Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

IBM X-Force Report Shows Increase in Browser-Based Attacks

IBM’s X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams.

Since its last Trend and Risk Report, released at the beginning of the year, IBM’s X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement “bring your own device” (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

IBM’s X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams.

Since its last Trend and Risk Report, released at the beginning of the year, IBM’s X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement “bring your own device” (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

IBM“Companies are faced with a constantly evolving threat landscape, with emerging technologies making it increasingly difficult to manage and secure confidential data,” said Kris Lovejoy, general manager of IBM Security Services.

On the attack front, adversaries are launching targeted campaigns that direct users to malicious Websites or use SQL injection to steal data, the report found. Attackers are continuing to target individuals by directing them to a trusted URL which has been infected with malicious code, exploiting browser vulnerabilities to install malware on victim computers. “Many well-established and trustworthy organizations are still susceptible to these types of threats,” the report found.

SecurityWeek has reported on several such incidents throughout the year, such as compromising WordPress blogs to direct users to malicious sites serving up malware and various attacks built using the Black Hole exploit toolkit.

SQL injection is an increasingly popular attack as it grants attackers access to the back-end database through the Website, IBM’s X-Force said. The use of cross-site scripting and directory traversal commands are also increasing, according to the report.

“As long as these targets remain lucrative, the attacks will keep coming,” said Clinton McFadden, senior operations manager for IBM X-Force research and development. Organizations must take proactive approaches to better protect their enterprises and data, McFadden said.

While mobile malware reports grab headlines, most smartphone users are most at risk for premium SMS scams where users are tricked into signing up for expensive text messaging services, the report found. Users may get caught in the scam by installing an app that looks legitimate but is actually malicious, a clone of a real app that has been recompiled with malicious code and given a different name, or a copy of a real application with malicious code added and offered on an alternative app store.

The report also noted that Macs are increasingly becoming a target of advanced persistent threats (APTs) and exploits as the user base grows worldwide. The attacks on Mac OS systems rival those usually seen on Windows platforms, the report found.

“We’ve seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords,” said McFadden.

Users need to be cautious about how Websites, cloud-based services, and Web-based email are inter-connected and adopt strong passwords and consider what kind of information is being used for password recovery options. IBM X-Force recommends using a lengthy password comprised of multiple words instead of an “awkward combination” of characters, numbers, and symbols.

Many companies are still “in their infancy” in adapting policies to protect corporate resources from employee-owned devices, IBM X-Force said. “To make BYOD work within a company, a thorough and clear policy should be in place before the first employee-owned device is added to the company’s infrastructure,” the report advised.

Positive Trends

The picture is not entirely bleak. As discussed in the 2012 IBM X-Force Trend and Risk Report, there has been progress in certain areas, IBM said. The top ten vendors have improved how they patch vulnerabilities and X-Force data indicate a continued decline in exploit releases. There is also a significant decrease in the number of PDF vulnerabilities under attack, which may be “directly related” to the use of sandboxes in Adobe Reader X, according to IBM. “Sandboxes are proving to be a successful investment from a security perspective,” IBM said.

IBM collects the data for the bi-annual report from its security operations centers (SOCs) around the world. The nine SOCs monitor more than 15 billion security events a day on behalf of more than 4,000 clients in over 130 countries, according to IBM. The company also announced it was opening its tenth SOC, this time in Wroclaw, Poland.

The other existing SOCs are located in Atlanta, Georgia; Detroit, Michigan; Boulder, Colorado; Toronto, Canada; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil, and Bangalore, India. All of the centers are designed to protect mission-critical systems, electrical systems, data processing and communication links from any single point of failure. The SOC help clients proactively manage emerging threats like those reported in the X-Force report by providing real-time analysis and early notification of security events, IBM explained.

The full 105-page IBM X-Force 2012 Mid-year Trend and Risk Report can be found here in PDF format.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.