Risk
9/20/2012
12:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Predicts Rise In OS X Exploits, Touts Sandboxing

IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.

In some ways, the newest edition of IBM's X-Force Trend and Risk Report reasserts what other security researchers and malware-weary end users already know: browser vulnerabilities continue to pose problems, OS X attacks are on the rise, and mobile devices and BYOD have complicated IT managers' jobs.

Despite the familiar themes, however, the report offers potentially useful insights into the nature of these threats by eschewing a statistically driven methodology in favor of a more qualitative approach. IBM hopes the findings will give enterprises a more well-rounded perspective on the dangers they face, as well as a lead in protecting their assets.

The report is drawn from a variety of intelligence sources, including IBM's database of more than 68,000 vulnerabilities, and real-time monitoring--performed on behalf of 4,000 clients in 130 countries--of 15 billion daily Web events. Robert Freeman, manager of X-Force Research, explained in a phone interview that the report, rather than detailing specific breaches or compiling raw statistics, addresses "what is going on in the aggregate," with an emphasis on trends and what they mean in practical terms. "We're looking … to give the professional or executive an overview of what's going on… to help [them] make decisions about purchases," he stated.

[ For expert security best practices, see 5 Black Hat Security Lessons For CIOs. ]

One of the X-Force study's major findings involves OS X users--and the results aren't pretty. A statement IBM emailed to InformationWeek summarizes that Mac threats have not only increased in volume but also in sophistication, "rivaling those usually seen on Windows platforms." Freeman said that Windows exploits are still more numerous, but he emphasized that the report "is not about infection rates" so much as using "technical attributes of the malware" to extrapolate how attacks might evolve. He said there was "pretty strong parity last year" between Windows and OS X but cited malware releases such as Crisis and Flashback as evidence that "an increasing worldwide user base, as well as attention from the security research community" has made Apple's computers "a desirable target."

He said an avalanche of new threats could result and cautioned that due to the availability of rootkits and other malware tools, the forthcoming attacks are not to be taken lightly. Future dangers are not going to be "some sort of joke application," he declared, pointing out that malware authors are now quickly porting Windows-targeted scams, such as fake antivirus software, to OS X. "We want to persuade people not to be complacent," he said.

Freeman believes the outlook is rosier for OS X's mobile sibling, iOS. An end-to-end exploit, he said, is "incredibly expensive on the black market," leading to relatively fewer security breaches. Still, the report states that mobile devices and BYOD are a major problem. Freeman explained that fragmentation is a significant culprit, as the numerous versions of Android have meant that "some devices that aren't terribly old will never receive a firmware update from the vendor."

Indeed, around half the devices using Google's OS are unpatched against attacks. Nonetheless, Freeman emphasized, in a nod to the report's qualitative nature, that the number of vulnerabilities do not necessarily tell the whole story. "What is the [volume of threats] leading to?" he asked, adding that, in the case of Android, the ostensibly overwhelming number of vulnerabilities can be reduced to a single primary concern: text message scams. "More likely than not, if you're hit, it's an SMS scam sending messages to premium numbers without your awareness," he stated.

The report also identified promising methods for thwarting attacks. Sandboxing, which separates individual applications from the rest of the system, is a particular standout. The technique, Freeman said, has substantially reduced the vulnerability count related to Adobe Acrobat and represents "the early stages of a significant paradigm shift" that is being embraced by an increasing number of software vendors.

Alongside the X-Force findings, IBM also announced the opening of a new security operations center in Wroclaw, Poland. The new facility joins nine other such centers that IBM operates around the world. According to an emailed statement, the center is strategically placed to assist clients in Europe and North America. It adds to new growth markets IBM has pursued in the region, including a Global Deliver Center that opened in Wroclaw in 2010.

InformationWeek is conducting a survey on mobile device management and security. Take our 2013 InformationWeek Mobile Device Management and Security Survey now. Survey ends Sept. 14.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DerekCurrie
50%
50%
DerekCurrie,
User Rank: Apprentice
9/20/2012 | 9:34:57 PM
re: IBM Predicts Rise In OS X Exploits, Touts Sandboxing
FUD FUD FUD FUD!

In 2005 Symantec began the anti-Apple security FUD fest we have been enjoying ever since. What has happened in those 7 years? Apple has exponentially improved their attention to security. Nearly all malware attacks against Apple have been either Trojan horses, requiring user action for installation, or drive-by botnet installation due to poor third party software security. A special thank you goes to the nearly worthless 'sandboxing' of Java applets.

And yet the FUD fest continues unabated. Apple is never perfect. But clearly they're doing it better than anyone else. The fact is that ALL security attacks are becoming far more complex and crafty. There's nothing special about attacks on OS X. Neither has there ever been evidence of Apple benefiting from that bogus concept called 'Security Through Obscurity.' And also note that there is nothing special about OS X that makes it immune from bad coding. It suffers from consistently bad memory management code just like all other humanly coded software.

I write about Mac-Security here:
http://Mac-Security.blogspot.c...

FUD FUD FUD FUD!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.