Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘phishing attacks

IBM’s 2010 X-Force Trend And Risk Report: Increasing Security Threats in Mobile, Cloud Computing

leave a comment »

Congrats to India on their Cricket World Cup victory over Sri Lanka.  You’ve had a whole long weekend to celebrate, so let’s get back to work, shall we?  : )

Because as it turns out, the most recent IBM X-Force Trend and Risk Report (2010 edition) suggests there’s still plenty of work to do, at least on the IT security front.

The IBM X-Force Trend and Risk Report is an annual assessment of the security landscape, designed to help clients better understand the latest security risks, and stay ahead of these threats.  The report gathers facts from numerous intelligence sources, including its database of over 50,000 computer security vulnerabilities, its global Web crawler and its international spam collectors, and the real-time monitoring of 13-billion security events every day for nearly 4,000 clients in more than 130 countries.

These 13-billion events monitored each day – more than 150,000 per second – are a result of the work done in IBM’s nine, global Security Operations Centers (SOC), which is provided as a Managed Security Service to clients.

IBM X-Force’s Tom Cross explains the most recent results of IBM’s global security study. High on this past year’s list of security concerns: Cloud computing and mobile devices (including the exposure presented by smartphones).

150,000 Security Threats Per Second

Based on the intelligence gathered through research of public vulnerability disclosures, and the monitoring and analysis of more than 150K security events per second during every day of 2010, here are the headlines from the latest X-Force report:

  • More than 8,000 new vulnerabilities were documented, a 27 percent rise from 2009. Public exploit releases were also up 21 percent from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
  • Spam volume leveled off by the end of 2010 (as compared to its historically high growth rate). This indicates that spammers may be seeing less value from increasing the volume of spam, and instead are focusing on making sure it is bypassing filters.
  • “Spear phishing,” a more targeted attack technique, was on the rise in 2010, even though there were significantly fewer phishing attacks relative to previous years. This suggests that cyber crooks are focusing more on quality of attacks, rather than just quantity.
  • End user adoption of smartphones and other mobile devices demonstrated a rise in vulnerability disclosures and exploits that target these devices.  IT security departments, of course, have been struggling to determine the right way to bring these devices safely into corporate networks.

Vulnerability Disclosures Growth by Year

IBM documented more than 8,000 new vulnerabilities, a 27 percent rise from 2009. Public exploit releases were also up 21 percent from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.

In conjunction with this year’s report, IBM is launching the IBM Institute for Advanced Security in Europe to combat growing security threats in the region.  The IBM X-Force report stated that in 2010, nearly a quarter of all financial phishing emails targeted banks located in Europe.  It also identified the UK, Germany, Ukraine and Romania among the top 10 countries sending spam in 2010.

This Institute joins its predecessor in Washington, D.C., focused on U.S. clients.

Emerging Security Threats In Cloud Computing, Mobile

A new section in the IBM X-Force Trend and Risk Report is dedicated to the security trends and best practices for the emerging technologies of mobile devices and cloud computing. The report highlighted a shift in perception about cloud security as adoption continued to evolve and knowledge around this emerging technology increased.  Since security is still considered an inhibitor to cloud adoption, cloud providers must earn their customers’ trust.

Organizations are also increasingly concerned about the security implications of personal mobile devices used by employees. Organizations must ensure control of their data regardless of where it is, including employee-owned or business-issued smartphones.

In 2010, IBM X-Force documented increases in the volume of vulnerabilities disclosed in mobile devices as well as the disclosure of exploits that target them.  The desire to “jailbreak” or “root” mobile devices has motivated the distribution of mature exploit code that has been reused in malicious attacks.

Nevertheless, malware is not yet common on the latest generation of mobile devices and most IT professionals view the data stored on them and how that can be misused or lost as the main security threats associated with these devices. According to the IBM X-Force Report, best practices for mobile security are evolving with enhanced password management and data encryption capabilities.

Additional trends highlighted in the report included:

  • The new, sophisticated face of cyber crime — From a security standpoint, 2010 is most remembered as a year marked by some of the most high profile, targeted attacks that the industry has ever witnessed. For example, the Stuxnet worm demonstrated that the risk of attacks against highly specialized industrial control systems is not just theoretical. These types of attacks are indicative of the high level of organization and funding behind computer espionage and sabotage that continues to threaten a widening variety of public and private networks.
  • Web applications accounted for nearly half of vulnerabilities disclosed in 2010 — Web applications continued to be the category of software affected by the largest number of vulnerability disclosures, representing 49 percent in 2010.  The majority represented cross site scripting and SQL injection issues, and the IBM X-Force data showed that these vulnerabilities are being targeted by attackers.  According to the report results, every summer for the past three years there has been a globally scaled SQL injection attack some time during the months of May through August. The anatomy of these attacks has been similar across the board, targeting .asp pages that are vulnerable to SQL injection.
  • A secure by design approach can improve security — IBM X-Force has determined that taking proactive steps to evaluate web application security and improve development and quality assurance processes can result in a significant improvement in the security of web application software. The report included data showing that web applications scanned for vulnerabilities often showed significant improvements upon being retested – exhibiting less than half of the number of particular classes of vulnerabilities, on average, the second time they are assessed. This encouraging information points the way toward sustained improvements in Internet security.
  • Nearly half of vulnerabilities remain unpatched — To help prevent attackers from exploiting vulnerabilities, organizations must focus on shortening the window of time between vulnerability disclosure and patch installation. Forty-four percent of all security vulnerabilities had no vendor-supplied patch at the end of 2010. However, even in cases where patches are made available on the same day that a vulnerability is publicly disclosed, there may be a significant gap in time before those patches are installed on vulnerable systems. Computer criminals often privately develop exploits that target publicly disclosed security vulnerabilities, and use those exploits to launch attacks. Later, when these private exploits have ceased to be valuable as attack tools, they are publicly disclosed. The IBM X-Force report data showed that exploits are often publicly disclosed tens or hundreds of days after the vulnerabilities they target. If it is taking a long time for these exploits to surface, it may be taking a long time for networks to patch.
  • Continued growth of Internet botnets — IBM X-Force saw an upward trend in Trojan botnet activity during 2010. This growth is significant because despite increasing coordinated efforts to shut down botnet activity, this threat appeared to be gaining momentum. However, IBM X-Force’s data did illustrate the dramatic impact of a successful effort in early 2010 to shutdown the Waledac botnet, which resulted in an instantaneous drop off in observed command and control traffic. On the other hand, the Zeus botnet continued to evolve and constituted a significant portion of the botnet activity detected by IBM X-Force in 2010. Due to its extreme popularity with attackers, there are hundreds, or even thousands, of separate Zeus botnets active at any given time. The Zeus botnet malware is commonly used by attackers to steal banking information from infected computers.

To help address these challenge IBM now has nine worldwide research labs innovating security technology and nine security operations centers around the world. These are designed to help global clients maintain the appropriate security posture.

Click here to access the 2010 IBM X-Force Trend and Risk report.

You can find more information on IBM Security Solutions at www.ibm.com/security.

Written by turbotodd

April 4, 2011 at 3:47 pm

IBM X-Force Mid-Year Risk and Trend Report

leave a comment »

Now, don’t let me freak you out with this news or anything.

Especially just as the Pentagon confirmed with the New York Times “the most significant breach of U.S. military computers ever” back in 2008, in which a foreign intelligence agent used a flash drive to infect computers for Central Command, which was overseeing combat zones in Iraq and Afghanistan.

But today IBM just released the results of its X-Force 2010 Mid-Year Trend and Risk Report, which showed that security vulnerability disclosures are increasing dramatically, having reached record levels for the first half of 2010.

Specifically, 4,396 new vulnerability were documented by the X-Force R&D team in the first half of 2010, a 36% increase over the same time period last year.

Over half, 55 percent, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period.

The report also indicated that Web application vulnerabilities continued to be the leading threat, accounting for more than half of all public disclosures.  And that covert attacks had increased in complexity, often getting hidden within Javascript and PDF formats.

Cloud computing and virtualization were noted as key future security topics for enterprise organizations.

Before you IT administrators rush to find a tall building to jump off of, here’s the glass half full news: In the first-half of 2010, organizations were doing more to identify and disclose security vulnerabilities than ever before.

This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them.

Tom Cross, the manager of the IBM X-Force team, provides some background on the methodology and findings of 1H report in this video:

Now, some details from on the trends being seen in the 1H10 report:

  • Web application vulnerabilities continue to be the largest category of vulnerability disclosures. — Web application vulnerabilities have surpassed all other threats to account for 55 percent of all disclosures.  While Web application vulnerabilities continue to climb at a steady rate, these figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications which can also introduce vulnerabilities.
  • Covert, hidden attack methods grew in frequency and complexity, especially involving JavaScript — Enterprises are fighting increasingly sophisticated attacks on their computer networks, including Advanced Persistent Threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools. JavaScript obfuscation is a particularly popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages. IBM detected a 52 percent increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.
  • PDF exploits continue to soar as attackers trick users in new ways — X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it has captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37 percent more attack activity than the average for the first half of 2010. This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.
  • Phishing activity declined significantly, but financial institutions remain the top target. Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82 percent. Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.

“Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future,” said Steve Robinson, general manager, IBM Security Solutions.

“This year’s X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities. This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design.”

Looking ahead, the X-Force Research and Development team has identified some key trends to watch for in the future, including:

  • Cloud Computing — As an emerging technology, security concerns remain a hurdle for organizations looking to adopt cloud computing. As organizations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organizations take a more strategic approach to adopting cloud services.
  • Virtualization — As organizations push workloads into virtual server infrastructures to take advantage of ever increasing CPU performance, questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force’s vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualization systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualization projects.

This report comes from IBM’s X-Force team, the premier security research organization within IBM that has catalogued, analyzed and researched more than 50,000 vulnerability disclosures since 1997.

The IBM X-Force Trend and Risk Report gathers facts from numerous intelligence sources, including its database of over 50,000 computer security vulnerabilities, millions of intrusion events monitored on tens of thousands of managed network sensors deployed on customer networks throughout the world, its global Web crawler and its international spam collectors.

This mid-year report is designed to help customers stay ahead of threats.

IBM Security Solutions include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks, including: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure. IBM Security Solutions empowers clients to innovate and operate their businesses on highly secure infrastructure platforms.

To access the report, visit: www.ibm.com/security/x-force. For more information on IBM Security Solutions, visit: www.ibm.com/security.

Written by turbotodd

August 25, 2010 at 9:12 pm

%d bloggers like this: