Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

IBM X-Force Report Shows Increase in Browser-Based Attacks

IBM’s X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams.

Since its last Trend and Risk Report, released at the beginning of the year, IBM’s X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement “bring your own device” (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

IBM’s X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams.

Since its last Trend and Risk Report, released at the beginning of the year, IBM’s X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement “bring your own device” (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

IBM“Companies are faced with a constantly evolving threat landscape, with emerging technologies making it increasingly difficult to manage and secure confidential data,” said Kris Lovejoy, general manager of IBM Security Services.

On the attack front, adversaries are launching targeted campaigns that direct users to malicious Websites or use SQL injection to steal data, the report found. Attackers are continuing to target individuals by directing them to a trusted URL which has been infected with malicious code, exploiting browser vulnerabilities to install malware on victim computers. “Many well-established and trustworthy organizations are still susceptible to these types of threats,” the report found.

SecurityWeek has reported on several such incidents throughout the year, such as compromising WordPress blogs to direct users to malicious sites serving up malware and various attacks built using the Black Hole exploit toolkit.

SQL injection is an increasingly popular attack as it grants attackers access to the back-end database through the Website, IBM’s X-Force said. The use of cross-site scripting and directory traversal commands are also increasing, according to the report.

“As long as these targets remain lucrative, the attacks will keep coming,” said Clinton McFadden, senior operations manager for IBM X-Force research and development. Organizations must take proactive approaches to better protect their enterprises and data, McFadden said.

While mobile malware reports grab headlines, most smartphone users are most at risk for premium SMS scams where users are tricked into signing up for expensive text messaging services, the report found. Users may get caught in the scam by installing an app that looks legitimate but is actually malicious, a clone of a real app that has been recompiled with malicious code and given a different name, or a copy of a real application with malicious code added and offered on an alternative app store.

The report also noted that Macs are increasingly becoming a target of advanced persistent threats (APTs) and exploits as the user base grows worldwide. The attacks on Mac OS systems rival those usually seen on Windows platforms, the report found.

Advertisement. Scroll to continue reading.

“We’ve seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords,” said McFadden.

Users need to be cautious about how Websites, cloud-based services, and Web-based email are inter-connected and adopt strong passwords and consider what kind of information is being used for password recovery options. IBM X-Force recommends using a lengthy password comprised of multiple words instead of an “awkward combination” of characters, numbers, and symbols.

Many companies are still “in their infancy” in adapting policies to protect corporate resources from employee-owned devices, IBM X-Force said. “To make BYOD work within a company, a thorough and clear policy should be in place before the first employee-owned device is added to the company’s infrastructure,” the report advised.

Positive Trends

The picture is not entirely bleak. As discussed in the 2012 IBM X-Force Trend and Risk Report, there has been progress in certain areas, IBM said. The top ten vendors have improved how they patch vulnerabilities and X-Force data indicate a continued decline in exploit releases. There is also a significant decrease in the number of PDF vulnerabilities under attack, which may be “directly related” to the use of sandboxes in Adobe Reader X, according to IBM. “Sandboxes are proving to be a successful investment from a security perspective,” IBM said.

IBM collects the data for the bi-annual report from its security operations centers (SOCs) around the world. The nine SOCs monitor more than 15 billion security events a day on behalf of more than 4,000 clients in over 130 countries, according to IBM. The company also announced it was opening its tenth SOC, this time in Wroclaw, Poland.

The other existing SOCs are located in Atlanta, Georgia; Detroit, Michigan; Boulder, Colorado; Toronto, Canada; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil, and Bangalore, India. All of the centers are designed to protect mission-critical systems, electrical systems, data processing and communication links from any single point of failure. The SOC help clients proactively manage emerging threats like those reported in the X-Force report by providing real-time analysis and early notification of security events, IBM explained.

The full 105-page IBM X-Force 2012 Mid-year Trend and Risk Report can be found here in PDF format.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...