Posts Tagged ‘internet security’
IBM X-Force Mid-Year Report: Security Attacks Focused On Browsers, Mobile, Social
SPAM aside, IBM’s mid-year X-Force Trend and Risk Report shows a sharp increase in browser-related exploits, renewed concerns around social media password security, and continued challenges in mobile devices and corporate “bring your own device” (BYOD) programs.
Yesterday, IBM released the results of its X-Force 2012 Mid-Year Trend and Risk Report.
The mid-year report is troubling, revealing ongoing challenges and opportunities and the need for continued vigilance in the digital security realm.
The headlines: The latest report shows a sharp increase in browser-related exploits, renewed concerns around social media password security, and continued challenges in mobile devices and corporate “bring your own device” (BYOD) programs.
“Companies are faced with a constantly evolving threat landscape, with emerging technologies making it increasingly difficult to manage and secure confidential data,” said Kris Lovejoy, General Manager, IBM Security Services. “A security breach–whether from an outside attacker or an insider–can impact brand reputation, shareholder value, and expose confidential information. Our team of security threat analysts track and monitor security events and attack activity to better help our clients stay ahead of emerging threats.”
Mobile, Social: New Security Targets Of Opportunity
Since the last X-Force Trend and Risk Report, IBM’s X-Force has seen an increase in malware and malicious web activities:
- A continuing trend for attackers is to target individuals by directing them to a trusted URL or site which has been injected with malicious code. Through browser vulnerabilities, the attackers are able to install malware on the target system. The websites of many well-established and trustworthy organizations are still susceptible to these types of threats.
- The growth of SQL injection, a technique used by attackers to access a database through a website, is keeping pace with the increased usage of cross-site scripting and directory traversal commands.
- As the user base of the Mac operating system continues to grow worldwide, it is increasingly becoming a target of Advanced Persistent Threats (APTs) and exploits, rivaling those usually seen targeting the Windows platform.
Emerging Trends in Mobile Security
While there are reports of exotic mobile malware, most smartphone users are still most at risk of premium SMS (short message service, or texting) scams.
These scams work by sending SMS messages to premium phone numbers in a variety of different countries automatically from installed applications. There are multiple scam infection approaches for this:
- An application that looks legitimate in an app store but only has malicious intent
- An application that is a clone of a real application with a different name and some malicious code
- A real application that has been wrapped by malicious code and typically presented in an alternative app store
One game-changing transformation is the pervasiveness of Bring Your Own Device (BYOD) programs. Many companies are still in their infancy in adapting policies for allowing employees to connect their personal laptops or smartphones to the company network.
To make BYOD work within a company, a thorough and clear policy should be in place before the first employee-owned device is added to the company’s infrastructure.
Improvements in Internet Security Continue
As discussed in the 2011 IBM X-Force Trend and Risk Report, there continues to be progress in certain areas of Internet security. IBM X-Force data reports a continuing decline in exploit releases, improvements from the top ten vendors on patching vulnerabilities and a significant decrease in the area of portable document format (PDF) vulnerabilities.
IBM believes that this area of improvement is directly related to the new technology of sandboxing provided by the Adobe Reader X release.
Sandboxing technology works by isolating an application from the rest of the system, so that if compromised, the attacker code running within the application is limited to what it can do or what it can access.
Sandboxes are proving to be a successful investment from a security perspective. In the X-Force report, there was a significant drop in Adobe PDF vulnerability disclosures during the first half of 2012.
This development coincides nicely with the adoption of Adobe Reader X, the first version of Acrobat Reader released with sandboxing technology.
New IBM Security Operations Center Opens In Poland
To further protect its clients from emerging threats like those reported in the IBM X-Force Mid-Year Trend and Risk Report, IBM yesterday announced the opening of a security operations center in Wroclaw, Poland.
This newest IBM Security Operations Center is the 10th worldwide facility to help clients proactively manage these threats, including real-time analysis and early warning notification of security events.
Data for the bi-annual X-Force report comes from IBM’s security operations centers which monitor more than 15 billion security events a day on behalf of approximately 4,000 clients in more than 130 countries.
About the IBM X-Force Trend and Risk Report
The IBM X-Force Trend and Risk Report is an annual assessment of the security landscape, designed to help clients better understand the latest security risks, and stay ahead of these threats.
The report gathers facts from numerous intelligence sources, including its database of more than 68,000 computer security vulnerabilities, its global Web crawler and its international spam collectors, and the real-time monitoring of 15 billion events every day for approximately 4,000 clients in more than 130 countries.
These 15 billion events monitored each day, are a result of the work done in IBM’s 10 global security operations centers, which is provided as a managed security service to clients.
To view the full X-Force 2012 Mid-Year Trend and Risk Report go here.
Internet Insecurity
You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?
That’s what I got today in a Washington Post email newsletter:
“New malware is 20 times size of Stuxnet”
“Cybersecurity experts needed to meet growing demand”
Surely the Post newsletter editor at least chuckled when he put those two together.
I didn’t chuckle, however, when I started reading up on this new Internet security phenom.
Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”
Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.
And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.
The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”
Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?
Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”
If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges. This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”
Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”
Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”
Recorded conversations?
Yes, indeedy. According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”
It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”
It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture. Literally.
I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.
Cyber Insecurity
Some veddy interesting news on the cybersecurity front has reared its ugly head the last couple days.
First, VMware confirmed via CRN yesterday that proprietary source code from its ESX server hypervisor (server virtualization software) had been posted online, but in a blog post about the incident, the director of VMware’s Security Response Center said the posted code was created sometime in 2003 and 2004.
That raises questions as to relevance, according to CRN, with VMware explaining that “the fact that it has been made public does not necessarily put VMware customers at risk.”
Yet given the large number of providers that run vSphere, it could have “a broad and widespread impact.”
Here’s the blog post from VMware — for those potentially impacted, one to keep an eye on.
This just as the Obama Administration comes out against the current House cybersecurity bill entitled the “Cyber Intelligence Sharing and Protection Act,” or “CISPA,” a law proposed last November by U.S. Rep. Michael Rogers (R-MI) and 111 co-sponsors that would allow the voluntary sharing of attack and threat information between the U.S. Government and security cleared technology and manufacturing companies to try and ensure the security of networks against patterns of attack.
CISPA was reported out of committee on December 1, 2011, but has yet to be debated or brought to a vote.
The Electronic Frontier Foundation has also come out against the bill, concerned that the bill’s broad warnings would leave little protection for individual consumers and not provide effective judicial oversight for the types of monitoring the bill would allow.
If, in the meantime, you’re looking for some industry thought leadership on the topic of security, IBM’s own Marc Van Zadelhoff, the director of strategy for IBM’s still relatively new Security Solutions Division, look no further than this podcast interview (MP3, 17:45 minutes, 10.2 MB) where Marc provides extensive insight into IBM’s approach to security intelligence and compliance. You can also read a transcript here. (36.4KB, PDF)
A Hacker’s Nervous Breakdown
How ironic that here I am at Pulse 2012, where we’re talking about Internet and other related security matters, and then this headline: EXCLUSIVE: Infamous international hacking group LulzSec brought down by own leader.
Wow.
Apparently, law enforcement agents on two continents arrested five members of the infamous hacking group, Anonymous, early this morning. Furthermore, they were apparently acting on information and evidence gathered by the organization’s leader, who apparently had been cooperating with the government for months.
Doh!
Anonymous and its various offshoots — LulzSec, AntiSec, etc. — Are believed to have caused billions of dollars of damage to the government, banks, and corporations around the world.
The New York field office of the Federal Bureau of investigation released a press statement which indicated that five computer hackers in the United States and abroad were charged today, and six pled guilty, for computer hacking and other crimes.
The six hackers identified themselves as aligned with the group anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous.
The now unsealed indictment revealed the perps were charged with hacks including of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service. Included in the indictment were that of Hector Xavier Monsegur, aka “Sabu” and “Leon” and “Xavier DeLeon,” who pled guilty last August 15th to a 12-count information charging him with computer hacking conspiracies and other crimes, and who apparently has been cooperating with the government to bring several of the others to justice.
According to the New York Times’ coverage of the story, Mr. Monsegur ran his schemes out of a public housing project on the Lower East Side of Manhattan.
So was he the head of the Anonymous snake? Now that the indictments are out, I suspect we’ll be finding out very, very soon.
Gone Phishin’
So no sooner am I back from the IBM Pulse 2010 conference than IBM releases the results from its latest Annual X-Force Trend and Risk Report from 2009.
Hold on to your passwords, folks…we’re gonna be in for a bumpy ride!
The latest report’s findings show that existing threats like phishing and document format vulnerabilities continued to expand last year, even as clients have generally made progress in improving their overall security.
The IBM X-Force research and development team has been cataloguing, analyzing and researching vulnerability disclosures since 1997.
With more than 48,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.
The latest X-Force reveals three main threats: Malicious Web links, Phishing attacks, and document reader/editor vulnerability disclosures (most notably, PDF docs!).
The report also found that:
- New vulnerabilities have decreased but are still at record levels.
- Critical and high vulnerabilities with no patch have decreased significantly year-over-year in several key product categories.
- Vulnerability disclosures for document readers and editors and multimedia applications are climbing dramatically.
- New malicious Web links have skyrocketed globally.
- Web application vulnerabilities continue to be the largest category of security disclosures.
- Attacks on the Web using obfuscation increased significantly.
- Phishing rates dipped mid-year but rose dramatically in the last half of 2009.
- Phishing still takes advantage of the financial industry to target consumers.
“Despite the ever-changing threat landscape, this report indicates that overall, vendors are doing a better job responding to security vulnerabilities,” said Tom Cross, manager of IBM X-Force Research. “However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate.”
General manager for IBM’s Tivoli group also chimed in on the report, and more importantly, how IBM could help.
“IBM continues to invest in strategic research like this report to create value for our clients and the security industry,” said Zollar. “With insight from our X-Force research team, our professional and managed services offerings, and our software, we can help enable the most secure IT infrastructure while meeting clients’ risk, governance and compliance requirements.”
You can register to download the full report here.
turbotodd
Turbotodd 