• No results found

IBM X-Force 2012 Cyber Security Threat Landscape

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IBM X-Force 2012 Cyber Security Threat Landscape"

Copied!
31
0
0

Loading.... (view fulltext now)

Download now ( 31 Page )

Full text

(1)

IBM X-Force

®

2012

Cyber Security

(2)

© 2012 IBM Corporation 2

Agenda

 Overview

 Marketing & Promotion

 Highlights from the 2011 IBM X-Force Trend and Risk Report – New attack activity

– Progress in internet security

(3)

To protect our customers from security threats on the Internet by developing

a comprehensive knowledge of vulnerabilities and attack methodologies and

applying that knowledge through effective protection technologies.

IBM X-Force Research and Development

 Support content stream needs and capabilities

 Support requirements for engine enhancement

 Maintenance and tool development

 Continue third party testing Dominance  Execute to deliver new content streams

for new engines

Research

Engine Content Delivery

Industry/Customer Deliverables

 Blog, Marketing and Industry Speaking Engagements

The world’s leading enterprise security R&D organization

Global security operations center (infrastructure monitoring)

(4)

© 2012 IBM Corporation 4

The mission of the

IBM X-Force

®

research and

development team is to:

Research and evaluate threat and protection issues Deliver security protection for today’s security problems Develop new technology for tomorrow’s security challenges Educate the media and user communities

X-Force Research

14B analyzed Web pages & images

40M spam & phishing attacks

54K documented vulnerabilities

13B security events daily

Provides Specific Analysis of:

 Vulnerabilities & exploits

 Malicious/Unwanted websites

 Spam and phishing

 Malware

 Other emerging trends

(5)
(6)

© 2012 IBM Corporation 6

(7)

Key Messages from the 2011 Trend Report

 New Attack Activity

–Rise in Shell Command Injection attacks

– Spikes in SSH Brute Forcing

– Rise in phishing based malware distribution and click fraud

 Progress in Internet Security – Fewer exploit releases

– Fewer web application vulnerabilities – Better patching

 The Challenge of Mobile and the Cloud – Mobile exploit disclosures up

– Cloud requires new thinking

(8)

© 2012 IBM Corporation 9

(9)
(10)

© 2012 IBM Corporation 11

(11)
(12)

© 2012 IBM Corporation 13

Anonymous proxies on the rise

 Approximately 4 times more anonymous proxies than seen 3 years ago

 Some used to hide attacks, others to evade censorship

 Signature detects situations where clients are attempting to access websites through a chain of HTTP proxies

 Could represent

– legitimate (paranoid) web surfing – attackers obfuscating the source

address of launched attacks against web servers

(13)

 2011 has seen the most activity in the Mac malware world.

– Not only in volume compared to previous years, but also in functionality.

 In 2011, we started seeing Mac malware with functionalities that we’ve only seen before in Windows® malware.

(14)

© 2012 IBM Corporation 15

Key Messages from the 2011 Trend Report

 New Attack Activity

–Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing

– Rise in phishing based malware distribution and click fraud  Progress in Internet Security

– Fewer exploit releases

– Fewer web application vulnerabilities

– Better patching

 The Challenge of Mobile and the Cloud – Mobile exploit disclosures up

– Cloud requires new thinking

(15)

 Total number of

vulnerabilities decline — but it’s cyclical

– We have witnessed a two year, high-low cycle in vulnerability disclosures since 2006

(16)

© 2012 IBM Corporation 17

Challenging exploits: more vulnerabilities in widespread category

 34 X-Force alerts and advisories in 2011

– 16 fit the critical category • easy to exploit, sweet

spot for malicious activity

• most currently being exploited in the wild – 12 harder to exploit but

high value

• This number higher than previous years

(17)

 Total number of exploit releases down to a number not seen since 2006

– Also down as a percentage of vulnerabilities

(18)

© 2012 IBM Corporation 19

(19)
(20)

© 2012 IBM Corporation 21

Decline in web application vulnerabilities

 In 2011, 41% of security vulnerabilities affected web applications

– Down from 49% in 2010

(21)

 Web CMS vulnerabilities are favorite targets of attackers because they are publicly disclosed and impact a large number of websites on the Internet.

– Zero day vulnerabilities in these systems have factored into a number of breaches this year

(22)

© 2012 IBM Corporation 23

IBM AppScan OnDemand service findings

 Broken Authentication found in nearly 8 out of 10 application security scans

– Many applications tested failed to restrict session

tampering and were exposed to session fixation style

attacks

– Issues relating to session termination and session reuse also attributed to this high statistic

(23)

Cross Site Scripting (XSS) vulnerabilities

 In 2011 XSS vulnerabilities half as likely to exist in customer's as compared to 4 years ago

 However, XSS vulnerabilities still

appear in about 40% of the applications IBM scans

– High for something well understood and easily addressed

(24)

© 2012 IBM Corporation 25

IBM AppScan OnDemand improvements

 Significant improvements in software quality seen for customers using IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code

 Financial applications the best performing segment again in 2011

 Government applications performed the worst in all three of categories (injection, XSS, cross site request forgery)

(25)
(26)

© 2012 IBM Corporation 27

Key Messages from the 2011 Trend Report

 New Attack Activity

–Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing

– Rise in phishing based malware distribution and click fraud  Progress in Internet Security

– Fewer exploit releases

– Fewer web application vulnerabilities – Better patching

 The Challenge of Mobile and the Cloud

– Mobile exploit disclosures up

– Cloud requires new thinking

(27)

 Continued interest in Mobile

vulnerabilities as enterprise users request a “bring your own device” (BYOD) strategy for the workplace

 Attackers finding these devices represent lucrative new attack opportunities

(28)

© 2012 IBM Corporation 29

Challenges of cloud security

 We saw a number of high profile cloud breaches in 2011 affecting well-known organizations and large populations of their

customers

 Customers looking at cloud environments should consider:

– Cloud-appropriate workloads – Appropriate service level

agreements (SLAs) – Lifecycle approaches to

deployment that include exit strategies should things not work out

(29)

 Attackers finding social networks ripe with valuable information they can mine to build intelligence about organizations and its staff:

– Scan corporate websites, Google, Google News • Who works there? What are their titles? • Create index cards with names and titles – Search Linkedin, Facebook, Twitter profiles

• Who are their colleagues? • Start to build an org chart

– Who works with the information the attacker would like to target? • What is their reporting structure?

• Who are their friends?

(30)

© 2012 IBM Corporation 31

Connect with IBM X-Force research & development

Follow us at @ibmsecurity and @ibmxforce

Download X-Force security trend & risk

reports

http://www.ibm.com/security/xforce

Subscribe to the security channel for latest security

videos www.youtube.com/ibmsecuritysolutions

Attend in-person

events

http://www.ibm.com/events/cale ndar/

Subscribe to X-Force alerts at

http://iss.net/rss.php or Frequency X at

http://blogs.iss.net/rss.php

Join the Institute for Advanced Security

(31)

References

Download now ( PDF - 31 Page - 2.18 MB )

Related documents

IBM Security Network Intrusion Prevention System

IBM Security Network IPS delivers on all six counts, with industry- leading performance, preemptive threat protection powered by X-Force research, high levels of availability,

Vector Mechanics for Engineers: Dynamics Chapter 13 Notes

Knowing that the cart is initially at rest and can roll freely, determine (a) the final velocity of the cart, (b) the impulse exerted by the cart on the package, and (c)

Advisory-Board-Members

The aims of the International Society for Engineering Education are inter alia: Improving teaching methods in technical subjects; developing practice-oriented curricula that

Is a loose monetary policy still appropriate for the Eurozone?

The second question focuses on the other claim of the German Council of Economic Experts that ECB’s expansionary policy is masking structural problems in Eurozone countries..

A NEW PRIORITY FOR SUSTAINABLE DEVELOPMENT

Prevention Pilot and demonstration projects focused on the recognised road injury risk factors are another key area for activity within the Action Plan. The com- ponents of the

Farm to School in Arkansas: Policy and Planning Report

The Arkansas Grow Healthy Study, housed in the Arkansas Children’s Hospital Research Institute, Childhood Obesity Prevention Research Program (ACHRI, COPRP) is a USDA Agriculture

B. P. Demidovic - Zadaci i Riješeni Primjeri Iz Više Matematike

Ovo peto izdanje izlazi kao popravljeno. U njemu su otklonjene sve zapa- žene grafičke pogreške, a pojedine definicije i pojmovi temeljitije su pojašnjeni. Neke

Main areas of services are:

PFAET engineers can take a project from to start finish by obtaining permits, supervise drilling and completion conceptual and detail design of oil and gas facilities and see