard will enable drivers and passengers to safely make simple, secure and seamless payments for goods and services from the comfort of their cars. By integrating the security of Mastercard tokenization platform — Mastercard Digital Enablement Service (MDES) — and Masterpass digital payment service within OnStar Go, Mastercard will enable consumers to complete transactions using credit or debit cards stored in their Masterpass wallets.
  • Parkopedia will provide detailed parking spot information — including opening hours and up-to-date prices as well as booking and payment capabilities. Drivers find, reserve and pay for parking all at the click of a button.

The cognitive mobility platform was designed and developed by IBM iX in conjunction with OnStar, using iX’s expertise in experience and mobile design. iX is also working with GM to design OnStar’s intuitive, touch screen interfaces for consumers on the go. The Weather Company, an IBM Company, will provide rich weather and location data to support personalized targeting and warnings about driving conditions.

GM began the connected vehicle revolution 20 years ago with the launch of OnStar and has more connected vehicles on the road than any other automaker. By the end of 2016, GM expects to have 12 million OnStar connected vehicles on the road worldwide.

IBM Plans to Acquire The Weather Company’s Product and Technology Business

Posted in Commentary with tags on October 31, 2015 by itnerd

IBM today announced that it has entered into a definitive agreement to acquire The Weather Company’s B2B, mobile and cloud-based web properties. This includes WSIweather.comWeather Underground and The Weather Company brand. The TV segment – The Weather Channel – will not be acquired by IBM, but will license weather forecast data and analytics from IBM under a long-term contract. The combination of technology and expertise from the two companies will serve as the foundation for the new Watson IoT Unit and Watson IoT Cloud platform, building on a $3B commitment made by IBM in March 2015 to invest in related offerings and services.
Some interesting related information:

  • The Weather Company’s data platform hosts the fourth-most used mobile app in the U.S.
  • Cloud-based service handles 26 billion requests a day.
  • IBM ramps up new Watson IoT unit with powerful cloud platform for cognitive business.

Upon closing, IBM will acquire The Weather Company product and technology assets that include the world’s leading meteorological data science experts, precision forecasting capabilities and a high-volume cloud platform that ingests, processes, analyzes and distributes enormous data sets at scale in real time. The company’s sophisticated models analyze data from three billion weather forecast reference points, more than 40 million smartphones and 50,000 airplane flights per day, allowing it to offer a broad range of data-driven products and services to more than 5000 clients in the media, aviation, energy, insurance and government industries.