IBM cyber security watchdogs see increase in browser exploits and encryption abuse

IBM X-Force group issues mid-year cyber security evaluation

IBM's security watchdogs said their research shows a big increase in browser-related exploits, renewed concerns around social media password security and challenges with securing mobile devices, especially in a corporate setting.

IN THE NEWS: First look: Inside the iPhone 5

IBM's X-Force's "2012 Mid-Year Trend and Risk Report"  found an increase in malware or malicious web activities and outlined the following trends:

  • Attackers continue to target individuals by directing them to a trusted URL or site which has been injected with malicious code. Through browser vulnerabilities, the attackers are able to install malware on the target system. The websites of many well-established and trustworthy organizations are still susceptible to these types of threats.
  • The growth of SQL injection, a technique used by attackers to access a database through a website, is keeping pace with the increased usage of cross-site scripting and directory traversal commands.
  • We are seeing the increased use of encryption by computer criminals to hide their exploits and to make it harder for network security systems to detect them. This includes HTTPS as well as native encryption features in various document formats and obfuscation using scripting languages. The presence and volume of potentially obfuscated traffic is extremely variable, and extremely persistent. We expect that the use of obfuscation techniques will continue as technologies that identify exploits, malware, and data leakage improve. Additionally, as new applications are deployed, and as new technologies (cloud services, mobile applications, etc) emerge and influence how we communicate using the Internet, there will be more reason to hide potential attacks, raising the stakes each day.

MORE: The 10 most common mobile security problems and how you can fight them

  • As the user base of the Mac operating system continues to grow worldwide, it is increasingly becoming a target of Advanced Persistent Threats (APTs) and exploits, rivaling those usually seen targeting the Windows platform. Some initial variants used Java exploit CVE-2011-3544 to spread. This exploit is the Java Applet Rhino Script Engine Vulnerability-the same one used by Flashback. This targeted malware's purpose is to steal user data.
  • In our last IBM X-Force Trend and Risk Report, we mentioned the technical difficulty in exploiting OS X software is a major factor in preventing mass exploitation. Flashback infections bypass OS security by using multi-platform exploits through Java vulnerabilities. That is, the exploitation technique and most of the code involved is the same, regardless of whether the target is Windows or Mac. Some security vendors have set up sinkholes to determine the number of Flashback infections, and estimates are as high as 600,000 machines.
  • IPv6 Day was June 6th 2012, with many organizations implementing permanent IPv6 deployments. While full adoption is still low, IBM X-Force data demonstrates that Web 2.0 and legitimate sites are currently the most IPv6 ready. Websites with content such as hacking sites, illegal drugs sites, anonymous proxies, pornography, and gambling sites have been slower to adopt IPv6. This might be because of the additional technical efforts that are required in order to be IPv6 ready, or possibly so they can continue to reach as many users as possible, IBM stated.
  • Anonymous proxy registrations continue to hold steady in the first half of 2012, with three times as many anonymous proxies newly registered today as compared to previous years. More than two thirds of all anonymous proxies ran on the .tk domain (the top-level domain of Tokelau, a territory of New Zealand).
  • The United States continues to reign as the top host for malicious links with more than 43% of all malware links hosted. Germany takes the second place position, hosting 9.2%. Rounding out the top list is Russia, at number three for the first time, and China dropping from the top of the list to number four. Nearly 50% of all malware links are placed on pornography or gambling websites.

IBM stated that while there are reports of exotic mobile malware, most smartphone users are still most at risk of premium SMS (short message service, or texting) scams. These scams work by sending SMS messages to premium phone numbers in a variety of different countries automatically from installed applications.

"We've seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords," said Clinton McFadden, senior operations manager for IBM X-Force research and development in a statement. As long as these targets remain lucrative, the attacks will keep coming. In response, organizations should take proactive approaches to better protect their enterprise infrastructure and data."

Earlier this year the IBM, X-Force group released its 2011 Trend and Risk Report which pointed out a number of other security trends. From the report:

  • Shell command injection vulnerabilities more than doubled - For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities - the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46% in 2011- some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011.
  • Automated password guessing - Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers in the latter half of 2011.
  • Increase in phishing attacks that impersonate social networking sites and mail parcel services - The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven't been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.
  • Publicly released mobile exploits up 19% in 2011 - This year's IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of "Bring your Own Device," or BYOD, in the enterprise. IBM X-Force reported a 19% increase over the prior year in the number of exploits publicly released that can be used to target mobile devices.
  • Cloud computing presents new challenges - In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data, IBM said. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs, IBM stated.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

"You have been targeted for assassination." Latest Hit Man scam takes a darker tone

Cybercrime-fest targets mobile devices

Watchdogs say tons of issues remain before unmanned aircraft can fly free in US

Europe sets sights on asteroid tracking radars

9/11 attack as viewed from space

Insider security threat gets a serious look by US security agencies

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.