Risk
9/20/2012
12:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Predicts Rise In OS X Exploits, Touts Sandboxing

IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.

In some ways, the newest edition of IBM's X-Force Trend and Risk Report reasserts what other security researchers and malware-weary end users already know: browser vulnerabilities continue to pose problems, OS X attacks are on the rise, and mobile devices and BYOD have complicated IT managers' jobs.

Despite the familiar themes, however, the report offers potentially useful insights into the nature of these threats by eschewing a statistically driven methodology in favor of a more qualitative approach. IBM hopes the findings will give enterprises a more well-rounded perspective on the dangers they face, as well as a lead in protecting their assets.

The report is drawn from a variety of intelligence sources, including IBM's database of more than 68,000 vulnerabilities, and real-time monitoring--performed on behalf of 4,000 clients in 130 countries--of 15 billion daily Web events. Robert Freeman, manager of X-Force Research, explained in a phone interview that the report, rather than detailing specific breaches or compiling raw statistics, addresses "what is going on in the aggregate," with an emphasis on trends and what they mean in practical terms. "We're looking … to give the professional or executive an overview of what's going on… to help [them] make decisions about purchases," he stated.

[ For expert security best practices, see 5 Black Hat Security Lessons For CIOs. ]

One of the X-Force study's major findings involves OS X users--and the results aren't pretty. A statement IBM emailed to InformationWeek summarizes that Mac threats have not only increased in volume but also in sophistication, "rivaling those usually seen on Windows platforms." Freeman said that Windows exploits are still more numerous, but he emphasized that the report "is not about infection rates" so much as using "technical attributes of the malware" to extrapolate how attacks might evolve. He said there was "pretty strong parity last year" between Windows and OS X but cited malware releases such as Crisis and Flashback as evidence that "an increasing worldwide user base, as well as attention from the security research community" has made Apple's computers "a desirable target."

He said an avalanche of new threats could result and cautioned that due to the availability of rootkits and other malware tools, the forthcoming attacks are not to be taken lightly. Future dangers are not going to be "some sort of joke application," he declared, pointing out that malware authors are now quickly porting Windows-targeted scams, such as fake antivirus software, to OS X. "We want to persuade people not to be complacent," he said.

Freeman believes the outlook is rosier for OS X's mobile sibling, iOS. An end-to-end exploit, he said, is "incredibly expensive on the black market," leading to relatively fewer security breaches. Still, the report states that mobile devices and BYOD are a major problem. Freeman explained that fragmentation is a significant culprit, as the numerous versions of Android have meant that "some devices that aren't terribly old will never receive a firmware update from the vendor."

Indeed, around half the devices using Google's OS are unpatched against attacks. Nonetheless, Freeman emphasized, in a nod to the report's qualitative nature, that the number of vulnerabilities do not necessarily tell the whole story. "What is the [volume of threats] leading to?" he asked, adding that, in the case of Android, the ostensibly overwhelming number of vulnerabilities can be reduced to a single primary concern: text message scams. "More likely than not, if you're hit, it's an SMS scam sending messages to premium numbers without your awareness," he stated.

The report also identified promising methods for thwarting attacks. Sandboxing, which separates individual applications from the rest of the system, is a particular standout. The technique, Freeman said, has substantially reduced the vulnerability count related to Adobe Acrobat and represents "the early stages of a significant paradigm shift" that is being embraced by an increasing number of software vendors.

Alongside the X-Force findings, IBM also announced the opening of a new security operations center in Wroclaw, Poland. The new facility joins nine other such centers that IBM operates around the world. According to an emailed statement, the center is strategically placed to assist clients in Europe and North America. It adds to new growth markets IBM has pursued in the region, including a Global Deliver Center that opened in Wroclaw in 2010.

InformationWeek is conducting a survey on mobile device management and security. Take our 2013 InformationWeek Mobile Device Management and Security Survey now. Survey ends Sept. 14.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DerekCurrie
50%
50%
DerekCurrie,
User Rank: Apprentice
9/20/2012 | 9:34:57 PM
re: IBM Predicts Rise In OS X Exploits, Touts Sandboxing
FUD FUD FUD FUD!

In 2005 Symantec began the anti-Apple security FUD fest we have been enjoying ever since. What has happened in those 7 years? Apple has exponentially improved their attention to security. Nearly all malware attacks against Apple have been either Trojan horses, requiring user action for installation, or drive-by botnet installation due to poor third party software security. A special thank you goes to the nearly worthless 'sandboxing' of Java applets.

And yet the FUD fest continues unabated. Apple is never perfect. But clearly they're doing it better than anyone else. The fact is that ALL security attacks are becoming far more complex and crafty. There's nothing special about attacks on OS X. Neither has there ever been evidence of Apple benefiting from that bogus concept called 'Security Through Obscurity.' And also note that there is nothing special about OS X that makes it immune from bad coding. It suffers from consistently bad memory management code just like all other humanly coded software.

I write about Mac-Security here:
http://Mac-Security.blogspot.c...

FUD FUD FUD FUD!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?