Risk
9/20/2012
12:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Predicts Rise In OS X Exploits, Touts Sandboxing

IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.

In some ways, the newest edition of IBM's X-Force Trend and Risk Report reasserts what other security researchers and malware-weary end users already know: browser vulnerabilities continue to pose problems, OS X attacks are on the rise, and mobile devices and BYOD have complicated IT managers' jobs.

Despite the familiar themes, however, the report offers potentially useful insights into the nature of these threats by eschewing a statistically driven methodology in favor of a more qualitative approach. IBM hopes the findings will give enterprises a more well-rounded perspective on the dangers they face, as well as a lead in protecting their assets.

The report is drawn from a variety of intelligence sources, including IBM's database of more than 68,000 vulnerabilities, and real-time monitoring--performed on behalf of 4,000 clients in 130 countries--of 15 billion daily Web events. Robert Freeman, manager of X-Force Research, explained in a phone interview that the report, rather than detailing specific breaches or compiling raw statistics, addresses "what is going on in the aggregate," with an emphasis on trends and what they mean in practical terms. "We're looking … to give the professional or executive an overview of what's going on… to help [them] make decisions about purchases," he stated.

[ For expert security best practices, see 5 Black Hat Security Lessons For CIOs. ]

One of the X-Force study's major findings involves OS X users--and the results aren't pretty. A statement IBM emailed to InformationWeek summarizes that Mac threats have not only increased in volume but also in sophistication, "rivaling those usually seen on Windows platforms." Freeman said that Windows exploits are still more numerous, but he emphasized that the report "is not about infection rates" so much as using "technical attributes of the malware" to extrapolate how attacks might evolve. He said there was "pretty strong parity last year" between Windows and OS X but cited malware releases such as Crisis and Flashback as evidence that "an increasing worldwide user base, as well as attention from the security research community" has made Apple's computers "a desirable target."

He said an avalanche of new threats could result and cautioned that due to the availability of rootkits and other malware tools, the forthcoming attacks are not to be taken lightly. Future dangers are not going to be "some sort of joke application," he declared, pointing out that malware authors are now quickly porting Windows-targeted scams, such as fake antivirus software, to OS X. "We want to persuade people not to be complacent," he said.

Freeman believes the outlook is rosier for OS X's mobile sibling, iOS. An end-to-end exploit, he said, is "incredibly expensive on the black market," leading to relatively fewer security breaches. Still, the report states that mobile devices and BYOD are a major problem. Freeman explained that fragmentation is a significant culprit, as the numerous versions of Android have meant that "some devices that aren't terribly old will never receive a firmware update from the vendor."

Indeed, around half the devices using Google's OS are unpatched against attacks. Nonetheless, Freeman emphasized, in a nod to the report's qualitative nature, that the number of vulnerabilities do not necessarily tell the whole story. "What is the [volume of threats] leading to?" he asked, adding that, in the case of Android, the ostensibly overwhelming number of vulnerabilities can be reduced to a single primary concern: text message scams. "More likely than not, if you're hit, it's an SMS scam sending messages to premium numbers without your awareness," he stated.

The report also identified promising methods for thwarting attacks. Sandboxing, which separates individual applications from the rest of the system, is a particular standout. The technique, Freeman said, has substantially reduced the vulnerability count related to Adobe Acrobat and represents "the early stages of a significant paradigm shift" that is being embraced by an increasing number of software vendors.

Alongside the X-Force findings, IBM also announced the opening of a new security operations center in Wroclaw, Poland. The new facility joins nine other such centers that IBM operates around the world. According to an emailed statement, the center is strategically placed to assist clients in Europe and North America. It adds to new growth markets IBM has pursued in the region, including a Global Deliver Center that opened in Wroclaw in 2010.

InformationWeek is conducting a survey on mobile device management and security. Take our 2013 InformationWeek Mobile Device Management and Security Survey now. Survey ends Sept. 14.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DerekCurrie
50%
50%
DerekCurrie,
User Rank: Apprentice
9/20/2012 | 9:34:57 PM
re: IBM Predicts Rise In OS X Exploits, Touts Sandboxing
FUD FUD FUD FUD!

In 2005 Symantec began the anti-Apple security FUD fest we have been enjoying ever since. What has happened in those 7 years? Apple has exponentially improved their attention to security. Nearly all malware attacks against Apple have been either Trojan horses, requiring user action for installation, or drive-by botnet installation due to poor third party software security. A special thank you goes to the nearly worthless 'sandboxing' of Java applets.

And yet the FUD fest continues unabated. Apple is never perfect. But clearly they're doing it better than anyone else. The fact is that ALL security attacks are becoming far more complex and crafty. There's nothing special about attacks on OS X. Neither has there ever been evidence of Apple benefiting from that bogus concept called 'Security Through Obscurity.' And also note that there is nothing special about OS X that makes it immune from bad coding. It suffers from consistently bad memory management code just like all other humanly coded software.

I write about Mac-Security here:
http://Mac-Security.blogspot.c...

FUD FUD FUD FUD!
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.