IBM Security QRadar

 View Only

QRadar content and X-Force Threat Intelligence Index report 2022

By Gladys Koskas posted Fri February 25, 2022 11:20 AM


Hi guys

The X-Force Threat Intelligence Index report 2022 has been released !
It is available for download here.

I couldn't wait to see the report, so I would be able to tell you about the content that could help you with the monitoring of the top threats of the moment.


Topic #1 Ransomware

For the third consecutive year, ransomware has been the most popular type of attack. 21% of the attacks responded by X-Force last year were related to ransomware, 37% of them were tied to REvil, 13% were tied to Ryuk.

There is the content that can help you detect these two ransomware, and many more:

We were just about to release a new version of the pack with new rules to detect threats using JA3 signatures, including Ryuk hashes, what a cool coincidence ! Watch out for updates on the app exchange in the next few days :) 

It is so present that I've already covered ransomware a lot, here is the list of blogs you can find on the topic:


Topic #2 Phishing and Vulnerability exploitation

Although my manager told me recently that he has received a phishing attempt in his actual mail box (yes, like on paper!) and I found it crazy, the phishing that we want to look at today is the one commuting through email !

"Phishing was the most popular initial infection vector in 2021, making up 41% of all incidents IBM Security X-Force responded".

And for that one, we have two content packs:

Another reason for which you should get the IBM QRadar Security Threat Monitoring Content Extension is because of Log4j...
Do you have chills going through your spine just with the mention of it ?! It does bring a lot of headache memories back to my mind when I think of it...

We want to keep supporting you with it, that's the reason why we keep releasing content to help you detect the exploitation of the CVE-2021-44228.

Once again, you should monitor the App Exchange in the next few days because we're including more ways to detect the exploit with both logs and flows with the addition of 4 rules (to the existing 4) and 1 custom function.


Topic #3 Cloud threats and Linux malware innovation

"Linux ransomware with new (unique) code increased by 146% from 2020 to 2021 [...] 14% of Linux ransomware had new/unique code in 2021."
I'll go straight to the point, this is simply another reason to download the IBM QRadar Endpoint Content Extension.
The content pack has been developed to work for Windows as much as it can work for Linux devices, all the content that we are releasing is as vendor agnostic as it can be. This means that there might be rules specific to Windows, some are specific to Linux, use cases are common to both of them.

"Malware more capable across cloud platforms"
As for the cloud and containers, we also have dedicated content extensions that can help you:

I think these are the numbers I wanted to cover with you, I hope that having all the links at the same place will help.

I highly recommend that you download the X-Force report, it contains a lot of information that I didn't mention, statistics per industry, per region, etc. You can also register to the webinar happening on March 3rd to go deep dive in some highlights of the report.

Don't forget to check the App Exchange for updates in the next few days for the update of the Endpoint and Threat content extensions !​​​

If you are interested in reading more about QRadar Security Content, you can find the complete list of blog entries here.