Security Experts:

IBM X-Force Report Shows Increase in Browser-Based Attacks

IBM's X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams.

Since its last Trend and Risk Report, released at the beginning of the year, IBM's X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement "bring your own device" (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

IBM"Companies are faced with a constantly evolving threat landscape, with emerging technologies making it increasingly difficult to manage and secure confidential data," said Kris Lovejoy, general manager of IBM Security Services.

On the attack front, adversaries are launching targeted campaigns that direct users to malicious Websites or use SQL injection to steal data, the report found. Attackers are continuing to target individuals by directing them to a trusted URL which has been infected with malicious code, exploiting browser vulnerabilities to install malware on victim computers. "Many well-established and trustworthy organizations are still susceptible to these types of threats," the report found.

SecurityWeek has reported on several such incidents throughout the year, such as compromising WordPress blogs to direct users to malicious sites serving up malware and various attacks built using the Black Hole exploit toolkit.

SQL injection is an increasingly popular attack as it grants attackers access to the back-end database through the Website, IBM's X-Force said. The use of cross-site scripting and directory traversal commands are also increasing, according to the report.

"As long as these targets remain lucrative, the attacks will keep coming," said Clinton McFadden, senior operations manager for IBM X-Force research and development. Organizations must take proactive approaches to better protect their enterprises and data, McFadden said.

While mobile malware reports grab headlines, most smartphone users are most at risk for premium SMS scams where users are tricked into signing up for expensive text messaging services, the report found. Users may get caught in the scam by installing an app that looks legitimate but is actually malicious, a clone of a real app that has been recompiled with malicious code and given a different name, or a copy of a real application with malicious code added and offered on an alternative app store.

The report also noted that Macs are increasingly becoming a target of advanced persistent threats (APTs) and exploits as the user base grows worldwide. The attacks on Mac OS systems rival those usually seen on Windows platforms, the report found.

“We’ve seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords,” said McFadden.

Users need to be cautious about how Websites, cloud-based services, and Web-based email are inter-connected and adopt strong passwords and consider what kind of information is being used for password recovery options. IBM X-Force recommends using a lengthy password comprised of multiple words instead of an "awkward combination" of characters, numbers, and symbols.

Many companies are still "in their infancy" in adapting policies to protect corporate resources from employee-owned devices, IBM X-Force said. "To make BYOD work within a company, a thorough and clear policy should be in place before the first employee-owned device is added to the company’s infrastructure," the report advised.

Positive Trends

The picture is not entirely bleak. As discussed in the 2012 IBM X-Force Trend and Risk Report, there has been progress in certain areas, IBM said. The top ten vendors have improved how they patch vulnerabilities and X-Force data indicate a continued decline in exploit releases. There is also a significant decrease in the number of PDF vulnerabilities under attack, which may be "directly related" to the use of sandboxes in Adobe Reader X, according to IBM. "Sandboxes are proving to be a successful investment from a security perspective," IBM said.

IBM collects the data for the bi-annual report from its security operations centers (SOCs) around the world. The nine SOCs monitor more than 15 billion security events a day on behalf of more than 4,000 clients in over 130 countries, according to IBM. The company also announced it was opening its tenth SOC, this time in Wroclaw, Poland.

The other existing SOCs are located in Atlanta, Georgia; Detroit, Michigan; Boulder, Colorado; Toronto, Canada; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil, and Bangalore, India. All of the centers are designed to protect mission-critical systems, electrical systems, data processing and communication links from any single point of failure. The SOC help clients proactively manage emerging threats like those reported in the X-Force report by providing real-time analysis and early notification of security events, IBM explained.

The full 105-page IBM X-Force 2012 Mid-year Trend and Risk Report can be found here in PDF format.

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.